SetaPDF_Core_SecHandler_PublicKey Security handler class handling public key encryption features.

File: /SetaPDF v2/Core/SecHandler/PublicKey.php

Class hierarchy

Implements

Summary

Constants

PERM_OWNER

Permission constant.

When set permits change of encryption and enables all other permissions.

See
  • PDF 32000-1:2008 - Table 24 - Public-Key security handler user access permissions

Properties

$_auth

protected boolean SetaPDF_Core_SecHandler_PublicKey::$_auth = false

Defines if this security handler is authenticated

$_authData

protected array SetaPDF_Core_SecHandler_PublicKey::$_authData = array(...)

An array holding authentication data.

$_authMode

The auth mode

Says who is authenticated: user or owner

$_cipherId

The cipher id that is passed to openssl_pkcs7_encrypt().

See

$_document

The document to which this security handler is attached

$_encryptMetadata

Metadata are encrypted or not

$_encryptionDictionary

$_encryptionKey

The encryption key

$_keyLength

The key length in bytes

This value is still needed if crypt filters are in use: - It is needed to compute the encryption key. - It is needed to compute the O value It is NOT documented which key length should be used for this things if a crypt filter is in use.

$_streamAlgorithm

The algorithm an key length to be used for en/decrypting stream

$_stringAlgorithm

The algorithm an key length to be used for en/decrypting strings

$_tempFiles

An array of temporary filenames which needs to be deleted on destruction.


Methods

__construct()

The constructor.

Parameters
$document : SetaPDF_Core_Document
 
$encryptionDictionary : SetaPDF_Core_Type_Dictionary
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception

_cleanUp()

Removes temporary files.

_computeEncryptionKey()

protected SetaPDF_Core_SecHandler_PublicKey::_computeEncryptionKey (
string[] $envelopes, string $seed [, bool|true $encryptMetadata = true ]
): string

Computes the encryption key.

Parameters
$envelopes : string[]
 
$seed : string
 
$encryptMetadata : bool|true
 

_computeHashR6()

protected SetaPDF_Core_SecHandler_AbstractHandler::_computeHashR6 (
string $data, string $inputPassword [, string $userKey = '' ]
): string

Computes a hash for security handler revision 6.

Parameters
$data : string
 
$inputPassword : string
 
$userKey : string
 

_crypt()

protected SetaPDF_Core_SecHandler_AbstractHandler::_crypt (
string $data, array $algorithm [, SetaPDF_Core_Type_IndirectObject $param = null [, boolean $encrypt = true ]]
): string

Encrypts or decrypts data using Algorithm 1 of the PDF specification.

Parameters
$data : string
 
$algorithm : array
 
$param : SetaPDF_Core_Type_IndirectObject
 
$encrypt : boolean
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception

_prepareEnvelopes()

Prepares the PKCS#7 envelopes.

Parameters
$recipients : SetaPDF_Core_SecHandler_PublicKey_Recipient[]
 
$seed : string
 
Exceptions

Throws Exception

_preparePermission()

protected SetaPDF_Core_SecHandler_PublicKey::_preparePermission (
int $permissions
): string

Prepares permission flag.

Parameters
$permissions : int
 

auth()

public SetaPDF_Core_SecHandler_PublicKey::auth (
[ mixed $recipientCert = null [, mixed $recipientKey = null ]]
): bool

Authenticate to the security handler with a certificate and private key.

Parameters
$recipientCert : mixed

See parameter $recipcert of openssl_pkcs7_decrypt().

$recipientKey : mixed

See parameter $recipkey of openssl_pkcs7_decrypt().

Exceptions

Throws SetaPDF_Core_SecHandler_Exception

Throws Exception

decryptStream()

Decrypt a stream.

Parameters
$data : string
 
$param : SetaPDF_Core_Type_IndirectObject
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception

decryptString()

Decrypt a string.

Parameters
$data : string
 
$param : SetaPDF_Core_Type_IndirectObject
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception

encryptStream()

Encrypt a stream.

Parameters
$data : string
 
$param : SetaPDF_Core_Type_IndirectObject
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception

encryptString()

Encrypt a string.

Parameters
$data : string
 
$param : SetaPDF_Core_Type_IndirectObject
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception

generateRandomBytes()

Generate random bytes.

Internally the method tries to use PHPs internal available methods for pseudo-random bytes creation: random_bytes(), openssl_random_pseudo_bytes(), mcrypt_create_iv(). If none of these methods is available a random string is generated by using mt_rand().

Parameters
$length
 

getAuthMode()

Get the auth method.

Return Values

"user", "owner" or an empty string if not authenticated.

getCipherId()

Get the cipher id, that will be passed to openssl_pkcs7_encrypt().

See

getDocument()

Returns the document instance of this security handler.

getEncryptMetadata()

Returns true if the metadata are/will be encrypted.

getEncryptionDictionary()

getEncryptionKey()

Get the encryption key if known/authenticated.

Exceptions

Throws SetaPDF_Core_SecHandler_Exception

getPdfVersion()

Get the PDF version, which is needed for the currently used encryption algorithm.

Exceptions

Throws SetaPDF_Exception_NotImplemented

getPermission()

public SetaPDF_Core_SecHandler_AbstractHandler::getPermission (
integer $permission
): boolean

Queries if a permission is granted.

Parameters
$permission : integer
 

getPermissions()

getStreamAlgorithm()

Get the stream algorithm data.

getStringAlgorithm()

Get the string algorithm data.

isAuth()

Queries if the security handler is authenticated.

If not it tries by calling auth() without a password.

setCipherId()

Set the cipher id, that will be passed to openssl_pkcs7_encrypt().

ISO/DIS 32000-2: 7.6.5.3 Public-key encryption algorithms:

The algorithms that shall be used to encrypt the enveloped data in the PKCS#7 object are: RC4 with key lengths up to 256-bits, DES, Triple DES, RC2 with key lengths up to 128 bits, 128-bit AES in Cipher Block Chaining (CBC) mode, 192-bit AES in CBC mode, 256-bit AES in CBC mode.
Parameters
$cipherId
 
See