Package security

Overview ▾


const (
    // EventDocOpen is an event triggered when opening the document.
    EventDocOpen = AuthEvent("DocOpen")
    // EventEFOpen is an event triggered when accessing an embedded file.
    EventEFOpen = AuthEvent("EFOpen")
const (
    // PermOwner grants all permissions.
    PermOwner = Permissions(math.MaxUint32)

    // PermPrinting allows printing the document with a low quality.
    PermPrinting = Permissions(1 << 2)
    // PermModify allows to modify the document.
    PermModify = Permissions(1 << 3)
    // PermExtractGraphics allows to extract graphics from the document.
    PermExtractGraphics = Permissions(1 << 4)
    // PermAnnotate allows annotating the document.
    PermAnnotate = Permissions(1 << 5)
    // PermFillForms allow form filling, if annotation is disabled?  If annotation enabled, is not looked at.
    PermFillForms = Permissions(1 << 8)
    // PermDisabilityExtract allows to extract graphics in accessibility mode.
    PermDisabilityExtract = Permissions(1 << 9)
    // PermRotateInsert allows rotating, editing page order.
    PermRotateInsert = Permissions(1 << 10)
    // PermFullPrintQuality limits print quality (lowres), assuming Printing bit is set.
    PermFullPrintQuality = Permissions(1 << 11)

type AuthEvent

AuthEvent is an event type that triggers authentication.

type AuthEvent string

type Permissions

Permissions is a bitmask of access permissions for a PDF file.

type Permissions uint32

func (Permissions) Allowed

func (p Permissions) Allowed(p2 Permissions) bool

Allowed checks if a set of permissions can be granted.

type StdEncryptDict

StdEncryptDict is a set of additional fields used in standard encryption dictionary.

type StdEncryptDict struct {
    R int // (Required) A number specifying which revision of the standard security handler shall be used.

    P               Permissions
    EncryptMetadata bool // Indicates whether the document-level metadata stream shall be encrypted.

    O, U   []byte
    OE, UE []byte // R=6
    Perms  []byte // An encrypted copy of P (16 bytes). Used to verify permissions. R=6

type StdHandler

StdHandler is an interface for standard security handlers.

type StdHandler interface {
    // GenerateParams uses owner and user passwords to set encryption parameters and generate an encryption key.
    // It assumes that R, P and EncryptMetadata are already set.
    GenerateParams(d *StdEncryptDict, ownerPass, userPass []byte) ([]byte, error)

    // Authenticate uses encryption dictionary parameters and the password to calculate
    // the document encryption key. It also returns permissions that should be granted to a user.
    // In case of failed authentication, it returns empty key and zero permissions with no error.
    Authenticate(d *StdEncryptDict, pass []byte) ([]byte, Permissions, error)

func NewHandlerR4

func NewHandlerR4(id0 string, length int) StdHandler

NewHandlerR4 creates a new standard security handler for R<=4.

func NewHandlerR6

func NewHandlerR6() StdHandler

NewHandlerR6 creates a new standard security handler for R=5 and R=6.


Name Synopsis