Adobe 12020596 User Guide - Page 19
Password Algorithms
View all Adobe 12020596 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 19 highlights
Adobe Acrobat SDK Adobe® Supplement to the ISO 32000 Syntax (Chapter 3 in PDF Reference) 3.5.2 Standard Security Handler 19 9. Set the encryption key to the first n bytes of the output from the final MD5 hash, where n is always 5 for revision 2 but, for revision 3 or greater, depends on the value of the encryption dictionary's Length entry. This algorithm, when applied to the user password string, produces the encryption key used to encrypt or decrypt string and stream data according to Algorithm 3.1 on page 119. Parts of this algorithm are also used in the algorithms described below. Insert Algorithm 3.2a as shown below. Algorithm 3.2a Computing an encryption key To understand the algorithm below, it is necessary to treat the O and U strings in the Encrypt dictionary as made up of three sections. The first 32 bytes are a hash value (explained below). The next 8 bytes are called the Validation Salt. The final 8 bytes are called the Key Salt. 1. The password string is generated from Unicode input by processing the input string with the SASLprep (IETF RFC 4013) profile of stringprep (IETF RFC 3454), and then converting to a UTF-8 representation. 2. Truncate the UTF-8 representation to 127 bytes if it is longer than 127 bytes. 3. Test the password against the owner key by computing the SHA-256 hash of the UTF-8 password concatenated with the 8 bytes of owner Validation Salt, concatenated with the 48-byte U string. If the 32-byte result matches the first 32 bytes of the O string, this is the owner password. Compute an intermediate owner key by computing the SHA-256 hash of the UTF-8 password concatenated with the 8 bytes of owner Key Salt, concatenated with the 48-byte U string. The 32-byte result is the key used to decrypt the 32-byte OE string using AES-256 in CBC mode with no padding and an initialization vector of zero. The 32-byte result is the file encryption key. 4. Test the password against the user key by computing the SHA-256 hash of the UTF-8 password concatenated with the 8 bytes of user Validation Salt. If the 32 byte result matches the first 32 bytes of the U string, this is the user password. Compute an intermediate user key by computing the SHA-256 hash of the UTF-8 password concatenated with the 8 bytes of user Key Salt. The 32-byte result is the key used to decrypt the 32-byte UE string using AES-256 in CBC mode with no padding and an initialization vector of zero. The 32-byte result is the file encryption key. 5. Decrypt the 16-byte Perms string using AES-256 in ECB mode with an initialization vector of zero and the file encryption key as the key. Verify that bytes 9-11 of the result are the characters 'a', 'd', 'b'. Bytes 0-3 of the decrypted Perms entry, treated as a little-endian integer, are the user permissions. They should match the value in the P key. Password Algorithms Revise the opening paragraphs of this section as indicated below. In addition to the encryption key, the standard security handler must provide the contents of the encryption dictionary (Table 3.18 on page 116 and Table 3.19 on page 122). The values of the Filter, V, Length, R, and P entries are straightforward. but the computation of the O (owner password) and U (user password) entries requires further explanation. Algorithms 3.3 through 3.5 show how the values of the owner password and user password entries are computed (with separate versions of the latter depending on the revision of the security handler).The computation of the values for the O (owner password) and U