Class PdfEncryption


  • public class PdfEncryption
    extends java.lang.Object
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static int AES_128  
      static int AES_256_V3  
      private ARCFOUREncryption arcfour  
      private int cryptoMode  
      (package private) byte[] documentID  
      private boolean embeddedFilesOnly
      Indicates if the encryption is only necessary for embedded files.
      private boolean encryptMetadata  
      (package private) byte[] extra
      Work area to prepare the object/generation bytes
      (package private) byte[] key
      The encryption key for a particular object/generation
      private int keyLength
      The generic key length.
      (package private) int keySize
      The encryption key length for a particular object/generation
      (package private) java.security.MessageDigest md5
      The message digest algorithm MD5
      private static byte[] metadataPad  
      (package private) byte[] mkey
      The global encryption key
      (package private) byte[] oeKey
      Additional keys for AES_256_V3
      (package private) byte[] ownerKey
      The encryption key for the owner
      private static byte[] pad  
      (package private) int permissions  
      (package private) byte[] perms  
      protected PdfPublicKeySecurityHandler publicKeyHandler
      The public key security handler for certificate encryption
      private int revision  
      private static byte[] salt  
      (package private) static long seq  
      static int STANDARD_ENCRYPTION_128  
      static int STANDARD_ENCRYPTION_40  
      (package private) byte[] ueKey  
      (package private) byte[] userKey
      The encryption key for the user
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addRecipient​(java.security.cert.Certificate cert, int permission)  
      int calculateStreamSize​(int n)  
      (package private) void computeOAndOeAlg9​(byte[] ownerPassword)
      implements Algorithm 9: Computing the encryption dictionary’s O (owner password) and OE (owner encryption) values (Security handlers of revision 6) - ISO 32000-2 section 7.6.4.4.8
      private byte[] computeOwnerKey​(byte[] userPad, byte[] ownerPad)  
      (package private) void computePermsAlg10​(int permissions)
      implements Algorithm 10: Computing the encryption dictionary’s Perms (permissions) value (Security handlers of revision 6) - ISO 32000-2 section 7.6.4.4.9
      (package private) void computeUAndUeAlg8​(byte[] userPassword)
      implements Algorithm 8: Computing the encryption dictionary’s U (user password) and UE (user encryption) values (Security handlers of revision 6) - ISO 32000-2 section 7.6.4.4.7
      byte[] computeUserPassword​(byte[] ownerPassword)  
      static byte[] createDocumentId()  
      static PdfObject createInfoId​(byte[] id)  
      static PdfObject createInfoId​(byte[] idPartOne, byte[] idPartTwo)  
      private static byte[] decodeHex​(byte[] hexEncoded)  
      boolean decryptAndCheckPerms​(byte[] permsValue)
      implements step f of Algorithm 2.A: Retrieving the file encryption key from an encrypted document in order to decrypt it (revision 6 and later) - ISO 32000-2 section 7.6.4.3.3
      byte[] decryptByteArray​(byte[] b)  
      byte[] encryptByteArray​(byte[] b)  
      int getCryptoMode()  
      StandardDecryption getDecryptor()  
      PdfDictionary getEncryptionDictionary()  
      OutputStreamEncryption getEncryptionStream​(java.io.OutputStream os)  
      PdfObject getFileID()  
      static byte[] getFileIdChangingPart​(PdfObject fileId)
      This method returns a changing part of the fileId when can be identified.
      (package private) byte[] hashAlg2B​(byte[] input, byte[] salt, byte[] userKey)
      implements Algorithm 2.B: Computing a hash (revision 6 and later) - ISO 32000-2 section 7.6.4.3.4
      boolean isEmbeddedFilesOnly()
      Indicates if only the embedded files have to be encrypted.
      private static boolean isHexEncoded​(byte[] str)  
      boolean isMetadataEncrypted()  
      private byte[] padPassword​(byte[] userPassword)  
      void setCryptoMode​(int mode, int kl)  
      void setHashKey​(int number, int generation)  
      void setupAllKeys​(byte[] userPassword, byte[] ownerPassword, int permissions)  
      void setupByEncryptionKey​(byte[] key, int keylength)  
      private void setupByOwnerPad​(byte[] documentID, byte[] ownerPad, byte[] userKey, byte[] ownerKey, int permissions)  
      void setupByOwnerPassword​(byte[] documentID, byte[] ownerPassword, byte[] uValue, byte[] ueValue, byte[] oValue, byte[] oeValue, int permissions)
      implements step d of Algorithm 2.A: Retrieving the file encryption key from an encrypted document in order to decrypt it (revision 6 and later) - ISO 32000-2 section 7.6.4.3.3
      void setupByOwnerPassword​(byte[] documentID, byte[] ownerPassword, byte[] userKey, byte[] ownerKey, int permissions)  
      private void setupByUserPad​(byte[] documentID, byte[] userPad, byte[] ownerKey, int permissions)  
      void setupByUserPassword​(byte[] documentID, byte[] userPassword, byte[] uValue, byte[] ueValue, byte[] oValue, byte[] oeValue, int permissions)
      implements step e of Algorithm 2.A: Retrieving the file encryption key from an encrypted document in order to decrypt it (revision 6 and later) - ISO 32000-2 section 7.6.4.3.3
      void setupByUserPassword​(byte[] documentID, byte[] userPassword, byte[] ownerKey, int permissions)  
      private void setupGlobalEncryptionKey​(byte[] documentID, byte[] userPad, byte[] ownerKey, int permissions)
      ownerKey, documentID must be setup
      private void setupUserKey()
      mkey must be setup
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • STANDARD_ENCRYPTION_128

        public static final int STANDARD_ENCRYPTION_128
        See Also:
        Constant Field Values
      • pad

        private static final byte[] pad
      • salt

        private static final byte[] salt
      • metadataPad

        private static final byte[] metadataPad
      • seq

        static long seq
      • key

        byte[] key
        The encryption key for a particular object/generation
      • keySize

        int keySize
        The encryption key length for a particular object/generation
      • mkey

        byte[] mkey
        The global encryption key
      • extra

        byte[] extra
        Work area to prepare the object/generation bytes
      • md5

        java.security.MessageDigest md5
        The message digest algorithm MD5
      • ownerKey

        byte[] ownerKey
        The encryption key for the owner
      • userKey

        byte[] userKey
        The encryption key for the user
      • oeKey

        byte[] oeKey
        Additional keys for AES_256_V3
      • ueKey

        byte[] ueKey
      • perms

        byte[] perms
      • permissions

        int permissions
      • documentID

        byte[] documentID
      • revision

        private int revision
      • keyLength

        private int keyLength
        The generic key length. It may be 40 or 128.
      • encryptMetadata

        private boolean encryptMetadata
      • embeddedFilesOnly

        private boolean embeddedFilesOnly
        Indicates if the encryption is only necessary for embedded files.
        Since:
        2.1.3
      • cryptoMode

        private int cryptoMode
    • Constructor Detail

      • PdfEncryption

        public PdfEncryption()
    • Method Detail

      • createDocumentId

        public static byte[] createDocumentId()
      • createInfoId

        public static PdfObject createInfoId​(byte[] id)
      • createInfoId

        public static PdfObject createInfoId​(byte[] idPartOne,
                                             byte[] idPartTwo)
      • getFileIdChangingPart

        public static byte[] getFileIdChangingPart​(PdfObject fileId)
        This method returns a changing part of the fileId when can be identified. Returns a complete fileId of the changing part is not found.
        Parameters:
        fileId - PdfObject
        Returns:
        byte array representing the changing part of the document identifier
      • isHexEncoded

        private static boolean isHexEncoded​(byte[] str)
      • decodeHex

        private static byte[] decodeHex​(byte[] hexEncoded)
      • setCryptoMode

        public void setCryptoMode​(int mode,
                                  int kl)
      • getCryptoMode

        public int getCryptoMode()
      • isMetadataEncrypted

        public boolean isMetadataEncrypted()
      • isEmbeddedFilesOnly

        public boolean isEmbeddedFilesOnly()
        Indicates if only the embedded files have to be encrypted.
        Returns:
        if true only the embedded files will be encrypted
        Since:
        2.1.3
      • padPassword

        private byte[] padPassword​(byte[] userPassword)
      • computeOwnerKey

        private byte[] computeOwnerKey​(byte[] userPad,
                                       byte[] ownerPad)
      • setupGlobalEncryptionKey

        private void setupGlobalEncryptionKey​(byte[] documentID,
                                              byte[] userPad,
                                              byte[] ownerKey,
                                              int permissions)
        ownerKey, documentID must be setup
      • setupUserKey

        private void setupUserKey()
        mkey must be setup
      • setupAllKeys

        public void setupAllKeys​(byte[] userPassword,
                                 byte[] ownerPassword,
                                 int permissions)
      • setupByUserPassword

        public void setupByUserPassword​(byte[] documentID,
                                        byte[] userPassword,
                                        byte[] ownerKey,
                                        int permissions)
        Parameters:
        documentID - byte array of document id
        userPassword - byte array of user password
        ownerKey - byte array of owner key
        permissions - permissions
      • setupByUserPad

        private void setupByUserPad​(byte[] documentID,
                                    byte[] userPad,
                                    byte[] ownerKey,
                                    int permissions)
      • setupByOwnerPassword

        public void setupByOwnerPassword​(byte[] documentID,
                                         byte[] ownerPassword,
                                         byte[] userKey,
                                         byte[] ownerKey,
                                         int permissions)
        Parameters:
        documentID - byte array of document id
        ownerPassword - byte array of owner password
        userKey - byte array of user key
        ownerKey - byte array of owner key
        permissions - permissions
      • setupByOwnerPad

        private void setupByOwnerPad​(byte[] documentID,
                                     byte[] ownerPad,
                                     byte[] userKey,
                                     byte[] ownerKey,
                                     int permissions)
      • setupByEncryptionKey

        public void setupByEncryptionKey​(byte[] key,
                                         int keylength)
      • setHashKey

        public void setHashKey​(int number,
                               int generation)
      • getEncryptionDictionary

        public PdfDictionary getEncryptionDictionary()
      • calculateStreamSize

        public int calculateStreamSize​(int n)
      • encryptByteArray

        public byte[] encryptByteArray​(byte[] b)
      • decryptByteArray

        public byte[] decryptByteArray​(byte[] b)
      • addRecipient

        public void addRecipient​(java.security.cert.Certificate cert,
                                 int permission)
      • computeUserPassword

        public byte[] computeUserPassword​(byte[] ownerPassword)
      • setupByOwnerPassword

        public void setupByOwnerPassword​(byte[] documentID,
                                         byte[] ownerPassword,
                                         byte[] uValue,
                                         byte[] ueValue,
                                         byte[] oValue,
                                         byte[] oeValue,
                                         int permissions)
                                  throws java.security.GeneralSecurityException
        implements step d of Algorithm 2.A: Retrieving the file encryption key from an encrypted document in order to decrypt it (revision 6 and later) - ISO 32000-2 section 7.6.4.3.3
        Throws:
        java.security.GeneralSecurityException
      • setupByUserPassword

        public void setupByUserPassword​(byte[] documentID,
                                        byte[] userPassword,
                                        byte[] uValue,
                                        byte[] ueValue,
                                        byte[] oValue,
                                        byte[] oeValue,
                                        int permissions)
                                 throws java.security.GeneralSecurityException
        implements step e of Algorithm 2.A: Retrieving the file encryption key from an encrypted document in order to decrypt it (revision 6 and later) - ISO 32000-2 section 7.6.4.3.3
        Throws:
        java.security.GeneralSecurityException
      • decryptAndCheckPerms

        public boolean decryptAndCheckPerms​(byte[] permsValue)
                                     throws java.security.GeneralSecurityException
        implements step f of Algorithm 2.A: Retrieving the file encryption key from an encrypted document in order to decrypt it (revision 6 and later) - ISO 32000-2 section 7.6.4.3.3
        Throws:
        java.security.GeneralSecurityException
      • hashAlg2B

        byte[] hashAlg2B​(byte[] input,
                         byte[] salt,
                         byte[] userKey)
                  throws java.security.GeneralSecurityException
        implements Algorithm 2.B: Computing a hash (revision 6 and later) - ISO 32000-2 section 7.6.4.3.4
        Throws:
        java.security.GeneralSecurityException
      • computeUAndUeAlg8

        void computeUAndUeAlg8​(byte[] userPassword)
                        throws java.security.GeneralSecurityException
        implements Algorithm 8: Computing the encryption dictionary’s U (user password) and UE (user encryption) values (Security handlers of revision 6) - ISO 32000-2 section 7.6.4.4.7
        Throws:
        java.security.GeneralSecurityException
      • computeOAndOeAlg9

        void computeOAndOeAlg9​(byte[] ownerPassword)
                        throws java.security.GeneralSecurityException
        implements Algorithm 9: Computing the encryption dictionary’s O (owner password) and OE (owner encryption) values (Security handlers of revision 6) - ISO 32000-2 section 7.6.4.4.8
        Throws:
        java.security.GeneralSecurityException
      • computePermsAlg10

        void computePermsAlg10​(int permissions)
                        throws java.security.GeneralSecurityException
        implements Algorithm 10: Computing the encryption dictionary’s Perms (permissions) value (Security handlers of revision 6) - ISO 32000-2 section 7.6.4.4.9
        Throws:
        java.security.GeneralSecurityException