Planet PDF Forum Planet PDF Forum
  New Posts New Posts RSS Feed - AES Encryption used in Acrobat
  FAQ FAQ  Forum Search   Register Register  Login Login

Hi, welcome to the Foxit Planet PDF Forum. If you have PDF or Adobe Acrobat questions then the right place to ask them is here, in this forum.

AES Encryption used in Acrobat

 Post Reply Post Reply
Author
Dharini View Drop Down
New Member
New Member


Joined: 31 Jan 2012
Points: 7
Post Options Post Options   Quote Dharini Quote  Post ReplyReply Direct Link To This Post Topic: AES Encryption used in Acrobat
    Posted: 31 Jan 2012 at 12:34pm
Hi all,

I am trying to decrypt streams and strings encrypted with AES-128 in pdfs, based on the crypt filter parameters. I am using RijndaelManaged cryptography class for the decryption. But now the problem is, in order to decrypt i need to know the initialization vector(IV) that has been used by Acrobat to encrypt. Since this IV is a random number as defined in the pdf reference i am not able to decrypt the content. Anybody here can suggest a solution?

Thanks in advance.
Back to Top
aandi View Drop Down
Senior Member
Senior Member


Joined: 07 Jul 2011
Points: 18358
Post Options Post Options   Quote aandi Quote  Post ReplyReply Direct Link To This Post Posted: 31 Jan 2012 at 4:03pm
I don't know the details used in PDF, but it is a common problem with decrypting. Without an IV it is far too easy to crack. So a random one is needed but how to have it for decryption? Often, it is the first bytes of the "encrypted" data.
Back to Top
aandi View Drop Down
Senior Member
Senior Member


Joined: 07 Jul 2011
Points: 18358
Post Options Post Options   Quote aandi Quote  Post ReplyReply Direct Link To This Post Posted: 31 Jan 2012 at 5:43pm
I can confirm this is what it says in the PDF Reference:
 
"If using the AES algorithm, the Cipher Block Chaining (CBC) mode, which requires an initialization vector, is used. The block size parameter is set to 16 bytes, and the initialization vector is a 16-byte random number that is stored as the first 16 bytes of the encrypted stream or string."
 
Note that you can't always just feed a bit of AES encrypted data to an AES library. There are many complications, like IVs, raw or salted keys, and other points. Generally, an AES library is good to encrypt and decrypt using the same settings, but going further can require detailed study.  I found this discussion especially interesting when approaching AES (for a different requirement): http://marc.info/?l=openssl-users&m=122919878204439
Back to Top
Dharini View Drop Down
New Member
New Member


Joined: 31 Jan 2012
Points: 7
Post Options Post Options   Quote Dharini Quote  Post ReplyReply Direct Link To This Post Posted: 01 Feb 2012 at 6:27am
Hi aandi,

thank you very much for the replies,  i would also appreciate any input regarding the things below,

Originally posted by aandi aandi wrote:

I can confirm this is what it says in the PDF Reference:
 
"If using the AES algorithm, the Cipher Block Chaining (CBC) mode, which requires an initialization vector, is used. The block size parameter is set to 16 bytes, and the initialization vector is a 16-byte random number that is stored as the first 16 bytes of the encrypted stream or string."



Its not exactly the first 16 bytes of encrypted data as said in the reference.

Quoting Wiki here, [http://en.wikipedia.org/wiki/Initialization_vector]

"For example, a single invocation of the AES algorithm transforms a 128-bit plaintext block into a ciphertext block of 128 bits in size. The key, which is given as one input to the cipher, defines the mapping between plaintext and ciphertext. If data of arbitrary length is to be encrypted, a simple strategy is to split the data into blocks each matching the cipher's block size, and encrypt each block separately using the same key. This method is not secure, however: equal plaintext blocks get transformed into equal ciphertexts, and a third party observing the encrypted data may easily determine its content even when not knowing the encryption key.

         To hide patterns in encrypted data while avoiding the re-issuing of a new key after each block cipher invocation a method is needed to randomize the input data. In 1980, the NIST published a national standard document designated FIPS PUB 81, which specified four so-called block cipher modes of operations, each describing a different solution for encrypting a set of input blocks. The first mode implements the simple strategy described above, and was specified as the electronic codebook (ECB) mode. In contrast, each of the other modes describe a process where ciphertext from one block encryption step gets intermixed with the data from the next encryption step. To initiate this process, an additional input value is required to be mixed with the first block, and which is referred to as an initialization vector."

So that means IV is only used to encrypt the stream/string, and is not stored(as first 16 bytes) with the encrypted data, hence not possible to fetch it(IV) from the output i.e encrypted string or stream. Please correct me if you think its a wrong conclusion.

Originally posted by aandi aandi wrote:


Note that you can't always just feed a bit of AES encrypted data to an AES library. There are many complications, like IVs, raw or salted keys, and other points. Generally, an AES library is good to encrypt and decrypt using the same settings,..


Yes i agree. RC4(40 and 128bit) encryption, the other encryption level being used by Acrobat uses a encryption key to encrypt the content which can be easily calculated using the algorithm defined in the PDF Reference. But the same we cant do with AES(128 and 256 bit) encryption, since there is no algorithm defined for the same in reference to take care of factors that you also have mentioned. Is there no possible way around to decrypt pdfs with AES encryption?.



Back to Top
aandi View Drop Down
Senior Member
Senior Member


Joined: 07 Jul 2011
Points: 18358
Post Options Post Options   Quote aandi Quote  Post ReplyReply Direct Link To This Post Posted: 01 Feb 2012 at 6:41am
Yes, this is a wrong conclusion. These two quotes do not contradict each other. (Though, if they did, are you going to believe the specification for PDF that Adobe wrote, or the encyclopedia that anyone can edit?)
 
To resolve the apparent contradiction, see http://forums.devshed.com/security-and-cryptography-17/question-about-aes-initialization-vector-486180.html, especially "Standard practice is to store the IV at the beginning of the encrypted content. What you store in front of the encrypted content is irrelevant. Just know that, when you decrypt the file, the first N bytes are the IV and they should be read but not treated as a part of the encrypted content."


Edited by aandi - 01 Feb 2012 at 6:54am
Back to Top
Dharini View Drop Down
New Member
New Member


Joined: 31 Jan 2012
Points: 7
Post Options Post Options   Quote Dharini Quote  Post ReplyReply Direct Link To This Post Posted: 01 Feb 2012 at 10:01am
Originally posted by aandi aandi wrote:


To resolve the apparent contradiction, see http://forums.devshed.com/security-and-cryptography-17/question-about-aes-initialization-vector-486180.html, especially "Standard practice is to store the IV at the beginning of the encrypted content. What you store in front of the encrypted content is irrelevant. Just know that, when you decrypt the file, the first N bytes are the IV and they should be read but not treated as a part of the encrypted content."



Thanks for the link, that really helped.

Decrypt a Acrobat created pdf with AES encryption is what i want to do. Two things are making it complex, one is the IV, which is a random one and cannot be read from the output unless we decrypt the content and the other is padding which makes it necessary that we know the length of the original content we are decrypting[since its a standard practice to store the IV at the beginning of the encrypted content as you pointed out]. Is there any way to have a logic in place to achieve decryption independent of these things?.


Edited by Dharini - 01 Feb 2012 at 10:02am
Back to Top
aandi View Drop Down
Senior Member
Senior Member


Joined: 07 Jul 2011
Points: 18358
Post Options Post Options   Quote aandi Quote  Post ReplyReply Direct Link To This Post Posted: 01 Feb 2012 at 12:22pm
No, the IV is the first bytes of the stream. That's it. No decryption is needed. Take off these bytes, you have the IV, now you decrypt the rest.
Back to Top
aandi View Drop Down
Senior Member
Senior Member


Joined: 07 Jul 2011
Points: 18358
Post Options Post Options   Quote aandi Quote  Post ReplyReply Direct Link To This Post Posted: 01 Feb 2012 at 12:46pm
The removal of padding is also a standard problem in AES or similar cyphers. The padding is created in such a way that the original length of the data can be derived. There is always at least 1 byte of padding, and the padding is not random, but contains data that can be used to work out the original length.
 
Some APIs will automatically remove padding and return the original stream data and length. Others return the padding, and you must inspect it. This is not a property of PDF, but of the API you use, and you'd need to check its documentation to see how padding is handling.
Back to Top
Dharini View Drop Down
New Member
New Member


Joined: 31 Jan 2012
Points: 7
Post Options Post Options   Quote Dharini Quote  Post ReplyReply Direct Link To This Post Posted: 02 Feb 2012 at 7:45am
Thanks a lot for the info so far aandi. I'll try using the IV from the encrypted output with different API's and see if it works.


Back to Top
Dharini View Drop Down
New Member
New Member


Joined: 31 Jan 2012
Points: 7
Post Options Post Options   Quote Dharini Quote  Post ReplyReply Direct Link To This Post Posted: 10 Feb 2012 at 12:34pm
Finally i could decrypt a pdf with AES 128 bit encryption. But now i am facing a strange problem with my decryption algorithm. I was using a 64 bit Windows7 machine for developement and have Acrobat Pro 8 installed. I created few pdfs in Acrobat and tested my decryption algorithm which was working as expected with all of them. And then just for the testing purpose i created a sample pdf in Acrobat 9, 32 bit WinXP system and tried decrypting the file in the same way. But the AES algorithm class(RijndaelManaged) which i am using started producing different outputs, even for the same inputs like, the string to be decrypted and the Key. So now my question is, is there any difference in the way the Acrobat handles encryption in 8 and 9 versions?.. Or is it a problem caused by the system configuration(32 and 64 bit)?  I would appreciate any inputs regarding this.


Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.10
Copyright ©2001-2017 Web Wiz Ltd.

This page was generated in 0.031 seconds.