Skip to main content

Module encryption

pdf_oxide

Module encryption 

Source
Expand description

PDF encryption support.

This module implements PDF encryption/decryption according to the PDF specification (ISO 32000-1:2008, Section 7.6). It supports:

  • RC4 encryption (40-bit and 128-bit) for PDF 1.4-1.5
  • AES encryption (128-bit and 256-bit) for PDF 1.6+
  • Standard Security Handler (password validation, permissions)

§Encryption Algorithms

§RC4 (PDF 1.4-1.5)

  • RC4-40: 40-bit key length (weak, legacy)
  • RC4-128: 128-bit key length

§AES (PDF 1.6+)

  • AES-128: 128-bit key length with CBC mode
  • AES-256: 256-bit key length with CBC mode (PDF 2.0)

§Security Considerations

  • RC4-40 is cryptographically weak and should only be used for legacy documents
  • Password validation uses constant-time comparison to prevent timing attacks
  • Key derivation follows PDF specification algorithms (using MD5 or SHA-256)

§References

  • PDF Spec Section 7.6: Encryption
  • PDF Spec Section 7.6.3: Standard Security Handler
  • PDF Spec Section 7.6.5: Algorithm 2 (Key Derivation)

Re-exports§

pub use permissions::PdfPermissions;

Modules§

permissions
PDF §7.6.3.2 /P permission flag set.

Structs§

CertEncryptDict
Certificate encryption dictionary.
CertificateEncryption
Certificate-based encryption builder and handler.
CertificateEncryptionHandler
Handler for certificate-encrypted PDFs.
EncryptDict
PDF encryption dictionary (/Encrypt entry in trailer).
EncryptDictBuilder
Builder for creating encryption dictionaries.
EncryptionHandler
Main encryption handler for PDF documents.
EncryptionWriteHandler
Handler for encrypting PDF objects during write operations.
Permissions
PDF encryption permissions (P field).
RecipientInfo
Recipient information for certificate encryption.
RecipientPermissions
Permissions for certificate-encrypted documents.

Enums§

Algorithm
Encryption algorithm used in the PDF.
CertSubFilter
Sub-filter types for certificate encryption.
KeyTransportAlgorithm
Key transport algorithm for encrypting the file key.

Functions§

compute_encryption_key
Compute the encryption key from a password (Algorithm 2).
compute_owner_password_hash
Compute the owner password hash (Algorithm 3 for R<=4, Algorithm 8 for R>=5).
compute_user_password_hash
Compute the user password hash for the encryption dictionary (Algorithm 4/5/8).
generate_file_id
Generate a unique file ID for the PDF.