PSPDFAESCryptoDataProvider


@interface PSPDFAESCryptoDataProvider : NSObject <PSPDFFileDataProviding>

This class allows a transparent decryption of AES256 encrypted files using the RNCryptor file format https://github.com/RNCryptor/RNCryptor-Spec/blob/master/RNCryptor-Spec-v3.md

Legacy PSPDFKit old file format is also supported. Use the provided encryption tool to prepare your documents.

Ensure your passphrase/salt are also protected within the binary, or at least obfuscated. Encryption marginally slows down rendering, since everything is decrypted on the fly.

If saving annotations to a file managed by a PSPDFAESCryptoDataProvider, the whole file will be re-written.

Note

The initializers will return nil if the strong encryption feature is not enabled, or if you pass an invalid parameter configuration.




-initWithURL:passphraseProvider:salt:rounds:

Designated initializer with the passphrase and salt. URL must be a file-based URL.

Declaration

Objective-C

- (nullable instancetype)initWithURL:(nonnull NSURL *)URL
                  passphraseProvider:
                      (nonnull NSString *_Nonnull (^)(void))passphraseProvider
                                salt:(nonnull NSString *)salt
                              rounds:(NSUInteger)rounds;

Swift

init?(url URL: URL, passphraseProvider: @escaping () -> String, salt: String, rounds: UInt)




-initWithURL:passphraseDataProvider:salt:rounds:

Initializer with the passphrase and salt as NSData rather than NSString. URL must be a file-based URL.

Declaration

Objective-C

- (nullable instancetype)initWithURL:(nonnull NSURL *)URL
              passphraseDataProvider:
                  (nonnull NSData *_Nonnull (^)(void))passphraseDataProvider
                                salt:(nonnull NSData *)saltData
                              rounds:(NSUInteger)rounds;

Swift

init?(url URL: URL, passphraseDataProvider: @escaping () -> Data, salt saltData: Data, rounds: UInt)

-initWithURL:passphraseProvider:
Designated initializer with the passphrase. Salt will be loaded from the header of the file format (see https://github.com/RNCryptor/RNCryptor-Spec/blob/master/RNCryptor-Spec-v3.md )

The default PRF is kCCPRFHmacAlgSHA1. The number of iterations will be the new default PSPDFAESDefaultPBKDFNumberOfRounds (10000) URL must be a file-based URL.
Declaration
Objective-C

- (nullable instancetype)initWithURL:(nonnull NSURL *)URL passphraseProvider: (nonnull NSString *_Nonnull (^)(void))passphraseProvider;
Swift

init?(url URL: URL, passphraseProvider: @escaping () -> String)




-initWithLegacyFileFormatURL:passphraseProvider:

Designated initializer with the passphrase and legacy file format PRF kCCPRFHmacAlgSHA256 and 50000 rounds.

Salt will be loaded from the header of the URL must be a file-based URL.

Declaration

Objective-C

- (nullable instancetype)initWithLegacyFileFormatURL:(nonnull NSURL *)URL
                                  passphraseProvider:
                                      (nonnull NSString *_Nonnull (^)(void))
                                          passphraseProvider;

Swift

init?(legacyFileFormatURL URL: URL, passphraseProvider: @escaping () -> String)

-initWithURL:binaryKeyProvider:
Designated initializer with a prepared, stretched, binary key.

Warning: only use this if the key is cryptographically random and of length kCCKeySizeAES256. The default PRF is kCCPRFHmacAlgSHA1. The default number of iterations is PSPDFAESDefaultPBKDFNumberOfRounds (10000). For legacy file format use kCCPRFHmacAlgSHA256 and 50000 rounds. URL must be a file-based URL.
Declaration
Objective-C

- (nullable instancetype)initWithURL:(nonnull NSURL *)URL binaryKeyProvider: (nonnull NSData *_Nonnull (^)(void))binaryKeyProvider;
Swift

init?(url URL: URL, binaryKeyProvider: @escaping () -> Data)
fileURL
The local file URL the data provider was initialized with.
Declaration
Objective-C

@property (readonly, nonatomic) NSURL *_Nonnull fileURL;
Swift

var fileURL: URL { get }