setasign\SetaPDF2\Core\SecHandler\Standard
Aes256 Generator class for AES 256 bit security handler (revision 6)
File: /SetaPDF v2/Core/SecHandler/Standard/Aes256.php
Old class name (alias):
\SetaPDF_Core_SecHandler_Standard_Aes256
Class hierarchy
Implements
Summary
Methods
- __construct()
- _authByOwnerPassword()
- _authByUserPassword()
- _computeEncryptionKey()
- _computeHashR6()
- _computeOValue()
- _computeUValue()
- _crypt()
- _getEncryptionKeyByUserPassword()
- auth()
- authByOwnerPassword()
- authByUserPassword()
- decryptStream()
- decryptString()
- encryptStream()
- encryptString()
- getAuthMode()
- getDocument()
- getEncryptMetadata()
- getEncryptionDictionary()
- getEncryptionKey()
- getPdfVersion()
- getPermission()
- getPermissions()
- getRevision()
- getStreamAlgorithm()
- getStringAlgorithm()
- isAuth()
Static Properties
Properties
$_authMode
The auth mode
Says who is authenticated: user or owner
$_encryptionDictionary
The encryption dictionary
$_encryptionKey
The encryption key
$_keyLength
The key length in bytes
This value is still needed if crypt filters are in use:
- It is needed to compute the encryption key.
- It is needed to compute the O value It is NOT documented which key length should be used for this things if a crypt filter is in use.
Static Methods
create()
string $ownerPassword,
string $userPassword = '',
int $permissions = 0,
bool $encryptMetadata = true,
string $passwordsEncoding = 'utf-8'
Create method for AES 256 bit security handler.
Parameters
- $document : \SetaPDF_Core_Document
- $ownerPassword : string
The owner password in UTF-8 encoding
- $userPassword : string
The user password in UTF-8 encoding
- $permissions : int
- $encryptMetadata : bool
- $passwordsEncoding : string
Exceptions
Throws \setasign\SetaPDF2\Core\SecHandler\Exception
ensurePasswordEncoding()
string $password,
string $encoding
This method ensures the correct encoding of a password.
Internally the password is converted into the required encoding for the desired revision and it is pocessed with the SASLprep profile if requried.
Parameters
- $revision : int
- $password : string
- $encoding : string
Exceptions
ensurePermissions()
int $revision
Ensures bits in the permission flag.
Parameters
- $permissions : int
- $revision : int
Exceptions
factory()
WARNING: This method is marked as deprecated!
Use self::create() instead
string $ownerPassword,
string $userPassword = '',
int $permissions = 0,
bool $encryptMetadata = true,
string $passwordsEncoding = 'utf-8'
Parameters
- $document : \SetaPDF_Core_Document
- $ownerPassword : string
The owner password in UTF-8 encoding
- $userPassword : string
The user password in UTF-8 encoding
- $permissions : int
- $encryptMetadata : bool
- $passwordsEncoding : string
Exceptions
Throws \setasign\SetaPDF2\Core\SecHandler\Exception
Methods
__construct()
The constructor.
Parameters
- $document : \SetaPDF_Core_Document
- $encryptionDictionary : \SetaPDF_Core_Type_Dictionary
Exceptions
_authByOwnerPassword()
Internal method to authenticate with the owner password.
Parameters
- $ownerPassword : string
Return Values
The encryption key if the authentication was successful. False if not.
Exceptions
Throws \setasign\SetaPDF2\NotImplementedException
_authByUserPassword()
Internal method to authenticate with the user password.
Parameters
- $userPassword : string
Return Values
The encryption key if the authentication was successful. False if not.
Exceptions
Throws \setasign\SetaPDF2\Core\SecHandler\Exception
_computeEncryptionKey()
Compute the encryption key based on a password.
Parameters
- $password : string
Exceptions
Throws \setasign\SetaPDF2\NotImplementedException
_computeHashR6()
string $inputPassword,
string $userKey = ''
Computes a hash for security handler revision 6.
Parameters
- $data : string
- $inputPassword : string
- $userKey : string
_computeOValue()
string $ownerPassword = ''
Compute the O value.
Parameters
- $userPassword : string
- $ownerPassword : string
Exceptions
_computeUValue()
Compute the U value.
Parameters
- $encryptionKey : string
Exceptions
_crypt()
array $algorithm,
\SetaPDF_Core_Type_IndirectObject $param = null,
bool $encrypt = true
Encrypts or decrypts data using Algorithm 1 of the PDF specification.
Parameters
- $data : string
- $algorithm : array
- $param : \SetaPDF_Core_Type_IndirectObject
- $encrypt : bool
Exceptions
_getEncryptionKeyByUserPassword()
Get the encryption key by the user password.
Parameters
- $password : string
Exceptions
Throws \setasign\SetaPDF2\Core\SecHandler\Exception
auth()
?string $encoding = null
Authenticate against the security handler.
This method will try to auth first with the owner password.
If this fails it will try to auth to the user password.
Parameters
- $password : string
- $encoding : ?string
Return Values
Authentication was successful or not
Exceptions
Throws \setasign\SetaPDF2\NotImplementedException
authByOwnerPassword()
?string $encoding = null
Authenticate with the owner password.
Parameters
- $password : string
- $encoding : ?string
Exceptions
Throws \setasign\SetaPDF2\NotImplementedException
authByUserPassword()
null $encoding = null
Authenticate with the user password.
Parameters
- $password : string
- $encoding : null
Exceptions
Throws \setasign\SetaPDF2\NotImplementedException
decryptStream()
Decrypt a stream.
Parameters
- $data : string
- $param : \SetaPDF_Core_Type_IndirectObject
Exceptions
decryptString()
Decrypt a string.
Parameters
- $data : string
- $param : \SetaPDF_Core_Type_IndirectObject
Exceptions
encryptStream()
Encrypt a stream.
Parameters
- $data : string
- $param : \SetaPDF_Core_Type_IndirectObject
Exceptions
encryptString()
Encrypt a string.
Parameters
- $data : string
- $param : \SetaPDF_Core_Type_IndirectObject
Exceptions
getAuthMode()
Get the auth method.
Return Values
"user", "owner" or an empty string if not authenticated.
getDocument()
Returns the document instance of this security handler.
getEncryptionDictionary()
Gets the encryption dictionary.
getPdfVersion()
Get the PDF version, which is needed for the currently used encryption algorithm.
Exceptions
isAuth()
Queries if the security handler is authenticated.
If not it tries by calling auth() without a password.