PSPDFAESCryptoDataProvider
@interface PSPDFAESCryptoDataProvider : NSObject <PSPDFFileDataProviding>
This class allows a transparent decryption of AES256 encrypted files using the RNCryptor file format https://github.com/RNCryptor/RNCryptor-Spec/blob/master/RNCryptor-Spec-v3.md
Legacy PSPDFKit old file format is also supported. Use the provided encryption tool to prepare your documents.
Ensure your passphrase/salt are also protected within the binary, or at least obfuscated. Encryption marginally slows down rendering, since everything is decrypted on the fly.
If saving annotations to a file managed by a PSPDFAESCryptoDataProvider
, the whole file
will be re-written.
Note
The initializers will return nil if the strong encryption feature is not enabled, or if you pass an invalid parameter configuration.-
Designated initializer with the passphrase and salt. URL must be a file-based URL.
Declaration
Objective-C
- (nullable instancetype)initWithURL:(nonnull NSURL *)URL passphraseProvider: (nonnull NSString *_Nonnull (^)(void))passphraseProvider salt:(nonnull NSString *)salt rounds:(NSUInteger)rounds;
Swift
init?(url URL: URL, passphraseProvider: @escaping () -> String, salt: String, rounds: UInt)
-
Initializer with the passphrase and salt as NSData rather than NSString. URL must be a file-based URL.
Declaration
Objective-C
- (nullable instancetype)initWithURL:(nonnull NSURL *)URL passphraseDataProvider: (nonnull NSData *_Nonnull (^)(void))passphraseDataProvider salt:(nonnull NSData *)saltData rounds:(NSUInteger)rounds;
Swift
init?(url URL: URL, passphraseDataProvider: @escaping () -> Data, salt saltData: Data, rounds: UInt)
-
Designated initializer with the passphrase. Salt will be loaded from the header of the file format (see https://github.com/RNCryptor/RNCryptor-Spec/blob/master/RNCryptor-Spec-v3.md )
The default PRF is kCCPRFHmacAlgSHA1. The number of iterations will be the new default PSPDFAESDefaultPBKDFNumberOfRounds (10000) URL must be a file-based URL.
Declaration
Objective-C
- (nullable instancetype)initWithURL:(nonnull NSURL *)URL passphraseProvider: (nonnull NSString *_Nonnull (^)(void))passphraseProvider;
Swift
init?(url URL: URL, passphraseProvider: @escaping () -> String)
-
Designated initializer with the passphrase and legacy file format PRF kCCPRFHmacAlgSHA256 and 50000 rounds.
Salt will be loaded from the header of the URL must be a file-based URL.
Declaration
Objective-C
- (nullable instancetype)initWithLegacyFileFormatURL:(nonnull NSURL *)URL passphraseProvider: (nonnull NSString *_Nonnull (^)(void)) passphraseProvider;
Swift
init?(legacyFileFormatURL URL: URL, passphraseProvider: @escaping () -> String)
-
Designated initializer with a prepared, stretched, binary key.
Warning: only use this if the key is cryptographically random and of length
kCCKeySizeAES256
. The default PRF iskCCPRFHmacAlgSHA1
. The default number of iterations isPSPDFAESDefaultPBKDFNumberOfRounds
(10000). For legacy file format usekCCPRFHmacAlgSHA256
and 50000 rounds. URL must be a file-based URL.Declaration
Objective-C
- (nullable instancetype)initWithURL:(nonnull NSURL *)URL binaryKeyProvider: (nonnull NSData *_Nonnull (^)(void))binaryKeyProvider;
Swift
init?(url URL: URL, binaryKeyProvider: @escaping () -> Data)
-
The local file URL the data provider was initialized with.
Declaration
Objective-C
@property (readonly, nonatomic) NSURL *_Nonnull fileURL;
Swift
var fileURL: URL { get }