安全 (Security)
福昕 PDF SDK 提供了一系列加密和解密功能,以满足不同级别的文档安全保护。用户可以使用常规密码加密和证书驱动加密,或使用自己的安全处理机制来自定义安全实现。另外,福昕 PDF SDK 还提供了 APIs 用于集成第三方安全技术 (Microsoft RMS),允许开发人员使用 Microsoft RMS SDK 加密和解密 PDF 文档。
提示
- 有关 RMS 加密和解密更详细的信息,请参考 SDK 包中
\examples\simple_demo文件夹下的security示例。
使用证书加密 PDF 文件
c++
#include "include/pdf/fs_pdfdoc.h"
#include "include/pdf/fs_security.h"
using namespace foxit;
using namespace foxit::common;
using foxit::common::Library;
using namespace pdf;
...
PDFDoc doc(input_file);
ErrorCode error_code = doc.Load();
if (error_code != foxit::e_ErrSuccess) {
return false;
}
// Do encryption.
StringArray envelopes;
String initial_key;
WString cert_file_path = input_path + L"foxit.cer";
if (!GetCertificateInfo((const char*)String::FromUnicode(cert_file_path), envelopes, initial_key, true, 16)) {
return false;
}
CertificateSecurityHandler handler;
CertificateEncryptData encrypt_data(true, SecurityHandler::e_CipherAES, envelopes);
handler.Initialize(encrypt_data, initial_key);
doc.SetSecurityHandler(handler);
WString output_file = output_directory + L"certificate_encrypt.pdf";
doc.SaveAs(output_file, PDFDoc::e_SaveFlagNoOriginal);
...C
#include "include/fs_basictypes_c.h"
#include "include/fs_pdfdoc_c.h"
#include "include/fs_security_c.h"
...
char* wstring2string(const wchar_t *source, size_t source_size, char *dest, size_t dest_size) {
char* curLocale = setlocale(LC_ALL, NULL);
setlocale(LC_ALL, "chs");
memset(dest, 0, dest_size);
wcstombs(dest, source, dest_size);
setlocale(LC_ALL, "C");
return dest;
}
...
FS_PDFDOC_HANDLE doc;
FSDK_PDFDoc_Create0(input_file, &doc);
FSErrorCode error_code = FSDK_PDFDoc_Load(doc, NULL);
if (error_code != e_FSErrSuccess) {
FSDK_PDFDoc_Release(doc);
return false;
}
// Do encryption.
int envelopeslength = 1;
FS_BSTR* envelopes = malloc( envelopeslength * sizeof(FS_BSTR));
FS_BSTR initial_key;
wchar_t cert_file_path[MAX_FILE_PATH];
swprintf_s(cert_file_path, MAX_FILE_PATH, L"%lsfoxit.cer", input_path);
char c_cert_file_path[MAX_FILE_PATH];
wstring2string(cert_file_path, wcslen(cert_file_path), c_cert_file_path, MAX_FILE_PATH)
if (!GetCertificateInfo((const char*)c_cert_file_path , envelopes, envelopeslength, initial_key, true, 16)) {
return false;
}
FS_CERTIFICATESECURITYHANDLER_HANDLE handler;
FSDK_CertificateSecurityHandler_Create(&handler);
FSCertificateEncryptData encrypt_data;
encrypt_data.cipher = e_FSCipherAES;
encrypt_data.is_encrypt_metadata = true;
encrypt_data.envelopes = envelopes;
encrypt_data.envelopes_length = envelopeslength;
FS_BOOL result;
FSDK_CertificateSecurityHandler_Initialize(handler, encrypt_data, initial_key.str, &result);
free(envelopes);
FSDK_PDFDoc_SetSecurityHandler(doc, handler, &result);
wchar_t output_file[MAX_FILE_PATH];
swprintf_s(output_file, MAX_FILE_PATH, L"%lscertificate_encrypt.pdf ", input_path);
FSDK_PDFDoc_SaveAs(doc, output_file, e_FSSaveFlagNoOriginal, &result);
...java
import com.foxit.sdk.pdf.CertificateEncryptData;
import com.foxit.sdk.pdf.CertificateSecurityCallback;
import com.foxit.sdk.pdf.CertificateSecurityHandler;
import java.io.File;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Random;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.util.Enumeration;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import javax.crypto.Cipher;
...
// Assuming PDFDoc doc has been loaded.
...
public static Key getPublicKey(String cerPath) {
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
FileInputStream stream = new FileInputStream(cerPath);
java.security.cert.Certificate certificate = certificateFactory.generateCertificate(stream);
stream.close();
return certificate.getPublicKey();
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
private static byte[] cryptByKey(byte[] inputData, Key key, int opmode) {
if (inputData == null) return null;
// The max length of decrypted byte array: 128
final int max_crypt_block = 128;
try {
Cipher cipher = Cipher.getInstance(key.getAlgorithm());
cipher.init(opmode, key);
int len = inputData.length;
ByteArrayOutputStream stream = new ByteArrayOutputStream();
int offSet = 0;
byte[] data;
// Decrypt data segment by segment
while (len > offSet) {
data = cipher.doFinal(inputData, offSet,
(len - offSet > max_crypt_block) ? max_crypt_block : (len - offSet));
stream.write(data, 0, data.length);
offSet += max_crypt_block;
}
byte[] outputData = stream.toByteArray();
stream.close();
return outputData;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static byte[] encryptByKey(byte[] plainData, Key key) {
return cryptByKey(plainData, key, Cipher.ENCRYPT_MODE);
}
public class CertificateSecurityEvent extends CertificateSecurityCallback {
private String filePath;
private String password;
public CertificateSecurityEvent(String filePath, String password) {
this.filePath = filePath;
this.password = password;
}
@Override
public void release() {}
@Override
public byte[] getDecryptionKey(byte[] arg0) {
return CryptUtil.decryptByKey(arg0, CryptUtil.getPrivateKey(filePath, password));
}
}
Random rand = new Random(23);
byte[] seed = new byte[24];
rand.nextBytes(seed);
for (int i = 20; i < 24; i++) {
seed[i] = (byte) 0xFF;
}
PDFDoc doc = new PDFDoc(input_file);
int error_code = doc.load(null);
if (error_code != e_ErrSuccess) {
System.out.println("The Doc " + input_file + " Error: " + error_code);
return;
}
// Do encryption.
String cert_file_path = input_path + "foxit.cer";
ArrayList<byte[]> envelopes = new ArrayList<byte[]>();
byte[] bytes=null;
try {
bytes = CryptUtil.encryptByKey(seed, CryptUtil.getPublicKey(cert_file_path));
envelopes.add(bytes);
} catch (Exception e) {
System.out.println("[Failed] Cannot get certificate information from " + cert_file_path);
return;
}
byte[] data=new byte[20+bytes.length];
System.arraycopy(seed, 0, data, 0, 20);
System.arraycopy(bytes, 0, data, 20, bytes.length);
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
messageDigest.update(data);
byte[] initial_key = new byte[16];
System.arraycopy(messageDigest.digest(),0,initial_key,0,16);
CertificateSecurityHandler handler = new CertificateSecurityHandler();
CertificateEncryptData encrypt_data = new CertificateEncryptData(true, SecurityHandler.e_CipherAES, envelopes);
handler.initialize(encrypt_data, initial_key);
doc.setSecurityHandler(handler);
String output_file = output_directory + "certificate_encrypt.pdf";
doc.saveAs(output_file, PDFDoc.e_SaveFlagNoOriginal);
...py
import sys
import site
if sys.version_info.major == 2:
_PYTHON2_ = True
else:
_PYTHON2_ = False
if _PYTHON2_:
#replace with the python2 lib path
site.addsitedir('../../../')
from FoxitPDFSDKPython2 import *
else:
from FoxitPDFSDKPython3 import *
...
doc = PDFDoc(input_file)
error_code = doc.Load()
if error_code != e_ErrSuccess:
return False
# Do encryption.
envelopes = StringArray()
initial_key = ""
cert_file_path = input_path + "foxit.cer"
if not GetCertificateInfo(cert_file_path, envelopes, initial_key, True, 16):
return False
handler = CertificateSecurityHandler()
encrypt_data = CertificateEncryptData(True, SecurityHandler.e_CipherAES, envelopes)
handler.Initialize(encrypt_data, initial_key)
doc.SetSecurityHandler(handler)
output_file = output_directory + "certificate_encrypt.pdf"
doc.SaveAs(output_file, PDFDoc.e_SaveFlagNoOriginal)objc
#include "FSPDFObjC.h"
...
FSPDFDoc *doc = [[FSPDFDoc alloc] initWithPath:input_file];
FSErrorCode code = [doc load:nil];
if (code != FSErrSuccess) {
return -1;
}
// Do encryption.
NSMutableArray<NSData *> *envelopes = @[].mutableCopy;
NSMutableData *initial_key = [NSMutableData new];
NSString *cert_file_path = [input_path stringByAppendingPathComponent:@"foxit.cer"];
// GetCertificateInfo is implemented in user side to get information from certificate file.
if (!GetCertificateInfo(cert_file_path, envelopes, initial_key, true, 16)) {
return -1;
}
FSCertificateSecurityHandler *handler = [[FSCertificateSecurityHandler alloc] init];
FSCertificateEncryptData *encrypt_data = [[FSCertificateEncryptData alloc] initWithIs_encrypt_metadata:YES cipher:FSSecurityHandlerCipherAES envelopes:envelopes];
[handler initialize:encrypt_data encrypt_key:initial_key];
[doc setSecurityHandler:handler];
NSString *output_file = [output_directory stringByAppendingPathComponent:@"certificate_encrypt.pdf"];
[doc saveAs:output_file save_flags:FSPDFDocSaveFlagNoOriginal];
...csharp
using foxit.common;
using foxit.pdf;
...
PDFDoc doc = new PDFDoc(input_file);
ErrorCode error_code = doc.Load(null);
if (error_code != ErrorCode.e_ErrSuccess){
return;
}
// Do encryption.
string cert_file_path = input_path + "foxit.cer";
var cms = new EnvelopedCms(new ContentInfo(seed));
cms.ContentEncryptionAlgorithm.Oid.Value = "1.2.840.113549.3.4";
cms.Encrypt(new CmsRecipient(new X509Certificate2(cert_file_path)));
byte[] bytes = cms.Encode();
byte[] data = new byte[20 + bytes.Length];
Array.Copy(seed, 0, data, 0, 20);
Array.Copy(bytes, 0, data, 20, bytes.Length);
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] initial_key = new byte[16];
Array.Copy(sha1.ComputeHash(data), initial_key, initial_key.Length);
byte[][] bytes_array = new byte[1][];
bytes_array[0] = bytes;
var handler = new CertificateSecurityHandler()
var encrypt_data = new CertificateEncryptData()
encrypt_data.Set(true, SecurityHandler.CipherType.e_CipherAES, bytes_array);
handler.Initialize(encrypt_data, initial_key);
doc.SetSecurityHandler(handler);
doc.SaveAs(output_file, (int)PDFDoc.SaveFlags.e_SaveFlagNormal);
...使用 福昕 DRM 加密 PDF 文件
c++
#include "include/pdf/fs_pdfdoc.h"
#include "include/pdf/fs_security.h"
using namespace foxit;
using namespace foxit::common;
using foxit::common::Library;
using namespace pdf;
...
PDFDoc doc(input_file);
ErrorCode error_code = doc.Load();
if (error_code != foxit::e_ErrSuccess) {
return false;
}
// Do encryption.
DRMSecurityHandler handler = DRMSecurityHandler();
const char* file_id = "Simple-DRM-file-ID";
String initialize_key = "Simple-DRM-initialize-key";
DRMEncryptData encrypt_data(true, "Simple-DRM-filter", SecurityHandler::e_CipherAES, 16, true, 0xfffffffc);
handler.Initialize(encrypt_data, file_id, initialize_key);
doc.SetSecurityHandler(handler);
WString output_file = output_directory + L"foxit_drm_encrypt.pdf";
doc.SaveAs(output_file, PDFDoc::e_SaveFlagNoOriginal);
...C
#include "include/fs_basictypes_c.h"
#include "include/fs_pdfdoc_c.h"
#include "include/fs_security_c.h"
...
FS_PDFDOC_HANDLE doc;
FSDK_PDFDoc_Create0(input_file, &doc);
FSErrorCode error_code = FSDK_PDFDoc_Load(doc, NULL);
if (error_code != e_FSErrSuccess) {
FSDK_PDFDoc_Release(doc);
return false;
}
// Do encryption.
FS_DRMSECURITYHANDLER_HANDLE handler;
FSDK_DRMSecurityHandler_Create(&handler);
const char* file_id = "Simple-DRM-file-ID";
const char* initialize_key = "Simple-DRM-initialize-key";
FSDRMEncryptData encrypt_data;
encrypt_data.is_encrypt_metadata = true;
encrypt_data.cipher = e_FSCipherAES;
encrypt_data.is_owner = true;
encrypt_data.key_length = 16;
encrypt_data.sub_filter.str = "Simple-DRM-filter";
encrypt_data.sub_filter.len = strlen("Simple-DRM-filter");
encrypt_data.user_permissions = 0xfffffffc;
FS_BOOL result;
FSDK_DRMSecurityHandler_Initialize(handler, encrypt_data, file_id, initialize_key &result);
FSDK_PDFDoc_SetSecurityHandler(doc, handler, &result);
wchar_t output_file[MAX_FILE_PATH];
swprintf_s(output_file, MAX_FILE_PATH, L"%lsfoxit_drm_encrypt.pdf", output_directory);
FSDK_PDFDoc_SaveAs(doc, output_file, e_FSSaveFlagNoOriginal, &result);
FSDK_PDFDoc_Release(doc);
...java
import com.foxit.sdk.pdf.DRMSecurityCallback;
import com.foxit.sdk.pdf.PDFDoc;
import com.foxit.sdk.pdf.SecurityHandler;
...
public class DRMSecurityEvent extends DRMSecurityCallback {
private String fileID;
private byte[] initialKey;
public DRMSecurityEvent(String fileID, byte[] initialKey) {
this.fileID = fileID;
this.initialKey = initialKey;
}
@Override
public void release() {}
@Override
public int getCipherType(PDFDoc arg0, String arg1) {
return SecurityHandler.e_CipherAES;
}
@Override
public String getFileID(PDFDoc arg0, String arg1) {
return fileID;
}
@Override
public byte[] getInitialKey(PDFDoc arg0, String arg1) {
return initialKey;
}
@Override
public int getKeyLength(PDFDoc arg0, String arg1) {
return 16;
}
@Override
public int getUserPermissions(PDFDoc arg0, String arg1) {
return 0xFFFFFFFC;
}
@Override
public boolean isOwner(PDFDoc arg0, String arg1) {
return true;
}
}
PDFDoc doc = new PDFDoc(input_file);
int error_code = doc.load(null);
if (error_code != e_ErrSuccess) {
return;
}
// Do encryption.
DRMSecurityHandler handler = new DRMSecurityHandler();
String file_id = "Simple-DRM-file-ID";
String initialize_key = "Simple-DRM-initialize-key";
DRMEncryptData encrypt_data = new DRMEncryptData(true, "Simple-DRM-filter", SecurityHandler.e_CipherAES, 16, true, 0xfffffffc);
handler.initialize(encrypt_data, file_id, initialize_key);
doc.setSecurityHandler(handler);
String output_file = output_directory + "foxit_drm_encrypt.pdf";
doc.saveAs(output_file, PDFDoc.e_SaveFlagNoOriginal);
...py
import sys
import site
if sys.version_info.major == 2:
_PYTHON2_ = True
else:
_PYTHON2_ = False
if _PYTHON2_:
#replace with the python2 lib path
site.addsitedir('../../../')
from FoxitPDFSDKPython2 import *
else:
from FoxitPDFSDKPython3 import *
...
doc = PDFDoc(input_file)
error_code = doc.Load()
if error_code != e_ErrSuccess:
return False
# Do encryption.
handler = DRMSecurityHandler()
file_id = "Simple-DRM-file-ID"
initialize_key = "Simple-DRM-initialize-key"
encrypt_data = DRMEncryptData(True, "Simple-DRM-filter", SecurityHandler.e_CipherAES, 16, true, 0xfffffffc)
handler.Initialize(encrypt_data, file_id, initialize_key)
doc.SetSecurityHandler(handler)
output_file = output_directory + "foxit_drm_encrypt.pdf"
doc.SaveAs(output_file, PDFDoc.e_SaveFlagNoOriginal)objc
#include "FSPDFObjC.h"
...
FSPDFDoc *doc = [[FSPDFDoc alloc] initWithPath:input_file];
FSErrorCode code = [doc load:nil];
if (code != FSErrSuccess) {
return -1;
}
// Do encryption.
FSDRMSecurityHandler *handler = [[FSDRMSecurityHandler alloc] init];
NSString *file_id = @"Simple-DRM-file-ID";
NSData *initialize_key = [@"Simple-DRM-initialize-key" dataUsingEncoding:NSUTF8StringEncoding];
FSDRMEncryptData *encrypt_data = [[FSDRMEncryptData alloc] initWithIs_encrypt_metadata:TRUE sub_filter:@"Simple-DRM-filter" cipher:FSSecurityHandlerCipherAES key_length:16 is_owner:YES user_permissions:0xfffffffc];
[handler initialize:encrypt_data file_id:file_id initial_key:initialize_key];
[doc setSecurityHandler:handler];
NSString *output_file = [output_directory stringByAppendingPathComponent:@"foxit_drm_encrypt.pdf"];
[doc saveAs:output_file save_flags:FSPDFDocSaveFlagNoOriginal];
...js
const FSDK = require("@foxitsoftware/foxit-pdf-sdk-node");
...
let doc = new FSDK.PDFDoc(input_file);
let error_code = doc.Load("");
if (error_code != FSDK.e_ErrSuccess) {
console.log("The Doc [%s] Error: %d\n", input_file, error_code);
return false;
}
// Do encryption.
let handler = new FSDK.DRMSecurityHandler();
let file_id = "Simple-DRM-file-ID";
let initialize_key = "Simple-DRM-initialize-key";
let encrypt_data = new FSDK.DRMEncryptData(true, "Simple-DRM-filter", FSDK.SecurityHandler.e_CipherAES, 16, true, 0xfffffffc);
handler.Initialize(encrypt_data, file_id, initialize_key);
doc.SetSecurityHandler(handler);
let output_file = output_directory + "foxit_drm_encrypt.pdf";
doc.SaveAs(output_file, FSDK.PDFDoc.e_SaveFlagNoOriginal);csharp
using foxit.common;
using foxit.pdf;
...
PDFDoc doc = new PDFDoc(input_file);
ErrorCode error_code = doc.Load(null);
if (error_code != ErrorCode.e_ErrSuccess){
return;
}
// Do encryption.
var handler = new DRMSecurityHandler();
var encrypt_data = new DRMEncryptData(true,"Simple-DRM-filter", SecurityHandler.CipherType.e_CipherAES, 16, true, -4);
string file_id = "Simple-DRM-file-ID";
string initialize_key = "Simple-DRM-initialize-key";
handler.Initialize(encrypt_data, file_id, initialize_key);
doc.SetSecurityHandler(handler);
doc.SaveAs(output_file, (int)PDFDoc.SaveFlags.e_SaveFlagNormal);
...