Adobe acrobat 7.0.5 sdk User Manual
Providing Document Security
Security Handlers
11
94
S e c u r i t y H a n d l e r s
The code that performs user authorization and sets permissions is known as a security
handler. The core API has one built-in security handler. This security handler supports two
passwords:
handler. The core API has one built-in security handler. This security handler supports two
passwords:
●
A user password that allows a user to open and read a protected document with
whatever permissions the owner chooses
whatever permissions the owner chooses
●
An owner password that allows a document’s owner to change the permissions granted
to users
to users
You can either use the built-in security handler, or write a plug-in to create your own
security handlers to perform user authorization in other ways (for example, by the presence
of a specific hardware key or file, or by reading a magnetic card reader). You cannot create a
custom security handler using Acrobat JavaScript. A custom security handler can use
Acrobat or Adobe Reader’s built-in dialog boxes for entering passwords and for changing
permissions.
security handlers to perform user authorization in other ways (for example, by the presence
of a specific hardware key or file, or by reading a magnetic card reader). You cannot create a
custom security handler using Acrobat JavaScript. A custom security handler can use
Acrobat or Adobe Reader’s built-in dialog boxes for entering passwords and for changing
permissions.
Security handlers are responsible for:
●
Setting permissions on a file.
●
Authorizing access to a file.
●
Setting up a file’s encryption and decryption keys.
●
Maintaining the encryption dictionary of the PDF file containing the document.
Security handlers are used when:
●
A document is opened — the security handler must determine whether a user is
authorized to open the file and set up the decryption key that is used to decrypt the PDF
file.
authorized to open the file and set up the decryption key that is used to decrypt the PDF
file.
●
A document is saved — the security handler must set up the encryption key and write
any necessary security-related information into the PDF file’s encryption dictionary.
any necessary security-related information into the PDF file’s encryption dictionary.
●
A user tries to change a document’s security settings — the security handler must
determine whether the user is permitted to perform the operation.
determine whether the user is permitted to perform the operation.
PPKLite and PPKMS Security Handlers
In Acrobat 6, the built-in PPKLite signature handler only supported a single certificate chain
for validation; broader support required the Microsofts Crypto API (MSCAPI) support of the
PPKMS handler. In Acrobat 7, PPKLite supports RFC3280-based certificate chains natively.
MSCAPI support has been rolled into PPKLite and is no longer a separate handler.
for validation; broader support required the Microsofts Crypto API (MSCAPI) support of the
PPKMS handler. In Acrobat 7, PPKLite supports RFC3280-based certificate chains natively.
MSCAPI support has been rolled into PPKLite and is no longer a separate handler.
Security Handlers and Plug-ins
The PubSec layer, introduced in Acrobat 6.0, is an interface for Acrobat public-key security
handlers. PubSec forms a high-level interface to the digital signature facility; the PubSec
handlers. PubSec forms a high-level interface to the digital signature facility; the PubSec