Hi,
New encryption algorithms like AES encryption require interaction with
the encryption dictionary of a PDF document. For example the AES
decryption support in PDFBOX-872 requires that the crypt filter method
(CFM) denotes that the encryption method used was AES. I recently added
another patch (PDFBOX-907) to the encryption code to support PDFs that
do not encrypt the meta data (this is a relatively new feature). If the
meta data is not encrypted, the calculation of the encryption key is
different then when the meta data is encrypted. Whether or not the meta
data is encrypted is stored in the encryption dictionary. The patch for
PDFBOX-907 therefore adds support for the EncryptMetadata property and
modifies the encryption key calculation when needed.
The patch for PDFBOX-872 only adds AES decryption but not AES
encryption. AES encryption requires a couple of changes . The main
change is that the meta data should be updated to indicate that the PDF
is AES encrypted. Although it's possible to add this to the existing
SecurityHandler it might be better imho to refactor some parts. I think
it would be better to create something like an encryption Builder which
can be used to create a password and modify the encryption dictionary.
The Builder should have methods like setEncryptionMethod,
setEncryptMetaData, setPassword, setRevision etc. and when all required
settings are available, you can create the encryption key and let the
builder change the encryption dictionary.
Might this be something for an upcoming version?
Kind regards,
Martijn Brinkers
