Home » Adobe Manuals » Computer Software » Adobe 12020596 » Manual Viewer

Adobe 12020596 User Guide - Page 19

Password Algorithms

View all Adobe 12020596 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 19 highlights

Adobe Acrobat SDK Adobe® Supplement to the ISO 32000 Syntax (Chapter 3 in PDF Reference) 3.5.2 Standard Security Handler 19 9. Set the encryption key to the first n bytes of the output from the final MD5 hash, where n is always 5 for revision 2 but, for revision 3 or greater, depends on the value of the encryption dictionary's Length entry. This algorithm, when applied to the user password string, produces the encryption key used to encrypt or decrypt string and stream data according to Algorithm 3.1 on page 119. Parts of this algorithm are also used in the algorithms described below. Insert Algorithm 3.2a as shown below. Algorithm 3.2a Computing an encryption key To understand the algorithm below, it is necessary to treat the O and U strings in the Encrypt dictionary as made up of three sections. The first 32 bytes are a hash value (explained below). The next 8 bytes are called the Validation Salt. The final 8 bytes are called the Key Salt. 1. The password string is generated from Unicode input by processing the input string with the SASLprep (IETF RFC 4013) profile of stringprep (IETF RFC 3454), and then converting to a UTF-8 representation. 2. Truncate the UTF-8 representation to 127 bytes if it is longer than 127 bytes. 3. Test the password against the owner key by computing the SHA-256 hash of the UTF-8 password concatenated with the 8 bytes of owner Validation Salt, concatenated with the 48-byte U string. If the 32-byte result matches the first 32 bytes of the O string, this is the owner password. Compute an intermediate owner key by computing the SHA-256 hash of the UTF-8 password concatenated with the 8 bytes of owner Key Salt, concatenated with the 48-byte U string. The 32-byte result is the key used to decrypt the 32-byte OE string using AES-256 in CBC mode with no padding and an initialization vector of zero. The 32-byte result is the file encryption key. 4. Test the password against the user key by computing the SHA-256 hash of the UTF-8 password concatenated with the 8 bytes of user Validation Salt. If the 32 byte result matches the first 32 bytes of the U string, this is the user password. Compute an intermediate user key by computing the SHA-256 hash of the UTF-8 password concatenated with the 8 bytes of user Key Salt. The 32-byte result is the key used to decrypt the 32-byte UE string using AES-256 in CBC mode with no padding and an initialization vector of zero. The 32-byte result is the file encryption key. 5. Decrypt the 16-byte Perms string using AES-256 in ECB mode with an initialization vector of zero and the file encryption key as the key. Verify that bytes 9-11 of the result are the characters 'a', 'd', 'b'. Bytes 0-3 of the decrypted Perms entry, treated as a little-endian integer, are the user permissions. They should match the value in the P key. Password Algorithms Revise the opening paragraphs of this section as indicated below. In addition to the encryption key, the standard security handler must provide the contents of the encryption dictionary (Table 3.18 on page 116 and Table 3.19 on page 122). The values of the Filter, V, Length, R, and P entries are straightforward. but the computation of the O (owner password) and U (user password) entries requires further explanation. Algorithms 3.3 through 3.5 show how the values of the owner password and user password entries are computed (with separate versions of the latter depending on the revision of the security handler).The computation of the values for the O (owner password) and U

Section	Page
Contents	3
Preface	5
What’s in this guide?	5
Who should read this guide?	5
Related documentation	5
Transitioning the PDF Specification to ISO	6
Extensions to the PDF specification	6
Behavior of PDF consumers that does not support an extension	6
Subsequent extensions to a BaseVersion	6
Plans related to the first version of ISO 32000	7
Plans related to subsequent versions of ISO 32000	7
Part I: Extensions to the PDF Specification	8
What’s New	9
Adobe BaseVersion 1.7 and ExtensionLevel 3	9
Extension identification	9
Bates numbering page artifact	9
Features for Architecture, Engineering and Construction	9
Enforced viewer preferences	9
Persistence of 3D measurements and markup	9
Accessibility	10
Portable collections	10
Rich media	10
Seed values and locking a document for digital signatures	10
Encryption and passwords	10
Barcode form fields	11
PDF/A-2 and XML form data	11
Adobe BaseVersion 1.7 and ExtensionLevel 1	11
PRC in 3D annotations	11
Other	11
Universal 3D file format	11
Support for rich text conventions	12
Syntax (Chapter 3 in PDF Reference)	13
3.5 Encryption	13
3.5.1 General Encryption Algorithm	15
Algorithm 3.1a Encryption of data using the AES algorithm	16
3.5.2 Standard Security Handler	16
Standard Encryption Dictionary	16
Encryption Key Algorithm	18
Algorithm 3.2 Computing an encryption key	18
Algorithm 3.2a Computing an encryption key	19
Password Algorithms	19
Algorithm 3.8 Computing the encryption dictionary’s U (user password) and UE (user encryption key) values	20
Algorithm 3.9 Computing the encryption dictionary’s O (owner password) and OE (owner encryption key) values	20
Algorithm 3.10 Computing the encryption dictionary’s Perms (permissions) value	20
Algorithm 3.11 Authenticating the User Password	21
Algorithm 3.12 Authenticating the Owner Password	21
Algorithm 3.13 Validating the Permissions	21
3.5.3 Public-Key Security Handlers	21
Public-Key Encryption Algorithms	21
3.5.4 Crypt Filters	22
3.6 Document Structure	23
3.6.1 Document Catalog	23
3.6.2 Page Tree	23
3.6.3 Name Dictionary	23
3.6.4 Extensions to PDF	23
3.10 File Specifications	26
3.10.2 File Specification Dictionaries	26
Graphics (Chapter 4 in PDF Reference)	27
4.8 Images	27
4.8.4 Image Dictionaries	27
4.9 Form XObjects	27
4.9.1 Form Dictionaries	27
Interactive Features (Chapter 8 in PDF Reference)	28
8.2 Document-Level Navigation	28
8.1 Viewer Preferences	28
8.2.4 Collections	28
Navigators	34
Resources name tree	36
String table	37
8.4 Annotations	37
8.4.5 Annotation Types	38
Markup Annotations	38
Widget Annotations	39
Projection Annotations	39
8.5 Actions	40
8.5.3 Action Types	40
Rich-Media-Execute Actions	40
8.6 Interactive Forms	42
8.6.3 Field Types	43
Signature Fields	43
Barcode Fields	45
8.6.7 XFA Forms	48
Incorporation of XFA Datasets into a PDF/A-2 Conforming File	48
8.8 Measurement Properties	48
8.8.1 Geospatial Features	49
Geospatial Measure Dictionary	49
Geographic Coordinate System Dictionary	51
Projected Coordinate System Dictionary	52
Example: A WKT describing a geographic coordinate system	52
Example: A WKT describing a projected coordinate system	53
Point Data Dictionary	53
Multimedia Features (Chapter 9 in PDF Reference)	55
9.5 3D Artwork	55
9.5.1 3D Annotations	55
9.5.2 3D Streams	56
9.5.3 3D Views	57
9.5.3 3D Views (Node Dictionaries)	57
9.5.6 Persistence of 3D Measurements and Markups	59
The 3D Units Dictionary	59
3D Measurement/Markup Dictionary	62
3D Linear Dimension Measurement	63
3D Perpendicular Dimension Measurement	65
3D Angular Dimension Measurement	67
3D Radial Dimension	71
3D Comment Note	74
3D Measurements and Projection Annotations	75
9.6 Rich Media	76
9.6.1 RichMedia Annotations	76
RichMediaSettings Dictionary	78
RichMediaActivation Dictionary	78
RichMediaDeactivation Dictionary	80
RichMediaAnimation Dictionary	80
Example: A RichMediaSettings dictionary	81
RichMediaPresentation Dictionary	82
RichMediaWindow Dictionary	84
Example: A RichMediaPresentation Dictionary	85
RichMediaContent dictionary	86
The Assets name tree	87
Example: Assets name tree	87
RichMediaConfiguration Dictionary	88
RichMediaInstance Dictionary	88
Example: RichMediaInstance dictionaries	89
RichMediaParams Dictionary	90
CuePoint Dictionary	91
Example: The RichMediaParams Dictionary	92
View Dictionary	92
View Params Dictionary	93
Extended Example	94
Document Interchange (Chapter 10 in PDF Reference)	100
10.7 Tagged PDF	100
10.7.1 Tagged PDF and Page Content	100
Real Content and Artifacts	100
Bibliography	102
Resources from Adobe Systems Incorporated	102
Other Resources	103
Part II: Reference Errors and Implementation Notes	105
Implementation Notes	106
Implementation Notes to the PDF Reference, sixth edition	106
1.2 Introduction to PDF 1.7 Features	106
3.1.2 Comments	106
3.2.4 Name Objects	106
3.2.7 Stream Objects	107
3.2.9 Indirect Objects	107
3.3 Filters	107
3.3.7 DCTDecode Filter	108
3.4 File Structure	108
3.4.1 File Header	108
3.4.3 Cross-Reference Table	109
3.4.4 File Trailer	109
3.4.6 Object Streams	109
3.4.7 Cross-Reference Streams (Cross-Reference Stream Dictionary)	109
3.4.7 Cross-Reference Streams (Compatibility with PDF 1.4)	109
3.5 Encryption	109
3.5.2 Standard Security Handler (Standard Encryption Dictionary)	109
3.5.2 Standard Security Handler (Encryption Key Algorithm)	110
3.5.2 Standard Security Handler (Password Algorithms)	110
3.5.4 Crypt Filters	110
3.6.1 Document Catalog	110
3.6.2 Page Tree (Page Objects)	110
3.7.1 Content Streams	111
3.9.1 Type 0 (Sampled) Functions	111
3.9.2 Type 2 (Exponential Interpolation) Functions	111
3.9.3 Type 3 (Stitching) Functions	111
3.9.4 Type 4 (PostScript Calculator) Functions	111
3.10.2 File Specification Dictionaries	111
Example: Acrobat does not correctly interpret a file specification.	111
4.5.2 Color Space Families	112
4.5.5 Special Color Spaces (DeviceN Color Spaces)	112
4.5.5 Special Color Spaces (Multitone Examples)	112
4.6 Patterns	112
4.7 External Objects	112
4.8.4 Image Dictionaries	112
4.8.5 Masked Images	113
4.9.1 Form Dictionaries	113
4.9.3 Reference XObjects	113
5.2.5 Text Rendering Mode	113
5.3.2 Text-Showing Operators	113
5.5.1 Type 1 Fonts	113
5.5.1 Type 1 Fonts (Standard Type 1 Fonts (Standard 14 Fonts))	114
5.5.3 Font Subsets	115
5.5.4 Type 3 Fonts	115
5.6.4 CMaps	115
5.7 Font Descriptors	115
5.8 Embedded Font Programs	115
6.4.2 Spot Functions	115
6.5.4 Automatic Stroke Adjustment	116
7.5.2 Specifying Blending Color Space and Blend Mode	116
7.5.3 Specifying Shape and Opacity (Mask Shape and Opacity)	116
8.2.2 Document Outline	116
8.3.1 Page Labels	116
8.4 Annotations	116
Interaction between accessibility preference and annotation tab order	117
Accessibility preference selected (default setting)	117
Accessibility preference not selected	117
Reordering of annotations	118
8.4.1 Annotation Dictionaries	118
8.4.2 Annotation Flags	118
8.4.3 Border Styles	119
8.4.4 Appearance Streams	119
8.4.5 Annotation Types	119
8.4.5 Annotation Types (Link Annotations)	119
8.4.5 Annotation Types (Polygon and Polyline Annotations)	119
8.4.5 Annotation Types (Text Markup Annotations)	119
8.4.5 Annotation Types (Ink Annotations)	119
8.4.5 Annotation Types (File Attachment Annotations)	119
8.4.5 Annotation Types (Markup Annotations)	120
8.4.5 Annotation Types (Watermark Annotations)	120
8.5.2 Trigger Events	120
8.5.3 Action Types (Launch Actions)	120
8.5.3 Action Types (URI Actions)	120
8.5.3 Action Types (Sound Actions)	120
8.5.3 Action Types (Movie Actions)	120
8.5.3 Action Types (Hide Actions)	121
8.5.3 Action Types (Named Actions)	121
8.6.1 Interactive Form Dictionary	121
8.6.2 Field Dictionaries (Field Names)	121
8.6.2 Field Dictionaries (Variable Text)	121
8.6.2 Field Dictionaries (Rich Text Strings)	121
8.6.3 Field Dictionaries (Button Fields)	122
8.6.3 Field Types (Choice Fields)	122
8.6.4 Form Actions (Submit-Form Actions)	122
8.6.4 “Form Actions (Import-Data Actions)	122
8.6.4 Form Actions (JavaScript Actions)	122
8.6.6 Forms Data Format (FDF Header)	122
8.6.6 Forms Data Format (FDF Catalog)	123
8.6.6 Forms Data Format (FDF Fields)	123
8.6.6 Forms Data Format (FDF Pages)	123
8.7 Digital Signatures	124
8.7.1 Transform Methods	124
8.7.2 Signature Interoperability	124
8.9 Document Requirements	125
9.1 Multimedia	125
9.1.3 Media Clip Objects (Media Clip Data)	125
9.2 Sounds	125
9.3 Movies	125
9.4 Alternate Presentations	126
9.5 3D Artwork	126
10.1 Procedure Sets	126
10.2 Metadata	127
10.2.2 Metadata Streams	127
10.3 File Identifiers	127
10.9.2 Content Database (Digital Identifiers)	127
10.9.3 Content Sets (Image Sets)	127
10.9.4 Source Information (URL Alias Dictionaries)	127
10.10.1 Page Boundaries	128
10.10.4 Output Intents	128
10.10.5 Trapping Support (Trap Network Annotations)	128
10.10.6 Open Prepress Interface (OPI)	128
Appendix C Implementation Limits	129
F.2.2 Linearization Parameter Dictionary (Part 2)	129
F.2.6 First-Page Section (Part 6)	129
F.2.8 Shared Objects (Part 8)	129
F.3.1 Page Offset Hint Table	129
F.3.2 Shared Object Hint Table	129
Implementation Notes to Adobe Extensions to ISO 32000	130

Match case Limit results 1 per page

Adobe Acrobat SDK

Syntax (Chapter 3 in PDF Reference)

Adobe® Supplement to the ISO 32000

3.5.2 Standard Security Handler

Set the encryption key to the first n bytes of the output from the final MD5 hash, where n is always 5 for

revision 2 but, for revision 3 or greater, depends on the value of the encryption dictionary’s

Length

entry.

This algorithm, when applied to the user password string, produces the encryption key used to encrypt or

decrypt string and stream data according to Algorithm 3.1 on page 119. Parts of this algorithm are also

used in the algorithms described below.

Insert Algorithm 3.2a as shown below.

Algorithm 3.2a

Computing an encryption key

To understand the algorithm below, it is necessary to treat the

and

strings in the

Encrypt

dictionary

as made up of three sections. The first 32 bytes are a hash value (explained below). The next 8 bytes are

called the Validation Salt. The final 8 bytes are called the Key Salt.

The password string is generated from Unicode input by processing the input string with the SASLprep

(IETF RFC 4013) profile of stringprep (IETF RFC 3454), and then converting to a UTF-8 representation.

Truncate the UTF-8 representation to 127 bytes if it is longer than 127 bytes.

Test the password against the owner key by computing the SHA-256 hash of the UTF-8 password

concatenated with the 8 bytes of owner Validation Salt, concatenated with the 48-byte

string. If the

32-byte result matches the first 32 bytes of the

string, this is the owner password.

Compute an intermediate owner key by computing the SHA-256 hash of the UTF-8 password

concatenated with the 8 bytes of owner Key Salt, concatenated with the 48-byte

string. The 32-byte

result is the key used to decrypt the 32-byte

string using AES-256 in CBC mode with no padding and

an initialization vector of zero. The 32-byte result is the

file encryption key

Test the password against the user key by computing the SHA-256 hash of the UTF-8 password

concatenated with the 8 bytes of user Validation Salt. If the 32 byte result matches the first 32 bytes of

the

string, this is the user password.

Compute an intermediate user key by computing the SHA-256 hash of the UTF-8 password

concatenated with the 8 bytes of user Key Salt. The 32-byte result is the key used to decrypt the 32-byte

string using AES-256 in CBC mode with no padding and an initialization vector of zero. The 32-byte

result is the file encryption key.

Decrypt the 16-byte

Perms

string using AES-256 in ECB mode with an initialization vector of zero and

the file encryption key as the key. Verify that bytes 9-11 of the result are the characters ‘a’, ‘d’, ‘b’. Bytes

0-3 of the decrypted

Perms

entry, treated as a little-endian integer, are the user permissions. They

should match the value in the

key.

Password Algorithms

Revise the opening paragraphs of this section as indicated below.

n addition to the encryption key, the standard security handler must provide the contents of the

encryption dictionary (Table 3.18 on page 116 and Table 3.19 on page 122). The values of the

Filter

Length

, and

entries are straightforward. but the computation of the O (owner password) and U (user

password) entries requires further explanation. Algorithms 3.3 through 3.5 show how the values of the

owner password and user password entries are computed (with separate versions of the latter depending

on the revision of the security handler).

The computation of the values for the

(owner password) and