Class: PDF::Reader::AesV3SecurityHandler

Inherits:
Object
  • Object
show all
Defined in:
lib/pdf/reader/aes_v3_security_handler.rb

Overview

Decrypts data using the AESV3 algorithim defined in the PDF 1.7, Extension Level 3 spec. Requires a decryption key, which is usually generated by PDF::Reader::KeyBuilderV5

Instance Method Summary collapse

Constructor Details

#initialize(key) ⇒ AesV3SecurityHandler

: (String) -> void



16
17
18
19
20
21
22
23
24
 
# File 'lib/pdf/reader/aes_v3_security_handler.rb', line 16

def initialize(key)
  if key.bytesize != 32
    raise PDF::Reader::MalformedPDFError.new(
      "AES-256 key must be exactly 32 bytes, got #{key.bytesize}"
    )
  end
  @encrypt_key = key
  @cipher = "AES-256-CBC" #: String
end

Instance Method Details

#decrypt(buf, ref) ⇒ Object

7.6.2 General Encryption Algorithm

Algorithm 1: Encryption of data using the RC4 or AES algorithms

used to decrypt RC4/AES encrypted PDF streams (buf). Input data should be in bytesizes of a multiple of 16, anything else is an error. The first 16 bytes are the initialization vector, so any input of exactly 16 bytes decrypts to an empty string

buf - a string to decrypt ref - a PDF::Reader::Reference for the object to decrypt

: (String, PDF::Reader::Reference) -> String



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/pdf/reader/aes_v3_security_handler.rb', line 38

def decrypt( buf, ref )
  if buf.bytesize % 16 > 0
    raise PDF::Reader::MalformedPDFError.new("Ciphertext not a multiple of 16")
  elsif buf.bytesize == 16
    return ""
  else
    begin
      internal_decrypt(buf, ref)
    rescue OpenSSL::Cipher::CipherError
      # If we failed to decrypt it might be a padding error, so try again
      # and assume no padding in the ciphertext. This will "suceed" but might
      # return garbage if the key is incorrect but that's OK - well before this
      # class is used we have confirmed the user provided key is correct so if
      # this works without error we can be confident the returned plaintext is
      #  correct
     internal_decrypt(buf, ref, false)
    end
  end
end