Adobe acrobat 7.0.5 sdk User Manual

Page of 122
Providing Document Security
Encryption and Decryption
11
92
Encryption and Decryption
Encryption is controlled by an encryption dictionary in the PDF file. Acrobat uses RC4 (a 
proprietary algorithm provided by RSA Data Security, Inc.) to encrypt document data, and a 
standard (proprietary) method to encrypt, decrypt, and verify user passwords to determine 
whether or not a user is authorized to open a document. See Section 3.5, “Encryption,” in 
the PDF Reference for more information on the encryption used in PDF files.
Each stream or string object in a PDF file is individually encrypted. This level of encryption 
improves performance because objects can be individually decrypted as needed rather 
than decrypting an entire file. All objects, except for the encryption dictionary (which 
contains the security handler’s private data), are encrypted using the RC4 algorithm that 
Adobe licenses from RSA Data Security, Inc. Plug-ins may not substitute another encryption 
scheme for RC4.
For digital signatures and document encryption, Acrobat supports public-key 
cryptography. Public-key cryptography uses two keys: a public key, which is stored inside a 
certificate that can be shared with other users, and a private key, called a digital ID, which is 
not shared with others. The public key certificate is used to encrypt (scramble) documents 
or to verify digital signatures, and the digital ID is used to decrypt (unscramble) encrypted 
documents or to create digital signatures.
Digital IDs and Certificates
A digital ID lets you create a digital signature or decrypt an encrypted PDF document. A 
digital ID is sometimes referred to as a private key, a credential, or a profile.
When you sign or decrypt a document, you select which digital ID to use. A digital ID is 
usually password-protected and can be stored on your computer as a PKCS#12 file, on a 
smart card, or in the Windows Credential Store. You can get a digital ID from a third-party 
provider, or you can create a self-signed digital ID and share your signature information 
with others using a public key certificate. A certificate is a confirmation of your digital ID 
and contains information used to protect data. 
When a digital signature is applied, a unique fingerprint with encrypted numbers is 
embedded in the document. The recipient needs the signer’s certificate to validate that the 
Adobe Policy Server
Apply server-based security policies to PDF documents. 
Server-based security policies are especially useful if you want 
others to have access to PDF documents only for a limited 
time. See 
.
Document certification
When an author digital signature is added, editing changes are 
restricted and detected. See