Adobe plug-in SDK. How to open a pdf document protected by custom security handler?

Report · Jun 14, 2016

The encryption dictionary is as follow:

20 0 obj<</Filter /FOPN_foweb /V 2 /Length 128 ... ...>>endobj

I invoke the following codes to open the pdf document, but PDDocOpen causes an exception and the error code does not make sense.

DURING

PDDoc pdDoc = PDDocOpen(fileNameWrite, fileSys, MyPDAuthProc, FALSE);

HANDLER

ASErrorCode errorCode = ASGetExceptionErrorCode();

END_HANDLER

I am using Adobe plug-in SDK. How to open a pdf document protected by custom security handler?

Report · Jun 15, 2016

Contact the makers of the security handler, though it is likely they will not give you information allowing you to process these files programmatically.

Report · Jun 15, 2016

Hi,

I think you mistake my issue. I can get the information to process these files programmatically, but the Acrobat plug-in SDK does not provide the mechanism to process the custom security handler programmatically. Or, do I miss some info that Acrobat plug-in SDK provides?

Report · Jun 15, 2016

If you have the information to process these files programmatically, I would expect you to have the full details on how to code the authorization procedure (MyPDAuthProc), to work with PDCryptGetAuthDataProc, and calling PDDocAuthorize. Obviously the information you had is secret in detail, but is this the essence of the information you have?

Report · Jun 15, 2016

But when I invoke the following codes to open the pdf document, PDDocOpen causes an exception before I can code the authorization procedure (MyPDAuthProc).

ASBool MyPDAuthProc(PDDoc pdDoc)

{

code here

return TRUE;

}

DURING

PDDoc pdDoc = PDDocOpen(fileNameWrite, fileSys, MyPDAuthProc, FALSE);

HANDLER

ASErrorCode errorCode = ASGetExceptionErrorCode();

END_HANDLER

Report · Jun 15, 2016

Did you install the File Open plugin that implements that custom handler?

Report · Jun 15, 2016

No. I did not install the File Open plguin.

Report · Jun 15, 2016

Well that’s why it won’t open. It’s a custom security handler, so you need the software that implements that handler. And in this case, the FileOpen plugin.

Report · Jun 15, 2016

How can I implement that handler myself and handle the custom security handler?

Report · Jun 16, 2016

You could potentially license the technology from FileOpen – they have been known to do that in other instances.

Report · Jun 18, 2016

I have encrypted a PDF with the custom algorithm and want to decrypt it in Adobe Reader. Does Adobe plug-in SDK provide the mechanism to decrypt PDF with custom algorithm? I can just find PDCryptNewCryptDataExProc. But it can just support RC4, but custom algorithm.

Report · Jun 18, 2016

By the way do you have a Reader DRM plugin license? If not, check the cost, typically tens of thousands of dollars per year.

Report · Jun 18, 2016

Yes, I have checked the cost. But I have to test in Adobe Acrobat DC first, then if it works, I will pay for it.

Report · Jun 15, 2016

What exception? Please get the error string and report it. I'd expect an exception if you don't do the things an AuthProc MUST do. These are not optional.

Report · Jun 16, 2016

You can't implement that handler yourself. That's the whole point. what good would a security method be if you could write a replacement and avoid it?

Report · Jun 18, 2016

If you have used FileOpen's plugin to encrypt, use the same plug-in to decrypt.

Report · Jun 18, 2016

Ok but what you describe cannot work. Unless FileOpen have given you the source code of their plugin, or equivalent detail.

Report · Jun 18, 2016

No, It is nothing to do with FileOpen. The example above is just an example. I have to know whether Adobe provides the mechanism to decrypt the custom algorithm or not. I can just find PDCryptNewCryptDataExProc. But it can just support RC4, but custom algorithm.

Report · Jun 18, 2016

So you want to make your own scheme? Why didn't you say so in the first post?? All your questions suggested you wanted to open the PDF you quoted in the first post i.e. a FileOpen secured file, secured with the FileOpen custom handler. Yes, you can create your own custom handler which both decrypts and encrypts.

1. You should register a developer prefix with Adobe so that your security handler is uniquely named.

2. Be sure you fully understand the PDF encryption model as described in the PDF Reference. You have to work within this, but the encryption method used is not limited.

3. I think the reference to RC4 is old. You are not limited to RC4.

4. You must create a PDCryptHandler with many callbacks to implement your security. Some will not be needed. It is complicated because there are many options, you won't need to support all of them.

5. There is a security handler example in the SDK.

Report · Jun 18, 2016

Yes. I want to make my own scheme. I have built the security handler example in the SDK. But it does not explain how to handle the custom algorithm. Does it support the following scene?

1. Open the protected documnet

2. Adobe Reader passes the encrypted data to plug-in one object by one object

3. Plug-in decrypts the data

4. Plug-in passes the decrypted data back to Adobe Reader

5. Adobe Reader renders and displays the document

Report · Jun 18, 2016

I think part of the confusion is your reference to Open. The fittest step is to encrypt the file, save it, and close it. Only then is opening relevant. Your questions all seem to be about decrypting, do you propose a different scheme for encrypting? Perhaps encrypting the whole PDF? If so, you cannot: refer to point 2 in my previous reply.

Report · Jun 18, 2016

Not encrypt the whole PDF. I have created a encrypted PDF document by another app. It complies with the PDF standard, just encrypt the string objects and stream objects. I have to decrypt it by developing a Adobe plug-in.

Report · Jun 18, 2016

More info: the SDK sample does not define a crypt filter, just uses standard security. This took some study to relearn. I believe this is deliberate, to stop developers releasing code using Adobe's sample encryption (hence, insecure)

Report · Jun 20, 2016

Hi,

The encryption dictionary is as follow,

73 0 obj

<</Filter /MySecurityHandlerName /V 4/CF<</MyFilter0<</Type /CryptFilter /CFM /None>>>>/StmF /MyFilter0 /StrF /MyFilter0 ... ...>>

I set /CFM to /None. As pdf reference decribed about /CFM,

"None The application does not decrypt data but directs the input stream

to the security handler for decryption. (See implementation note

30 in Appendix H.)"

But Adobe does not direct the input stream to the security handler for decryption. And the PDDocOpen interface raises an exception saying "The operation is not allowed".

I register a crypt handler by

PDRegisterCryptHandler (pdCryptHandler, "MySecurityHandlerName", "MySecurityHandlerName");

and I also define a crypt filter by

pdCryptFilterHandler = (PDCryptFilterHandler)ASmalloc(sizeof(PDCryptFilterHandlerRec));

memset(pdCryptFilterHandler, 0, sizeof(PDCryptFilterHandlerRec));

pdCryptHandler->CryptFilterHandler = pdCryptFilterHandler;

pdCryptFilterHandler->size = sizeof(PDCryptFilterHandlerRec);

pdCryptFilterHandler->DecryptStream = ASCallbackCreateProto(PDCryptFilterStreamProc, myPDCryptFilterDecryptStreamProc);

pdCryptFilterHandler->DecryptString = ASCallbackCreateProto(CosCryptStringProc, myCosCryptDecryptStringProc);

pdCryptFilterHandler->EncryptStream = ASCallbackCreateProto(PDCryptFilterStreamProc, myPDCryptFilterEncryptStreamProc);

pdCryptFilterHandler->EncryptString = ASCallbackCreateProto(CosCryptStringProc, myCosCryptEncryptStringProc);

pdCryptFilterHandler->Authorize = ASCallbackCreateProto(PDCryptFilterAuthorizeProc, myPDCryptFilterAuthorizeProc);

pdCryptFilterHandler->GetData = ASCallbackCreateProto(PDCryptFilterGetDataProc, myPDCryptFilterGetDataProc);

Report · Jun 18, 2016

Ok, if it complies to the standard you can indeed write a security handler. It must simply decrypt on demand in the appropriate callback which may be called many times. No assumptions can be made about the order of objects to be decrypted.