Class: HexaPDF::Encryption::StandardSecurityHandler

Inherits:
SecurityHandler show all
Defined in:
lib/hexapdf/encryption/standard_security_handler.rb

Overview

The password-based standard security handler of the PDF specification, identified by a /Filter value of /Standard.

Overview

The PDF specification defines one security handler that should be implemented by all conforming PDF libraries and applications. This standard security handler allows access permissions and a user password as well as an owner password to be set.

See StandardSecurityHandler::EncryptionOptions for all valid options that can be used with this security handler when encrypting a document. And see #prepare_decryption for all allowed options when decrypting a document.

The access permissions (see StandardSecurityHandler::Permissions) can be used to restrict what a user is allowed to do with a PDF file.

When a user or owner password is specified, a PDF file can only be opened when the correct password is supplied. To open such an encrypted PDF file, the decryption_opts provided to HexaPDF::Document.new needs to contain a :password key with the password.

Note: While HexaPDF supports reading files encrypted with revision 5, it doesn’t support writing such files. This is no problem in practice since revision 5 was an inofficial Adobe extension to PDF 1.7 and revision 6 specified in PDF 2.0 is practically the same.

See: PDF2.0 s7.6.4

Defined Under Namespace

Modules: Permissions Classes: EncryptionOptions

Instance Attribute Summary

Attributes inherited from SecurityHandler

#encryption_details

Instance Method Summary collapse

Methods inherited from SecurityHandler

#encrypt_string, #initialize, set_up_decryption, #set_up_decryption, set_up_encryption, #set_up_encryption

Constructor Details

This class inherits a constructor from HexaPDF::Encryption::SecurityHandler

Instance Method Details

#decrypt(obj) ⇒ Object

:nodoc:



269
270
271
272
273
274
275
 
# File 'lib/hexapdf/encryption/standard_security_handler.rb', line 269

def decrypt(obj) #:nodoc:
  if dict[:V] >= 4 && obj.type == :Metadata && obj[:Subtype] == :XML && !dict[:EncryptMetadata]
    obj
  else
    super
  end
end

#decryption_password_typeObject

Returns the type of password used for decrypting the PDF document.

The return value is one of the following:

:none

No password was needed for decryption.

:user

The provided user password was used for decryption.

:owner

The provided owner password was used for decryption.

:unknown

The document was not decrypted, only encrypted.



265
266
267
 
# File 'lib/hexapdf/encryption/standard_security_handler.rb', line 265

def decryption_password_type
  @decryption_password_type || :unknown
end

#encrypt_stream(obj) ⇒ Object

:nodoc



277
278
279
280
281
282
283
 
# File 'lib/hexapdf/encryption/standard_security_handler.rb', line 277

def encrypt_stream(obj) #:nodoc
  if dict[:V] >= 4 && obj.type == :Metadata && obj[:Subtype] == :XML && !dict[:EncryptMetadata]
    obj.stream_encoder
  else
    super
  end
end

#encryption_key_valid?Boolean

Additionally checks that the document trailer’s ID has not changed.

See: SecurityHandler#encryption_key_valid?

Returns:

  • (Boolean) 


244
245
246
 
# File 'lib/hexapdf/encryption/standard_security_handler.rb', line 244

def encryption_key_valid?
  super && (document.trailer[:Encrypt][:R] > 4 || trailer_id_hash == @trailer_id_hash)
end

#permissionsObject

Returns the permissions of the managed dictionary as array of symbol values.

See: Permissions



251
252
253
254
255
 
# File 'lib/hexapdf/encryption/standard_security_handler.rb', line 251

def permissions
  Permissions::PERMISSION_TO_SYMBOL.each_with_object([]) do |(perm, sym), result|
    result << sym if dict[:P] & perm == perm
  end
end