PDF Java Toolkit-provided Security Framework implementation consists of implementations of the password-based encryption only. This implementation resides in the encryption package.
Security Managers Implementations
- GeneralSecurityManager: This class implements just a shell that does not instantiate any security handlers. It contains only methods that allow the user to register security handler instances and to request the specified security handler. If the specified security handler is not registered, then this implementation throws a PDFSecurityException. If some or all security handlers registered with an instance of the GeneralSecurityManager are document-specific, then the instance of the GeneralSecurityManager is document-specific as well.
- StandardCipherSecurityManager: This class implements a more useful functionality. It is a subclass of the GeneralSecurityManager. It instantiates three security handlers, Standard, StdCF and Identity, and registers them (see the section called “Security Handlers Implementations” below). The last two security handlers, StdCF and Identity, are extensions of the Standard security handler that support StdCF and Identity, Crypt filters.
This class has two constructors that take one or two passwords that they use in the instantiation of the respective security handlers. Because the instances of these security handlers are document-specific, the instance of the StandardCipherSecurityManager is document-specific as well.
Since this class extends the GeneralSecurityManager, it allows the user to register any number of additional security handlers and later retrieve the specified one.
Security Handlers Implementations
PDF Java Toolkit provides three security handlers implementations: Standard, StdCF and Identity that implement password-based encryption. The last two are modifications of the Standard security handler for the respective Crypt filters. Each of the first two security handlers instantiate either RC4 or AES Encryption Handlers based on the Encryption Parameters. The Identity security handler initializes IdentityEncryptionHandler.
- PBSHStandardCipher: It handles the Standard password-based encryption in PDF. The implementation has two constructors. One constructor takes one password and the corresponding instance is mainly used for decryption. The other constructor takes two passwords and the corresponding instance is only used for encryption.
The instance created with the first constructor authenticates the password and determines whether the supplied password is a user or owner password, which is important in determination of the encryption permissions. This instance can be also used for encryption. In this case it uses the same user and owner passwords and permissions as in the original document. The instance created with the second constructor does not perform authentication and can be used for encryption, only.
- PBSHCipherStdCF: This security handler is a subclass of the Standard Security Handler that implements StdCF Crypt filter. It differs in the way it handles the key length.
- PBSHIdentity: This security handler is also a subclass of the Standard Security Handler that implements Identity Crypt filter. It differs in the encryption handler that it returns, that is, IdentityEncryptionHandler. This encryption handler does not change the content neither on decryption nor on encryption.
Encryption Handlers Implementations
PDF Java Toolkit provides implementations of the following Encryption Handlers.
- JCERC4EncryptionHandler performs RC4 encryption.
- JCEAESEncryptionHandler performs AES encryption.
- IdentityEncryptionHandler leaves the content unchanged.
Encryption Permissions Handling
To facilitate handling of the encryption permissions in the implemented Security Handlers, PDF Java Toolkit contains an implementation of the encryption permissions provider located in PermissionProviderEncryption. Technically, this class does not belong to the Security Framework. It is part of the permissions handling mechanism in PDF Java Toolkit. This class is used by Security Framework implementations of the Security Handlers.