AES Data Provider

The AesDataProvider we ship with our Catalog example app allows you to efficiently read and write encrypted PDF documents in your app. The data format expected by the data provider is structured like this:

1
2
Byte:     | 0-15 |     16 - n    |
Contents: |  IV  | Encrypted PDF |

In the above table, the first 16 bytes contain the Initialization Vector (IV), while the AES256-CTR encrypted PDF starts at byte offset 16.

How to Encrypt Files

Using openssl, you can easily encrypt PDF files so that they can be used by the AesDataProvider.

  1. You need a key to encrypt your files with. We’ll use the following values.
  • Hex: 110425c3748d6c1c1bc644a2d63c3089be01e17a9eb0254366ff4b7edb261355
  • Base64: EQQlw3SNbBwbxkSi1jwwib4B4XqesCVDZv9LftsmE1U=
  1. For every file you encrypt, you need to choose a new IV. This is used to make sure that encrypting the same file with the same key multiple times doesn’t result in the same encrypted file. We’ll use the following.
  • Hex: 97dad56befad54731ea696d2fd39a6d3
  • Base64: l9rVa++tVHMeppbS/Tmm0w==
  1. Start by writing the IV to your output file:
  • openssl enc -base64 -d <<< l9rVa++tVHMeppbS/Tmm0w== >> encrypted.pdf
  1. Then append the encrypted document to your output file:
  • openssl enc -aes-256-ctr -iv 97DAD56BEFAD54731EA696D2FD39A6D3 -K 110425c3748d6c1c1bc644a2d63c3089be01e17a9eb0254366ff4b7edb261355 -in source.pdf >> encrypted.pdf

How to Decrypt Files

You can decrypt your PDF in PSPDFKit with the AesDataProvider using the Base64 key you used to encrypt it:

Copy
1
2
3
4
5
6
private static final String ecnryptedPDF = "/sdcard/encrypted.pdf";

// This is the 256-bit AES encryption key stored encoded as Base64. In production apps, this should be secured!
private static final String base64Key = "EQQlw3SNbBwbxkSi1jwwib4B4XqesCVDZv9LftsmE1U=";

AesDataProvider provider = new AesDataProvider(ecnryptedPDF, base64Key);
Copy
1
2
3
4
5
6
const val ecnryptedPDF = "/sdcard/encrypted.pdf"

// This is the 256-bit AES encryption key stored encoded as Base64. In production apps, this should be secured!
const val base64Key = "EQQlw3SNbBwbxkSi1jwwib4B4XqesCVDZv9LftsmE1U="

val provider = AesDataProvider("/sdcard/encrypted.pdf", "EQQlw3SNbBwbxkSi1jwwib4B4XqesCVDZv9LftsmE1U=")

For more information about this process, please take a look at AesEncryptedFileExample.java in our Catalog example app.