A PDF document may be encrypted so that
certain permissions are respected when the document is opened,
a password must be specified so that a document can be openend, or so that
a password must be specified to remove the restrictions and allow full access.
This module contains all encryption and security related code to facilitate PDF encryption.
Security handlers manage the process of encrypting and decrypting a PDF document. One of the main responsibilities of them is providing the encryption key that is then used by the selected encryption algorithm (see below). However, security handlers may also provide additional information.
Encryption::SecurityHandler is the base class for all such security handlers. It defines the interface and all common code for encrypting and decrypting strings and streams.
The PDF specification also defines a password-based standard security handler that additionally allows setting permission information. This security handler is implemented by the
There is also a certificate-based security handler defined by the PDF specification. However, that handler is not implemented.
Encryption Algorithms¶ ↑
PDF security is based on two algorithms with varying key lengths:
AES modules contain code common to their specific algorithm and are adapted to work together with any
There are at least two versions of each algorithm present:
The preferred versions which are based on OpenSSL and therefore rely on the OpenSSL library and a C extension.
Pure Ruby implementations of the algorithms which are naturally much slower than the OpenSSL based ones. However, these implementation can be used on any Ruby implementation.
ARC4 algorithm is deprecated with PDF 2.0 and should not be used when creating new documents.
See: PDF2.0 s7.6