SetaPDF_Core_SecHandler_PublicKey_Aes256 Generator class for AES 256 bit public-key security handler

File: /SetaPDF/Core/SecHandler/PublicKey/Aes256.php

Class hierarchy

Implements

Summary

Properties

$_auth

Defines if this security handler is authenticated

$_authData

An array holding authentication data.

$_authMode

Says who is authenticated: user or owner

$_cipherId

The cipher id that is passed to openssl_pkcs7_encrypt().

See

$_document

The document to which this security handler is attached

$_encryptMetadata

Metadata are encrypted or not

$_encryptionDictionary

$_encryptionKey

The encryption key

$_keyLength

This value is still needed if crypt filters are in use: - It is needed to compute the encryption key. - It is needed to compute the O value It is NOT documented which key length should be used for this things if a crypt filter is in use.

$_streamAlgorithm

The algorithm an key length to be used for en/decrypting stream

$_stringAlgorithm

The algorithm an key length to be used for en/decrypting strings


Static Methods

factory()

static public SetaPDF_Core_SecHandler_PublicKey_Aes256 SetaPDF_Core_SecHandler_PublicKey_Aes256::factory ( SetaPDF_Core_Document $document, SetaPDF_Core_SecHandler_PublicKey_Recipient[]|SetaPDF_Core_SecHandler_PublicKey_Recipient $recipients [, boolean $encryptMetadata = true ] )

Factory method for AES 256 bit public-key security handler.

Parameters
$document : SetaPDF_Core_Document
 
$recipients : SetaPDF_Core_SecHandler_PublicKey_Recipient[]|SetaPDF_Core_SecHandler_PublicKey_Recipient
 
$encryptMetadata : boolean
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception


Methods

__construct()

public SetaPDF_Core_SecHandler_AbstractHandler::__construct ( SetaPDF_Core_Document $document, SetaPDF_Core_Type_Dictionary $encryptionDictionary )

The constructor.

Parameters
$document : SetaPDF_Core_Document
 
$encryptionDictionary : SetaPDF_Core_Type_Dictionary
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception

_cleanUp()

protected void SetaPDF_Core_SecHandler_PublicKey::_cleanUp ( void )

Removes temporary files.

_computeEncryptionKey()

protected string SetaPDF_Core_SecHandler_PublicKey::_computeEncryptionKey ( string[] $envelopes, string $seed [, bool|true $encryptMetadata = true ] )

Computes the encryption key.

Parameters
$envelopes : string[]
 
$seed : string
 
$encryptMetadata : bool|true
 

_computeHashR6()

protected string SetaPDF_Core_SecHandler_AbstractHandler::_computeHashR6 ( string $data, string $inputPassword [, string $userKey = '' ] )

Computes a hash for security handler revision 6.

Parameters
$data : string
 
$inputPassword : string
 
$userKey : string
 

_crypt()

protected string SetaPDF_Core_SecHandler_AbstractHandler::_crypt ( string $data, array $algorithm [, SetaPDF_Core_Type_IndirectObject $param = null [, boolean $encrypt = true ]] )

Encrypts or decrypts data using Algorithm 1 of the PDF specification.

Parameters
$data : string
 
$algorithm : array
 
$param : SetaPDF_Core_Type_IndirectObject
 
$encrypt : boolean
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception

_prepareEnvelopes()

protected string[] SetaPDF_Core_SecHandler_PublicKey::_prepareEnvelopes ( SetaPDF_Core_SecHandler_PublicKey_Recipient[] $recipients, string $seed )

Prepares the PKCS#7 envelopes.

Parameters
$recipients : SetaPDF_Core_SecHandler_PublicKey_Recipient[]
 
$seed : string
 
Exceptions

Throws Exception

_preparePermission()

protected string SetaPDF_Core_SecHandler_PublicKey::_preparePermission ( int $permissions )

Prepares permission flag.

Parameters
$permissions : int
 

auth()

public bool SetaPDF_Core_SecHandler_PublicKey::auth ( [ mixed $recipientCert = null [, mixed $recipientKey = null ]] )

Authenticate to the security handler with a certificate and private key.

Parameters
$recipientCert : mixed

See parameter $recipcert of openssl_pkcs7_decrypt().

$recipientKey : mixed

See parameter $recipkey of openssl_pkcs7_decrypt().

Exceptions

Throws SetaPDF_Core_SecHandler_Exception, Exception

decryptStream()

public string SetaPDF_Core_SecHandler_AbstractHandler::decryptStream ( string $data [, SetaPDF_Core_Type_IndirectObject $param = null ] )

Decrypt a stream.

Parameters
$data : string
 
$param : SetaPDF_Core_Type_IndirectObject
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception

decryptString()

public string SetaPDF_Core_SecHandler_AbstractHandler::decryptString ( string $data [, SetaPDF_Core_Type_IndirectObject $param = null ] )

Decrypt a string.

Parameters
$data : string
 
$param : SetaPDF_Core_Type_IndirectObject
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception

encryptStream()

public string SetaPDF_Core_SecHandler_AbstractHandler::encryptStream ( string $data [, SetaPDF_Core_Type_IndirectObject $param = null ] )

Encrypt a stream.

Parameters
$data : string
 
$param : SetaPDF_Core_Type_IndirectObject
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception

encryptString()

public string SetaPDF_Core_SecHandler_AbstractHandler::encryptString ( string $data [, SetaPDF_Core_Type_IndirectObject $param = null ] )

Encrypt a string.

Parameters
$data : string
 
$param : SetaPDF_Core_Type_IndirectObject
 
Exceptions

Throws SetaPDF_Core_SecHandler_Exception

generateRandomBytes()

public string SetaPDF_Core_SecHandler_AbstractHandler::generateRandomBytes ( $length $length )

Generate random bytes.

Internally the method tries to use PHPs internal available methods for pseudo-random bytes creation: random_bytes(), openssl_random_pseudo_bytes(), mcrypt_create_iv(). If none of these methods is available a random string is generated by using mt_rand().

Parameters
$length : $length
 

getAuthMode()

public string SetaPDF_Core_SecHandler_AbstractHandler::getAuthMode ( void )

Get the auth method.

Return Values

"user", "owner" or an empty string if not authenticated.

getCipherId()

public int SetaPDF_Core_SecHandler_PublicKey::getCipherId ( void )

Get the cipher id, that will be passed to openssl_pkcs7_encrypt().

See

getDocument()

public SetaPDF_Core_Document SetaPDF_Core_SecHandler_AbstractHandler::getDocument ( void )

Returns the document instance of this security handler.

getEncryptMetadata()

public boolean SetaPDF_Core_SecHandler_AbstractHandler::getEncryptMetadata ( void )

Returns true if the metadata are/will be encrypted.

getEncryptionDictionary()

public SetaPDF_Core_Type_Dictionary SetaPDF_Core_SecHandler_AbstractHandler::getEncryptionDictionary ( void )

Gets the encryption dictionary.

getEncryptionKey()

public string SetaPDF_Core_SecHandler_AbstractHandler::getEncryptionKey ( void )

Get the encryption key if known/authenticated.

Exceptions

Throws SetaPDF_Core_SecHandler_Exception

getPdfVersion()

public string SetaPDF_Core_SecHandler_AbstractHandler::getPdfVersion ( void )

Get the PDF version, which is needed for the currently used encryption algorithm.

Exceptions

Throws SetaPDF_Exception_NotImplemented

getPermission()

public boolean SetaPDF_Core_SecHandler_AbstractHandler::getPermission ( integer $permission )

Queries if a permission is granted.

Parameters
$permission : integer
 

getPermissions()

public integer SetaPDF_Core_SecHandler_PublicKey::getPermissions ( void )

Returns current permissions.

See

getStreamAlgorithm()

public array SetaPDF_Core_SecHandler_AbstractHandler::getStreamAlgorithm ( void )

Get the stream algorithm data.

getStringAlgorithm()

public array SetaPDF_Core_SecHandler_AbstractHandler::getStringAlgorithm ( void )

Get the string algorithm data.

isAuth()

public boolean SetaPDF_Core_SecHandler_AbstractHandler::isAuth ( void )

Queries if the security handler is authenticated.

If not it tries by calling auth() without a password.

setCipherId()

public void SetaPDF_Core_SecHandler_PublicKey::setCipherId ( $cipherId $cipherId )

Set the cipher id, that will be passed to openssl_pkcs7_encrypt().

ISO/DIS 32000-2: 7.6.5.3 Public-key encryption algorithms:

The algorithms that shall be used to encrypt the enveloped data in the PKCS#7 object are: RC4 with key lengths up to 256-bits, DES, Triple DES, RC2 with key lengths up to 128 bits, 128-bit AES in Cipher Block Chaining (CBC) mode, 192-bit AES in CBC mode, 256-bit AES in CBC mode.
Parameters
$cipherId : $cipherId
 
See