PSPDFAESCryptoDataProvider

Objective-C


@interface PSPDFAESCryptoDataProvider : NSObject <PSPDFFileDataProviding>

Swift

class AESCryptoDataProvider : NSObject, FileDataProviding

This class allows a transparent decryption of AES256 encrypted files using the RNCryptor file format https://github.com/RNCryptor/RNCryptor-Spec/blob/master/RNCryptor-Spec-v3.md

Legacy PSPDFKit old file format is also supported. Use the provided encryption tool to prepare your documents.

Ensure your passphrase/salt are also protected within the binary, or at least obfuscated. Encryption marginally slows down rendering, since everything is decrypted on the fly.

If saving annotations to a file managed by a PSPDFAESCryptoDataProvider, the whole file will be re-written.

Note

The initializers will return nil if the strong encryption feature is not enabled, or if you pass an invalid parameter configuration.






-initWithURL:passphraseProvider:salt:rounds:

Designated initializer with the passphrase and salt. URL must be a file-based URL.

Declaration

Objective-C

- (nullable instancetype)initWithURL:(nonnull NSURL *)URL
                  passphraseProvider:
                      (nonnull NSString *_Nonnull (^)(void))passphraseProvider
                                salt:(nonnull NSString *)salt
                              rounds:(NSUInteger)rounds;

Swift

init?(url URL: URL, passphraseProvider: @escaping () -> String, salt: String, rounds: UInt)






-initWithURL:passphraseDataProvider:salt:rounds:

Initializer with the passphrase and salt as NSData rather than NSString. URL must be a file-based URL.

Declaration

Objective-C

- (nullable instancetype)initWithURL:(nonnull NSURL *)URL
              passphraseDataProvider:
                  (nonnull NSData *_Nonnull (^)(void))passphraseDataProvider
                                salt:(nonnull NSData *)saltData
                              rounds:(NSUInteger)rounds;

Swift

init?(url URL: URL, passphraseDataProvider: @escaping () -> Data, salt saltData: Data, rounds: UInt)

-initWithURL:passphraseProvider:
Designated initializer with the passphrase. Salt will be loaded from the header of the file format (see https://github.com/RNCryptor/RNCryptor-Spec/blob/master/RNCryptor-Spec-v3.md )

The default PRF is kCCPRFHmacAlgSHA1. The number of iterations will be the new default PSPDFAESDefaultPBKDFNumberOfRounds (10000) URL must be a file-based URL.
Declaration
Objective-C

- (nullable instancetype)initWithURL:(nonnull NSURL *)URL passphraseProvider: (nonnull NSString *_Nonnull (^)(void))passphraseProvider;
Swift

init?(url URL: URL, passphraseProvider: @escaping () -> String)






-initWithLegacyFileFormatURL:passphraseProvider:

Designated initializer with the passphrase and legacy file format PRF kCCPRFHmacAlgSHA256 and 50000 rounds.

Salt will be loaded from the header of the URL must be a file-based URL.

Declaration

Objective-C

- (nullable instancetype)initWithLegacyFileFormatURL:(nonnull NSURL *)URL
                                  passphraseProvider:
                                      (nonnull NSString *_Nonnull (^)(void))
                                          passphraseProvider;

Swift

init?(legacyFileFormatURL URL: URL, passphraseProvider: @escaping () -> String)

-initWithURL:binaryKeyProvider:
Designated initializer with a prepared, stretched, binary key.

Warning: only use this if the key is cryptographically random and of length kCCKeySizeAES256. The default PRF is kCCPRFHmacAlgSHA1. The default number of iterations is PSPDFAESDefaultPBKDFNumberOfRounds (10000). For legacy file format use kCCPRFHmacAlgSHA256 and 50000 rounds. URL must be a file-based URL.
Declaration
Objective-C

- (nullable instancetype)initWithURL:(nonnull NSURL *)URL binaryKeyProvider: (nonnull NSData *_Nonnull (^)(void))binaryKeyProvider;
Swift

init?(url URL: URL, binaryKeyProvider: @escaping () -> Data)
fileURL
The local file URL the data provider was initialized with.
Declaration
Objective-C

@property (nonatomic, readonly) NSURL *_Nonnull fileURL;
Swift

var fileURL: URL { get }

Implementations of optional protocol methods






-createDataSinkWithOptions:error:

Creates a new AESCryptoDataSink with the receiver’s UID and the given options.

This call never fails.

Declaration

Objective-C

- (nonnull id<PSPDFDataSink>)
    createDataSinkWithOptions:(PSPDFDataSinkOptions)options
                        error:(NSError *_Nullable *_Nullable)error;

Swift

func createDataSink(options: DataSinkOptions = []) throws -> DataSink






-replaceContentsWithDataSink:error:

Replaces the file at fileURL with the contents of replacementDataSink.

Warning

This method raises an exception if replacementDataSink is not an instance of AESCryptoDataSink, or if replacementDataSink.isFinished is false. or you forgot to call finish on it before passing it.

Declaration

Objective-C

- (BOOL)replaceContentsWithDataSink:
            (nonnull id<PSPDFDataSink>)replacementDataSink
                              error:(NSError *_Nullable *_Nullable)error;

Swift

func replaceContents(with replacementDataSink: DataSink) throws

Parameters

`replacementDataSink`	An instance of `AESCryptoDataSink`, typically created by calling `createDataSink(options:)`.
`error`	A pointer to populate with an error IFF replacing the receiver’s content fails.

-deleteDataWithError:
Removes the file at fileURL.

This method fails if the filesystem item at fileURL cannot be removed.
Declaration
Objective-C

- (BOOL)deleteDataWithError:(NSError *_Nullable *_Nullable)error;
Swift

func deleteData() throws






-useDiskCache

Returns false

Declaration

Objective-C

- (BOOL)useDiskCache;

Swift

func useDiskCache() -> Bool