/**
* Encrypt the data
*
* @param string $data Data string to encrypt
* @param string $key Encryption key
* @param string $mode Default mode (openssl or mcrypt)
*
* @return string Encrypted data string.
*/
public function encrypt($data, $key, $mode = 'openssl')
{
if ($mode == 'openssl' && extension_loaded('openssl') && in_array('aes-256-cbc', openssl_get_cipher_methods())) {
return $this->encryptOpenSsl($data, $key);
}
if ($mode != 'raw' && function_exists('mcrypt_create_iv') && mcrypt_get_cipher_name(MCRYPT_RIJNDAEL_128) !== false) {
return $this->encryptMcrypt($data, $key);
}
throw new EncException('Either "openssl" PHP extension with "aes-256-cbc" cypher' . ' or "mcrypt" PHP extension with "MCRYPT_RIJNDAEL_128" cypher is required for AES encryption');
}
/**
* Set document protection
* Remark: the protection against modification is for people who have the full Acrobat product.
* If you don't set any password, the document will open as usual. If you set a user password, the PDF viewer will ask for it before displaying the document. The master password, if different from the user one, can be used to get full access.
* Note: protecting a document requires to encrypt it, which increases the processing time a lot. This can cause a PHP time-out in some cases, especially if the document contains images or fonts.
* @param $permissions (Array) the set of permissions (specify the ones you want to block):<ul><li>print : Print the document;</li><li>modify : Modify the contents of the document by operations other than those controlled by 'fill-forms', 'extract' and 'assemble';</li><li>copy : Copy or otherwise extract text and graphics from the document;</li><li>annot-forms : Add or modify text annotations, fill in interactive form fields, and, if 'modify' is also set, create or modify interactive form fields (including signature fields);</li><li>fill-forms : Fill in existing interactive form fields (including signature fields), even if 'annot-forms' is not specified;</li><li>extract : Extract text and graphics (in support of accessibility to users with disabilities or for other purposes);</li><li>assemble : Assemble the document (insert, rotate, or delete pages and create bookmarks or thumbnail images), even if 'modify' is not set;</li><li>print-high : Print the document to a representation from which a faithful digital copy of the PDF content could be generated. When this is not set, printing is limited to a low-level representation of the appearance, possibly of degraded quality.</li><li>owner : (inverted logic - only for public-key) when set permits change of encryption and enables all other permissions.</li></ul>
* @param $user_pass (String) user password. Empty by default.
* @param $owner_pass (String) owner password. If not specified, a random value is used.
* @param $mode (int) encryption strength: 0 = RC4 40 bit; 1 = RC4 128 bit; 2 = AES 128 bit; 3 = AES 256 bit.
* @param $pubkeys (String) array of recipients containing public-key certificates ('c') and permissions ('p'). For example: array(array('c' => 'file://../examples/data/cert/tcpdf.crt', 'p' => array('print')))
* @public
* @since 2.0.000 (2008-01-02)
* @author Nicola Asuni
*/
public function SetProtection($permissions = array('print', 'modify', 'copy', 'annot-forms', 'fill-forms', 'extract', 'assemble', 'print-high'), $user_pass = '', $owner_pass = null, $mode = 0, $pubkeys = null)
{
if ($this->pdfa_mode) {
// encryption is not allowed in PDF/A mode
return;
}
$this->encryptdata['protection'] = TCPDF_STATIC::getUserPermissionCode($permissions, $mode);
if ($pubkeys !== null and is_array($pubkeys)) {
// public-key mode
$this->encryptdata['pubkeys'] = $pubkeys;
if ($mode == 0) {
// public-Key Security requires at least 128 bit
$mode = 1;
}
if (!function_exists('openssl_pkcs7_encrypt')) {
$this->Error('Public-Key Security requires openssl library.');
}
// Set Public-Key filter (availabe are: Entrust.PPKEF, Adobe.PPKLite, Adobe.PubSec)
$this->encryptdata['pubkey'] = true;
$this->encryptdata['Filter'] = 'Adobe.PubSec';
$this->encryptdata['StmF'] = 'DefaultCryptFilter';
$this->encryptdata['StrF'] = 'DefaultCryptFilter';
} else {
// standard mode (password mode)
$this->encryptdata['pubkey'] = false;
$this->encryptdata['Filter'] = 'Standard';
$this->encryptdata['StmF'] = 'StdCF';
$this->encryptdata['StrF'] = 'StdCF';
}
if ($mode > 1) {
// AES
if (!extension_loaded('mcrypt')) {
$this->Error('AES encryption requires mcrypt library (http://www.php.net/manual/en/mcrypt.requirements.php).');
}
if (mcrypt_get_cipher_name(MCRYPT_RIJNDAEL_128) === false) {
$this->Error('AES encryption requires MCRYPT_RIJNDAEL_128 cypher.');
}
if ($mode == 3 and !function_exists('hash')) {
// the Hash extension requires no external libraries and is enabled by default as of PHP 5.1.2.
$this->Error('AES 256 encryption requires HASH Message Digest Framework (http://www.php.net/manual/en/book.hash.php).');
}
}
if ($owner_pass === null) {
$owner_pass = md5(TCPDF_STATIC::getRandomSeed());
}
$this->encryptdata['user_password'] = $user_pass;
$this->encryptdata['owner_password'] = $owner_pass;
$this->encryptdata['mode'] = $mode;
switch ($mode) {
case 0:
// RC4 40 bit
$this->encryptdata['V'] = 1;
$this->encryptdata['Length'] = 40;
$this->encryptdata['CF']['CFM'] = 'V2';
break;
case 1:
// RC4 128 bit
$this->encryptdata['V'] = 2;
$this->encryptdata['Length'] = 128;
$this->encryptdata['CF']['CFM'] = 'V2';
if ($this->encryptdata['pubkey']) {
$this->encryptdata['SubFilter'] = 'adbe.pkcs7.s4';
$this->encryptdata['Recipients'] = array();
}
break;
case 2:
// AES 128 bit
$this->encryptdata['V'] = 4;
$this->encryptdata['Length'] = 128;
$this->encryptdata['CF']['CFM'] = 'AESV2';
$this->encryptdata['CF']['Length'] = 128;
if ($this->encryptdata['pubkey']) {
$this->encryptdata['SubFilter'] = 'adbe.pkcs7.s5';
$this->encryptdata['Recipients'] = array();
}
break;
case 3:
// AES 256 bit
$this->encryptdata['V'] = 5;
$this->encryptdata['Length'] = 256;
$this->encryptdata['CF']['CFM'] = 'AESV3';
$this->encryptdata['CF']['Length'] = 256;
if ($this->encryptdata['pubkey']) {
$this->encryptdata['SubFilter'] = 'adbe.pkcs7.s5';
$this->encryptdata['Recipients'] = array();
}
break;
}
$this->encrypted = true;
$this->encryptdata['fileid'] = TCPDF_STATIC::convertHexStringToString($this->file_id);
$this->_generateencryptionkey();
}
/**
* Returns the name of the opened algorithm.
*
* @param McryptResource $td
* @return string
* @deprecated
*/
function mcrypt_enc_get_algorithms_name($td)
{
if (!td instanceof McryptResource) {
return false;
}
return mcrypt_get_cipher_name($td->getMode());
}
/**
* Set document protection
* Remark: the protection against modification is for people who have the full Acrobat product.
* If you don't set any password, the document will open as usual. If you set a user password, the PDF viewer will ask for it before displaying the document. The master password, if different from the user one, can be used to get full access.
* Note: protecting a document requires to encrypt it, which increases the processing time a lot. This can cause a PHP time-out in some cases, especially if the document contains images or fonts.
* @param Array $permissions the set of permissions (specify the ones you want to block):<ul><li>print : Print the document;</li><li>modify : Modify the contents of the document by operations other than those controlled by 'fill-forms', 'extract' and 'assemble';</li><li>copy : Copy or otherwise extract text and graphics from the document;</li><li>annot-forms : Add or modify text annotations, fill in interactive form fields, and, if 'modify' is also set, create or modify interactive form fields (including signature fields);</li><li>fill-forms : Fill in existing interactive form fields (including signature fields), even if 'annot-forms' is not specified;</li><li>extract : Extract text and graphics (in support of accessibility to users with disabilities or for other purposes);</li><li>assemble : Assemble the document (insert, rotate, or delete pages and create bookmarks or thumbnail images), even if 'modify' is not set;</li><li>print-high : Print the document to a representation from which a faithful digital copy of the PDF content could be generated. When this is not set, printing is limited to a low-level representation of the appearance, possibly of degraded quality.</li><li>owner : (inverted logic - only for public-key) when set permits change of encryption and enables all other permissions.</li></ul>
* @param String $user_pass user password. Empty by default.
* @param String $owner_pass owner password. If not specified, a random value is used.
* @param int $mode encryption strength: 0 = RC4 40 bit; 1 = RC4 128 bit; 2 = AES 128 bit.
* @param String $pubkeys array of recipients containing public-key certificates ('c') and permissions ('p'). For example: array(array('c' => 'file://../tcpdf.crt', 'p' => array('print')))
* @access public
* @since 2.0.000 (2008-01-02)
* @author Nicola Asuni
*/
public function SetProtection($permissions = array('print', 'modify', 'copy', 'annot-forms', 'fill-forms', 'extract', 'assemble', 'print-high'), $user_pass = '', $owner_pass = null, $mode = 0, $pubkeys = null)
{
$protection = $this->getUserPermissionCode($permissions, $mode);
if ($pubkeys !== null and is_array($pubkeys)) {
// public-key mode
$this->encryptdata['pubkeys'] = $pubkeys;
if ($mode == 0) {
// public-Key Security requires at least 128 bit
$mode = 1;
}
if (!function_exists('openssl_pkcs7_encrypt')) {
$this->Error('Public-Key Security requires openssl library.');
}
// Set Public-Key filter (availabe are: Entrust.PPKEF, Adobe.PPKLite, Adobe.PubSec)
$this->encryptdata['pubkey'] = true;
$this->encryptdata['Filter'] = 'Adobe.PubSec';
$this->encryptdata['StmF'] = 'DefaultCryptFilter';
$this->encryptdata['StrF'] = 'DefaultCryptFilter';
} else {
// standard mode (password mode)
$this->encryptdata['pubkey'] = false;
$this->encryptdata['Filter'] = 'Standard';
$this->encryptdata['StmF'] = 'StdCF';
$this->encryptdata['StrF'] = 'StdCF';
}
if ($mode > 1) {
// AES
if (!extension_loaded('mcrypt')) {
$this->Error('AES encryption requires mcrypt library.');
}
if (mcrypt_get_cipher_name(MCRYPT_RIJNDAEL_128) === false) {
$this->Error('AES encryption requires MCRYPT_RIJNDAEL_128 cypher.');
}
}
if ($owner_pass === null) {
$owner_pass = uniqid('' . rand());
}
$this->encryptdata['mode'] = $mode;
switch ($mode) {
case 0:
// RC4 40 bit
$this->encryptdata['V'] = 1;
$this->encryptdata['Length'] = 40;
$this->encryptdata['CF']['CFM'] = 'V2';
break;
case 1:
// RC4 128 bit
$this->encryptdata['V'] = 2;
$this->encryptdata['Length'] = 128;
$this->encryptdata['CF']['CFM'] = 'V2';
if ($this->encryptdata['pubkey']) {
$this->encryptdata['SubFilter'] = 'adbe.pkcs7.s4';
$this->encryptdata['Recipients'] = array();
}
break;
case 2:
// AES 128 bit
$this->encryptdata['V'] = 4;
$this->encryptdata['Length'] = 128;
$this->encryptdata['CF']['CFM'] = 'AESV2';
if ($this->encryptdata['pubkey']) {
$this->encryptdata['SubFilter'] = 'adbe.pkcs7.s5';
$this->encryptdata['Recipients'] = array();
}
break;
}
$this->encrypted = true;
$this->encryptdata['fileid'] = $this->convertHexStringToString($this->file_id);
$this->_generateencryptionkey($user_pass, $owner_pass, $protection);
}
<?php echo mcrypt_get_cipher_name(MCRYPT_RIJNDAEL_256) . "\n"; echo mcrypt_get_cipher_name(MCRYPT_RC2) . "\n"; echo mcrypt_get_cipher_name(MCRYPT_ARCFOUR) . "\n"; echo mcrypt_get_cipher_name(MCRYPT_WAKE) . "\n";
$key = "123456789012345678901234567890123456789012345678901234567890";
$CC = "4007000000027";
$encrypted = mcrypt_ecb(MCRYPT_RIJNDAEL_128, substr($key, 0, 32), $CC, MCRYPT_ENCRYPT, substr($key, 32, 16));
$decrypted = mcrypt_ecb(MCRYPT_RIJNDAEL_128, substr($key, 0, 32), $encrypted, MCRYPT_DECRYPT, substr($key, 32, 16));
VERIFY($encrypted !== $decrypted);
VS(trim((string) $decrypted), $CC);
//////////////////////////////////////////////////////////////////////
$key = "123456789012345678901234567890123456789012345678901234567890";
$CC = "4007000000027";
$encrypted = mcrypt_ofb(MCRYPT_RIJNDAEL_128, substr($key, 0, 32), $CC, MCRYPT_ENCRYPT, substr($key, 32, 16));
$decrypted = mcrypt_ofb(MCRYPT_RIJNDAEL_128, substr($key, 0, 32), $encrypted, MCRYPT_DECRYPT, substr($key, 32, 16));
VERIFY($encrypted !== $decrypted);
VS($decrypted, $CC);
//////////////////////////////////////////////////////////////////////
VS(mcrypt_get_block_size("tripledes", "ecb"), 8);
VS(mcrypt_get_cipher_name(MCRYPT_TRIPLEDES), "3DES");
VS(mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB), 16);
VS(mcrypt_get_iv_size("des", "ecb"), 8);
VS(mcrypt_get_key_size("tripledes", "ecb"), 24);
$td = mcrypt_module_open("cast-256", "", "cfb", "");
VS(mcrypt_enc_get_algorithms_name($td), "CAST-256");
$td = mcrypt_module_open("tripledes", "", "ecb", "");
VS(mcrypt_enc_get_block_size($td), 8);
$td = mcrypt_module_open("cast-256", "", "cfb", "");
VS(mcrypt_enc_get_iv_size($td), 16);
$td = mcrypt_module_open("tripledes", "", "ecb", "");
VS(mcrypt_enc_get_key_size($td), 24);
$td = mcrypt_module_open("cast-256", "", "cfb", "");
VS(mcrypt_enc_get_modes_name($td), "CFB");
$td = mcrypt_module_open("rijndael-256", "", "ecb", "");
VS(mcrypt_enc_get_supported_key_sizes($td), array(16, 24, 32));
