encryption

package
v0.0.0-...-ca13cad Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 5, 2026 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TokenBeginDictionary = "<<"
	TokenEndDictionary   = ">>"
)

Constants for PDF tokens

View Source 
const ValidBitsMask uint32 = 0b1_1111_1111_1000 // Hex: 0xFFF8

ValidBitsMask defines the valid bits (3-12) that can be set in the permissions flag. Bits outside this range are reserved and must be zero.

Variables

This section is empty.

Functions

func Encrypt 

func Encrypt(data, key []byte) ([]byte, error)

func EncryptECB 

func EncryptECB(data, key []byte) ([]byte, error)

func EncryptK1 

func EncryptK1(K1, key, iv []byte) ([]byte, error)

EncryptK1 helper function for backward compatibility.

func EncryptWithZeroIV 

func EncryptWithZeroIV(fileEncryptionKey, key []byte) ([]byte, error)

Helper function for backward compatibility - static method style

Types

type AES128 

type AES128 struct{}

AES128 provides methods for AES-128 encryption.

func (*AES128) EncryptK1 

func (a *AES128) EncryptK1(K1, key, iv []byte) ([]byte, error)

EncryptK1 encrypts K1 with AES-128-CBC, no padding.

K1: Data to encrypt (must be a multiple of 16 bytes). key: Exactly 16 bytes – the AES-128 key. iv: Exactly 16 bytes – the initialization vector. Returns: The ciphertext.

type AES256 

type AES256 struct{}

AES256 provides methods for AES-256 encryption in various modes.

func (*AES256) Encrypt 

func (a *AES256) Encrypt(data, key []byte) ([]byte, error)

Encrypt encrypts the provided data using AES-256 in CBC mode with a randomly generated IV. The resulting byte array is structured as: [16-byte IV][encrypted data].

data: The data to be encrypted. key: The 32-byte encryption key for AES-256. Returns: A byte array containing the IV prepended to the AES-256-CBC encrypted data.

func (*AES256) EncryptECB 

func (a *AES256) EncryptECB(data, key []byte) ([]byte, error)

EncryptECB encrypts data using AES-256 in ECB mode with zero IV and no padding. Required when encrypting the Perms (permissions).

data: The data to be encrypted. key: The 32-byte encryption key for AES-256. Returns: The encrypted data.

func (*AES256) EncryptWithZeroIV 

func (a *AES256) EncryptWithZeroIV(fileEncryptionKey, key []byte) ([]byte, error)

EncryptWithZeroIV encrypts a 32-byte File Encryption Key (FEK) with AES-256-CBC, using a zero IV and no padding.

fileEncryptionKey: 32-byte FEK to encrypt. key: 32-byte key used for AES-256 encryption. Returns: The encrypted 32-byte File Encryption Key.

type Encryption 

type Encryption struct {
	// contains filtered or unexported fields
}

Encryption handles PDF encryption functionality

func NewEncryption 

func NewEncryption(pdf PDF, passwords *Passwords, permissions *Permissions) (*Encryption, error)

NewEncryption creates a new encryption dictionary and adds it to the PDF

func (*Encryption) GetKey 

func (enc *Encryption) GetKey() []byte

GetKey returns the file encryption key

func (*Encryption) GetObjNumber 

func (enc *Encryption) GetObjNumber() int

GetObjNumber returns the object number

type Owner 

type Owner struct {
	O  []byte
	OE []byte
}

Owner represents owner password keys

type PDF 

type PDF interface {
	NewObj()
	Append(text string)
	EndObj()
	GetObjNumber() int
}

PDF interface represents the PDF document operations

type Passwords 

type Passwords struct {
	UserPassword  string
	OwnerPassword string
}

Passwords holds user and owner password information for PDF encryption. This version uses exported fields for more idiomatic Go access.

func NewPasswords 

func NewPasswords() *Passwords

NewPasswords creates a new instance of Passwords.

func (*Passwords) SetPasswords 

func (p *Passwords) SetPasswords(userPassword, ownerPassword string)

SetPasswords sets both user and owner passwords at once.

type Permissions 

type Permissions struct {
	// contains filtered or unexported fields
}

Permissions encapsulates the user access permissions for a PDF document as specified in ISO 32000-2, Table 22. Provides a type-safe interface to manipulate and query the permissions flags.

func NewPermissions 

func NewPermissions() *Permissions

NewPermissions creates a new instance of Permissions with no permissions granted.

func NewPermissionsFromInt 

func NewPermissionsFromInt(rawFlags int) *Permissions

NewPermissionsFromInt creates a new instance of Permissions from the raw 32-bit integer value found in the PDF encryption dictionary's /P key. Invalid bits (outside positions 3-12) are masked out.

func NewPermissionsFromUint32 

func NewPermissionsFromUint32(rawFlags uint32) *Permissions

NewPermissionsFromUint32 creates a new instance of Permissions from the raw 32-bit integer value found in the PDF encryption dictionary's /P key. Invalid bits (outside positions 3-12) are masked out.

func (*Permissions) CanAssembleDocument 

func (p *Permissions) CanAssembleDocument() bool

CanAssembleDocument returns true if the user can assemble the document (manipulate pages).

func (*Permissions) CanCopyContents 

func (p *Permissions) CanCopyContents() bool

CanCopyContents returns true if the user can copy or extract content.

func (*Permissions) CanExtractForAccessibility 

func (p *Permissions) CanExtractForAccessibility() bool

CanExtractForAccessibility returns true if the user can extract content for accessibility.

func (*Permissions) CanFillFormFields 

func (p *Permissions) CanFillFormFields() bool

CanFillFormFields returns true if the user can fill interactive form fields.

func (*Permissions) CanModifyAnnotations 

func (p *Permissions) CanModifyAnnotations() bool

CanModifyAnnotations returns true if the user can add or modify annotations and form fields. This is primarily for legacy PDF support.

func (*Permissions) CanModifyContents 

func (p *Permissions) CanModifyContents() bool

CanModifyContents returns true if the user can modify the document's contents.

func (*Permissions) CanPrint 

func (p *Permissions) CanPrint() bool

CanPrint returns true if the user can print the document (possibly at low quality, unless CanPrintHighQuality() is true).

func (*Permissions) CanPrintHighQuality 

func (p *Permissions) CanPrintHighQuality() bool

CanPrintHighQuality returns true if the user can print the document at high quality.

func (*Permissions) GetAccess 

func (p *Permissions) GetAccess() UserAccess

GetAccess returns the permissions as UserAccess flags

func (*Permissions) GetRawValue 

func (p *Permissions) GetRawValue() uint32

GetRawValue returns the raw 32-bit integer value of the permissions flags. This value is suitable for writing to the /P key in a PDF encryption dictionary. All reserved bits are guaranteed to be zero.

func (*Permissions) SetAccess 

func (p *Permissions) SetAccess(access UserAccess)

SetAccess sets the permissions using UserAccess flags

func (*Permissions) SetPermissions 

func (p *Permissions) SetPermissions(permissions UserAccess, grant bool)

SetPermissions sets or clears the specified permissions.

func (*Permissions) String 

func (p *Permissions) String() string

String returns a string that represents the current permissions for debugging purposes.

type User 

type User struct {
	U  []byte
	UE []byte
}

User represents user password keys

type UserAccess 

type UserAccess int

UserAccess represents the user access permissions for an encrypted PDF document as defined in ISO 32000-2 (PDF 2.0) Table 22. Permissions are stored as flags in a 32-bit integer. 

const (
	// None - No permissions are granted. This is the default state.
	// Reserved bits (0-2, 13-31) must be zero.
	None UserAccess = 0

	// Print - Permission to print the document (possibly not at the highest quality level,
	// depending on whether PrintHighQuality is also set).
	// (Bit position: 3)
	Print UserAccess = 1 << 3 // Decimal: 8

	// ModifyContents - Permission to modify the contents of the document by operations other than
	// those controlled by ModifyAnnotations, FillFormFields, and AssembleDocument.
	// (Bit position: 4)
	ModifyContents UserAccess = 1 << 4 // Decimal: 16

	// CopyContents - Permission to copy or otherwise extract text and graphics from the document,
	// including for accessibility purposes.
	// (Bit position: 5)
	CopyContents UserAccess = 1 << 5 // Decimal: 32

	// ModifyAnnotations - Permission to add, modify, or delete text annotations and interactive form fields.
	// Note: This permission is not used in PDF 2.0 but is retained for legacy support.
	// (Bit position: 6)
	ModifyAnnotations UserAccess = 1 << 6 // Decimal: 64

	// FillFormFields - Permission to fill existing interactive form fields (including signature fields),
	// even if ModifyContents is not set.
	// (Bit position: 9)
	FillFormFields UserAccess = 1 << 9 // Decimal: 512

	// ExtractContentsForAccessibility - Permission to extract text and graphics (in support of accessibility to
	// users with disabilities or for other purposes).
	// (Bit position: 10)
	ExtractContentsForAccessibility UserAccess = 1 << 10 // Decimal: 1024

	// AssembleDocument - Permission to assemble the document: insert, rotate, or delete pages and
	// create bookmarks or thumbnail images.
	// (Bit position: 11)
	AssembleDocument UserAccess = 1 << 11 // Decimal: 2048

	// PrintHighQuality - Permission to print the document to a representation from which a faithful
	// digital copy of the PDF content could be generated. When this bit is clear
	// (and Print is set), printing is limited to a low-level
	// representation of the appearance, possibly of degraded quality.
	// (Bit position: 12)
	PrintHighQuality UserAccess = 1 << 12 // Decimal: 4096
)

func (UserAccess) Add 

func (ua UserAccess) Add(permission UserAccess) UserAccess

Add adds the specified permission(s)

func (UserAccess) Has 

func (ua UserAccess) Has(permission UserAccess) bool

Has checks if the specified permission is set

func (UserAccess) Remove 

func (ua UserAccess) Remove(permission UserAccess) UserAccess

Remove removes the specified permission(s)

func (UserAccess) String 

func (ua UserAccess) String() string

String returns a string representation of the UserAccess flags

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.