The encryption parameters in the generated PDF are out of the standard's scope

M-Files_Support · October 27, 2022, 1:03pm

A customer of ours has stated that the PDFs we create with Aspose don’t fully comply with the ISO standard for PDF 1.7, the ISO 32000-1. They claim that the encryption parameters in the generated PDF are out of the standard’s scope. The encryption parameter in question is from Table 21 – Additional encryption dictionary entries for the standard security handler, Key R. According to the Adobe’s open source version of the document it should be between values 2-4, but Aspose PDFs have value 5.

A program they used generated the following error:
Expected encryption dictionary /R security revision number to be from 1 to 4. found /R=5

We tested their claim with a simple test program using Aspose.PDF 22.2 for .NET. See the code below. Any PDF produced with it has the same security revision issue.

Aspose.Pdf.Document pdf = new Aspose.Pdf.Document( filePath );
pdf.Encrypt( string.Empty, “XXX”, Aspose.Pdf.Facades.DocumentPrivilege.AllowAll, Aspose.Pdf.CryptoAlgorithm.AESx256, false );
using( var errStream = new MemoryStream() )
{
// Convert.
pdf.Convert( errStream, PdfFormat.v_1_7, ConvertErrorAction.Delete );
errStream.Flush();
errStream.Dispose();
}
pdf.Save( “ENCRYPTED_AESx256_v_1_7.pdf” );

Which ISO PDF standard revision do Aspose products conform to? How are you following the encryption dictionary values, especially the R key? Is Aspose fully compliant with the PDF ISO standard?

asad.ali · October 27, 2022, 7:08pm

@M-Files_Support

We are collecting related information and investigation details against your concerns under the task ID PDFNET-52848. We will let you know as soon as the task is completed. Please be patient and spare us some time.

M-Files_Support · November 11, 2022, 8:30am

Hi,
Any updates on this issue?

asad.ali · November 11, 2022, 6:09pm

@M-Files_Support

We have prepared the result of the investigation:

In specification PDF 32000-1:2008 max value for R(and V) is 4.
In new specification ISO 32000-2:2020(E) R(and V) can be 5 an 6 too.
This probably doesn’t exactly document of version 1.7, but this option is quite popular and provides more security. Because, this feature is available.

Why R set as 5 in code?
Reason in CryptoAlgorithm.AESx256

If you want to limit the document to version 1.7 then use the following code:

            var pdf = new Aspose.Pdf.Document();
            pdf.Encrypt(string.Empty, "XXX", Aspose.Pdf.Facades.DocumentPrivilege.AllowAll, Aspose.Pdf.CryptoAlgorithm.AESx128, false);
            using (var errStream = new MemoryStream())
            {
                // Convert.
                pdf.Convert(errStream, PdfFormat.v_1_7, ConvertErrorAction.Delete);
                errStream.Flush();
                errStream.Dispose();
            }
            pdf.Save(dataDir + "52848.pdf");

In result file you will have “V 4/R 4” values.