RE: [pdf-devel] Crypt module discussion

pdf-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [pdf-devel] Crypt module discussion

From:	Leonard Rosenthol
Subject:	RE: [pdf-devel] Crypt module discussion
Date:	Wed, 30 Jul 2008 18:39:45 -0700

Just a note that Acrobat 9 includes a new encryption option that is
based on AES256, but with a completely different methodology for
generating the seed/initialization vector _AND_ which also now supports
Unicode passwords.   While this is an "Adobe Extension to ISO 32000" -
so not something you will need to worry about immediately - you should
be aware of it as you design.

Leonard

-----Original Message-----
From: address@hidden
[mailto:address@hidden On Behalf Of David
Vazquez
Sent: Wednesday, July 30, 2008 11:04 AM
To: address@hidden
Subject: [pdf-devel] Crypt module discussion


Hi all

I have read the PDF Reference in deeper to define our
requirements. The situation is the following. API Reference offers two
methods to decrypt data.

  - V2 method uses the RC4 algorithm, which is a stream cipher.

  - AESV2 method uses AES128 and Cipher Block Chaining (CBC) operation
    mode. It requires an initialization vector (IV). (In a pdf, AESV2
    encrypted object this vector is the first 16 bytes of the stream
    or string.)


I think pdf-crypt should offer V2 and AESV2 methods, which involve all
low level options (i.e: algorithm, key size, etc).

What do you think? Should we provide a more detailed API?

In PDF, the key used to cipher is obtained from object's
id. It means key must be reset for each object. Then my approach for
API is:


   /* Initialize module */
   pdf_status_t pdf_crypt_init (void);

   /* Create a new cipher */
   pdf_crypt_t pdf_crypt_new (int method);

   /* Set key */
   pdf_status_t pdf_crypt_setkey (pdf_crypt_t cipher, const void * key,
size_t size);

   /* Set initialization vector (Only for AESV2) */
   pdf_status_t pdf_crypt_setiv  (pdf_crypt_t cipher, const void * key,
size_t size);

   /* Encrypt and decrypt buffers. This functions allow in-place
encryption too */
   pdf_status_t pdf_crypt_encrypt (pdf_crypt_t cipher, void *out, size_t
outsize, const void *in, size_t insize);
   pdf_status_t pdf_crypt_decrypt (pdf_crypt_t cipher, void *out, size_t
outsize, const void *in, size_t insize);

   /* Destroy cipher */
   void pdf_crypt_destroy (pdf_crypt_t cipher);

   void pdf_crypt_md5 (const void * buffer, size_t len, void * hash);


Finally, I think both crypt stm filter as pdf_text_t encryption can
implement on buffer encryption functions. However I have a
question about this.

Will we store the ciphertext in a pdf_text_t again? It doesn't seem
smart for me. Since pdf_text_t functions has not sense in a block
cipher. Aleks, what do you think? Could a encryption filter text[1] be
written
for this indeed?
 
In summary, I think pdf-crypt should export buffer encryption
functions and we build up stream and string functions from stream and
text module respectively.

What do you think? Suggestions are welcome.

:-)


Footnotes: 
[1]
http://www.gnupdf.org/Lib:Architecture/Base_Layer/Text_Module#Filters

--

[Prev in Thread]

Current Thread

[Next in Thread]

[pdf-devel] Crypt module discussion, David Vazquez, 2008/07/30
- Re: [pdf-devel] Crypt module discussion, Ralph Giles, 2008/07/30
- Re: [pdf-devel] Crypt module discussion, jemarch, 2008/07/30
  - Re: [pdf-devel] Crypt module discussion, David Vazquez, 2008/07/30
    - Re: [pdf-devel] Crypt module discussion, Ralph Giles, 2008/07/30
    - Message not available
    - Re: [pdf-devel] Crypt module discussion, David Vázquez, 2008/07/31
  - Re: [pdf-devel] Crypt module discussion, Aleksander Morgado, 2008/07/31
- RE: [pdf-devel] Crypt module discussion, Leonard Rosenthol <=

Prev by Date: Re: [pdf-devel] Crypt module discussion
Next by Date: Re: [pdf-devel] Crypt module discussion
Previous by thread: Re: [pdf-devel] Crypt module discussion
Next by thread: [pdf-devel] bzr error
Index(es):
- Date
- Thread