Index

  1. \setasign\SetaPDF2
    1. Core
      1. SecHandler
        1. PublicKey
        2. PublicKey
          1. Aes128
          2. Aes256
          3. Arcfour128
          4. Arcfour128Cf
          5. Recipient

setasign\SetaPDF2\Core\SecHandler

PublicKey Security handler class handling public key encryption features.

File: /SetaPDF v2/Core/SecHandler/PublicKey.php
Old class name (alias): \SetaPDF_Core_SecHandler_PublicKey

Class hierarchy

Implements

Summary

Methods

Properties

Constants

Constants

PERM_OWNER

public const int PublicKey::PERM_OWNER = 2

Permission constant.

When set permits change of encryption and enables all other permissions.

See
  • PDF 32000-1:2008 - Table 24 - Public-Key security handler user access permissions

Properties

$_auth

protected bool AbstractHandler::$_auth = false

Defines if this security handler is authenticated

$_authData

protected array PublicKey::$_authData = array(...)

An array holding authentication data.

$_authMode

protected ?string AbstractHandler::$_authMode

The auth mode

Says who is authenticated: user or owner

$_cipherId

protected int PublicKey::$_cipherId = 7

The cipher id that is passed to openssl_pkcs7_encrypt().

See

$_document

protected \SetaPDF_Core_Document AbstractHandler::$_document

The document to which this security handler is attached

$_encryptMetadata

protected bool AbstractHandler::$_encryptMetadata = true

Metadata are encrypted or not

$_encryptionDictionary

protected \SetaPDF_Core_Type_Dictionary AbstractHandler::$_encryptionDictionary

The encryption dictionary

$_encryptionKey

protected string AbstractHandler::$_encryptionKey

The encryption key

$_keyLength

protected int AbstractHandler::$_keyLength = 5

The key length in bytes

This value is still needed if crypt filters are in use:

  • It is needed to compute the encryption key.
  • It is needed to compute the O value It is NOT documented which key length should be used for this things if a crypt filter is in use.

$_streamAlgorithm

protected array AbstractHandler::$_streamAlgorithm = array(...)

The algorithm key length to be used for en/decrypting stream

$_stringAlgorithm

protected array AbstractHandler::$_stringAlgorithm = array(...)

The algorithm key length to be used for en/decrypting strings

$_tempFiles

private array PublicKey::$_tempFiles = array()

An array of temporary filenames which needs to be deleted on destruction.


Methods

__construct()

public AbstractHandler::__construct (
\SetaPDF_Core_Document $document,
\SetaPDF_Core_Type_Dictionary $encryptionDictionary
)

The constructor.

Parameters
$document : \SetaPDF_Core_Document
 
$encryptionDictionary : \SetaPDF_Core_Type_Dictionary
 
Exceptions

Throws Exception

Throws \setasign\SetaPDF2\Core\Type\Exception

_cleanUp()

protected PublicKey::_cleanUp (
void
): void

Removes temporary files.

_computeEncryptionKey()

protected PublicKey::_computeEncryptionKey (
string[] $envelopes,
string $seed,
bool|true $encryptMetadata = true
): string

Computes the encryption key.

Parameters
$envelopes : string[]
 
$seed : string
 
$encryptMetadata : bool|true
 

_computeHashR6()

protected AbstractHandler::_computeHashR6 (
string $data,
string $inputPassword,
string $userKey = ''
): string

Computes a hash for security handler revision 6.

Parameters
$data : string
 
$inputPassword : string
 
$userKey : string
 

_crypt()

protected AbstractHandler::_crypt (
string $data,
array $algorithm,
\SetaPDF_Core_Type_IndirectObject $param = null,
bool $encrypt = true
): string

Encrypts or decrypts data using Algorithm 1 of the PDF specification.

Parameters
$data : string
 
$algorithm : array
 
$param : \SetaPDF_Core_Type_IndirectObject
 
$encrypt : bool
 
Exceptions

Throws Exception

_prepareEnvelopes()

protected PublicKey::_prepareEnvelopes (): string[]

Prepares the PKCS#7 envelopes.

Parameters
$recipients : \SetaPDF_Core_SecHandler_PublicKey_Recipient[]
 
$seed : string
 
Exceptions

Throws \Exception

_preparePermission()

protected PublicKey::_preparePermission (
int $permissions
): string

Prepares permission flag.

Parameters
$permissions : int
 

auth()

public PublicKey::auth (
mixed $recipientCert = null,
mixed $recipientKey = null
): bool

Authenticate to the security handler with a certificate and private key.

Parameters
$recipientCert : mixed

See parameter $recipcert of openssl_pkcs7_decrypt().

$recipientKey : mixed

See parameter $recipkey of openssl_pkcs7_decrypt().

Exceptions

Throws Exception

Throws \Exception

decryptStream()

public AbstractHandler::decryptStream (
string $data,
\SetaPDF_Core_Type_IndirectObject $param = null
): string

Decrypt a stream.

Parameters
$data : string
 
$param : \SetaPDF_Core_Type_IndirectObject
 
Exceptions

Throws Exception

decryptString()

public AbstractHandler::decryptString (
string $data,
\SetaPDF_Core_Type_IndirectObject $param = null
): string

Decrypt a string.

Parameters
$data : string
 
$param : \SetaPDF_Core_Type_IndirectObject
 
Exceptions

Throws Exception

encryptStream()

public AbstractHandler::encryptStream (
string $data,
\SetaPDF_Core_Type_IndirectObject $param = null
): string

Encrypt a stream.

Parameters
$data : string
 
$param : \SetaPDF_Core_Type_IndirectObject
 
Exceptions

Throws Exception

encryptString()

public AbstractHandler::encryptString (
string $data,
\SetaPDF_Core_Type_IndirectObject $param = null
): string

Encrypt a string.

Parameters
$data : string
 
$param : \SetaPDF_Core_Type_IndirectObject
 
Exceptions

Throws Exception

getAuthMode()

public AbstractHandler::getAuthMode (
void
): string

Get the auth method.

Return Values

"user", "owner" or an empty string if not authenticated.

getCipherId()

public PublicKey::getCipherId (
void
): int

Get the cipher id, that will be passed to openssl_pkcs7_encrypt().

See

getDocument()

public AbstractHandler::getDocument (
void
): \SetaPDF_Core_Document

Returns the document instance of this security handler.

getEncryptMetadata()

public AbstractHandler::getEncryptMetadata (
void
): bool

Returns true if the metadata are/will be encrypted.

getEncryptionDictionary()

public AbstractHandler::getEncryptionDictionary (
void
): \SetaPDF_Core_Type_Dictionary

Gets the encryption dictionary.

getEncryptionKey()

public AbstractHandler::getEncryptionKey (
void
): string

Get the encryption key if known/authenticated.

Exceptions

Throws Exception

getPdfVersion()

public AbstractHandler::getPdfVersion (
void
): string

Get the PDF version, which is needed for the currently used encryption algorithm.

Exceptions

Throws \setasign\SetaPDF2\NotImplementedException

getPermission()

public AbstractHandler::getPermission (
int $permission
): bool

Queries if a permission is granted.

Parameters
$permission : int
 

getPermissions()

public PublicKey::getPermissions (
void
): int

Returns current permissions.

See

getStreamAlgorithm()

public AbstractHandler::getStreamAlgorithm (
void
): array

Get the stream algorithm data.

getStringAlgorithm()

public AbstractHandler::getStringAlgorithm (
void
): array

Get the string algorithm data.

isAuth()

public AbstractHandler::isAuth (
void
): bool

Queries if the security handler is authenticated.

If not it tries by calling auth() without a password.

setCipherId()

public PublicKey::setCipherId (
int $cipherId
): void

Set the cipher id, that will be passed to openssl_pkcs7_encrypt().

ISO/DIS 32000-2: 7.6.5.3 Public-key encryption algorithms:

The algorithms that shall be used to encrypt the enveloped data in the PKCS#7 object are: RC4 with key lengths up to 256-bits, DES, Triple DES, RC2 with key lengths up to 128 bits, 128-bit AES in Cipher Block Chaining (CBC) mode, 192-bit AES in CBC mode, 256-bit AES in CBC mode.
Parameters
$cipherId : int
 
See

© 2025 Setasign GmbH & Co. KG · Contact / Imprint · Data Privacy Statement (German)