Where is the PDF encryption key stored



  • Assuming you have the user protected PDF file. Using the password, the cryptographic key is generated and the file encrypted. Where is the key stored, is it on the RAM every time the file is opened?


  • QA Engineer

    I am not an expert on either the PDF spec or PDF readers, but I would guess the encryption / decryption key for a cipher like AES is derived from the password using a Password-Based Key Derivation Function such as PBKDF2, and that the password and key are only held in memory long enough to decrypt the document. After that you can zero out both the password and the key and only keep the decrypted document in memory.


    ... some googling later ...

    According to this old article describing the behaviour in PDF 1.3 (Acrobat 4.x -- 1999), it does seem to be the case that the content encryption key is derived on the fly from the password. I'm sure the ciphers and key lengths have since been updated to something more modern, but I would guess that the general scheme is the same.

    The encryption key is generated as follows:

    1. Pad the user password out to 32 bytes, using a hardcoded 32-byte string: 28 BF 4E 5E 4E 75 8A 41 64 00 4E 56 FF FA 01 08 2E 2E 00 B6 D0 68 3E 80 2F 0C A9 FE 64 53 69 7A If the user password is null, just use the entire padding string. (I.e., concatenate the user password and the padding string and take the first 32 bytes.)

    2. Append the hashed owner password (the /O entry above).

    3. Append the permissions (the /P entry), treated as a four-byte integer, LSB first.

    4. Append the file identifier (the /ID entry from the trailer dictionary). This is an arbitrary string of bytes; Adobe recommends that it be generated by MD5 hashing various pieces of information about the document.

    5. MD5 hash this string; the first 5 bytes of output are the encryption key. (This is a 40-bit key, presumably to meet US export regulations.)



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2