org.pdfbox.encryption

Class PDFEncryption


public final class PDFEncryption
extends java.lang.Object

This class will deal with PDF encryption algorithms.
Version:
$Revision: 1.15 $
Author:
Ben Litchfield
See Also:
StandardSecurityHandler

Field Summary

static byte[]
ENCRYPT_PADDING
The encryption padding defined in the PDF 1.4 Spec algorithm 3.2.

Method Summary

byte[]
computeEncryptedKey(byte[] password, byte[] o, int permissions, byte[] id, int revision, int length)
This will compute the encrypted key.
byte[]
computeOwnerPassword(byte[] ownerPassword, byte[] userPassword, int revision, int length)
This algorithm is taked from PDF Reference 1.4 Algorithm 3.3 Page 79.
byte[]
computeUserPassword(byte[] password, byte[] o, int permissions, byte[] id, int revision, int length)
This will compute the user password hash.
void
encryptData(long objectNumber, long genNumber, byte[] key, InputStream data, OutputStream output)
This will encrypt a piece of data.
byte[]
getUserPassword(byte[] ownerPassword, byte[] o, int revision, long length)
This will get the user password from the owner password and the documents o value.
boolean
isOwnerPassword(byte[] ownerPassword, byte[] u, byte[] o, int permissions, byte[] id, int revision, int length)
This will tell if this is the owner password or not.
boolean
isUserPassword(byte[] password, byte[] u, byte[] o, int permissions, byte[] id, int revision, int length)
This will tell if this is a valid user password.

Field Details

ENCRYPT_PADDING

public static final byte[] ENCRYPT_PADDING
The encryption padding defined in the PDF 1.4 Spec algorithm 3.2.

Method Details

computeEncryptedKey

public final byte[] computeEncryptedKey(byte[] password,
                                        byte[] o,
                                        int permissions,
                                        byte[] id,
                                        int revision,
                                        int length)
            throws CryptographyException
This will compute the encrypted key.
Parameters:
password - The password used to compute the encrypted key.
o - The owner password hash.
permissions - The permissions for the document.
id - The document id.
revision - The security revision.
length - The length of the encryption key.
Returns:
The encryption key.
Throws:
CryptographyException - If there is an error computing the key.

computeOwnerPassword

public final byte[] computeOwnerPassword(byte[] ownerPassword,
                                         byte[] userPassword,
                                         int revision,
                                         int length)
            throws CryptographyException,
                   IOException
This algorithm is taked from PDF Reference 1.4 Algorithm 3.3 Page 79.
Parameters:
ownerPassword - The plain owner password.
userPassword - The plain user password.
revision - The version of the security.
length - The length of the document.
Returns:
The computed owner password.
Throws:
CryptographyException - If there is an error computing O.

computeUserPassword

public final byte[] computeUserPassword(byte[] password,
                                        byte[] o,
                                        int permissions,
                                        byte[] id,
                                        int revision,
                                        int length)
            throws CryptographyException,
                   IOException
This will compute the user password hash.
Parameters:
password - The plain text password.
o - The owner password hash.
permissions - The document permissions.
id - The document id.
revision - The revision of the encryption.
length - The length of the encryption key.
Returns:
The user password.
Throws:
CryptographyException - If there is an error computing the user password.

encryptData

public final void encryptData(long objectNumber,
                              long genNumber,
                              byte[] key,
                              InputStream data,
                              OutputStream output)
            throws CryptographyException,
                   IOException
This will encrypt a piece of data.
Parameters:
objectNumber - The id for the object.
genNumber - The generation id for the object.
key - The key used to encrypt the data.
data - The data to encrypt/decrypt.
output - The stream to write to.
Throws:
CryptographyException - If there is an error encrypting the data.

getUserPassword

public final byte[] getUserPassword(byte[] ownerPassword,
                                    byte[] o,
                                    int revision,
                                    long length)
            throws CryptographyException,
                   IOException
This will get the user password from the owner password and the documents o value.
Parameters:
ownerPassword - The plaintext owner password.
o - The document's o entry.
revision - The document revision number.
length - The length of the encryption.
Returns:
The plaintext padded user password.
Throws:
CryptographyException - If there is an error getting the user password.

isOwnerPassword

public final boolean isOwnerPassword(byte[] ownerPassword,
                                     byte[] u,
                                     byte[] o,
                                     int permissions,
                                     byte[] id,
                                     int revision,
                                     int length)
            throws CryptographyException,
                   IOException
This will tell if this is the owner password or not.
Parameters:
ownerPassword - The plaintext owner password.
u - The U value from the PDF Document.
o - The owner password hash.
permissions - The document permissions.
id - The document id.
revision - The revision of the encryption.
length - The length of the encryption key.
Returns:
true if the owner password matches the one from the document.
Throws:
CryptographyException - If there is an error while executing crypt functions.

isUserPassword

public final boolean isUserPassword(byte[] password,
                                    byte[] u,
                                    byte[] o,
                                    int permissions,
                                    byte[] id,
                                    int revision,
                                    int length)
            throws CryptographyException,
                   IOException
This will tell if this is a valid user password. Algorithm 3.6 pg 80
Parameters:
password - The password to test.
u - The U value from the PDF Document.
o - The owner password hash.
permissions - The document permissions.
id - The document id.
revision - The revision of the encryption.
length - The length of the encryption key.
Returns:
true If this is the correct user password.
Throws:
CryptographyException - If there is an error computing the value.