THotPDF.CryptKeyLength Property
losLab logo

HotPDF Developer Reference

Delphi and C++Builder PDF component help

Home Contents Overview

 

THotPDF.CryptKeyLength

THotPDF

 

 Top  Previous  Next

Determines PDF file encryption method.

 

type

THPDFKeyType = ( k40,  k128,  aes128,  aes256 );

 

Delphi syntax:

property CryptKeyLength: THPDFKeyType;

 

C++ syntax:

__property THPDFKeyType CryptKeyLength;

 

Description

Use CryptKeyLength to choose the standard security handler revision and cipher used when ActivateProtection is enabled.

 

Value                Meaning

k40                        Standard security handler V=1, R=2, RC4 with a 40-bit key (PDF 1.1+).

k128                        Standard security handler V=2, R=3, RC4 with a 128-bit key (PDF 1.4+).

aes128                  Standard security handler V=4, R=4 with crypt filter StdCF (CFM=AESV2). AES-128 in CBC mode with PKCS#7 padding and a 16-byte random initialization vector per ISO 32000-1 7.6.2 / 7.4.4.2 (PDF 1.6+). Since HotPDF v2.4.0 this option encrypts strings and streams with a real AES implementation; earlier builds emitted the AES dictionary but did not actually encrypt content.

aes256                  Standard security handler V=5 with crypt filter StdCF (CFM=AESV3). AES-256 in CBC mode with PKCS#7 padding and a 16-byte random initialization vector per Adobe Extension Level 3 / ISO 32000-2 7.6.4 (PDF 1.7+, accepted by Acrobat 9 and later, Foxit, Chrome and the Apple/macOS viewers). Available since HotPDF v2.17.0. The default revision is R=5 with SHA-256 password hashing. Set UseAES256R6 to true to switch to R=6 with the ISO 32000-2 algorithm 2.B "hash dance" (SHA-256 / SHA-384 / SHA-512 + AES-128 mixer); R=6 is required by Acrobat DC and PDF/A-4 validators. Available since HotPDF v2.22.0.

 

Public-Key Security Handler (PDF 1.7 7.6.5)

For certificate-based encryption (one document, multiple recipients) call EnablePubKeyEncryption(seed, KeyType, EncryptMetadata) instead of setting UserPassword / OwnerPassword. The same CryptKeyLength values apply to the symmetric cipher (k40 -> RC4-40 / V=1 + s4 SubFilter, k128 -> RC4-128 / V=2 + s5, aes128 -> AES-128 / V=4 + s5). Caller must build one PKCS#7 envelopedData blob per recipient (Windows CryptoAPI, OpenSSL, or pycryptodome) and append each blob through AddPubKeyRecipient; the file encryption key derives through algorithm 9 (SHA-1 of seed concatenated with the envelope binaries). Available since HotPDF v2.33.0.

 

Code Example

HPDF.OwnerPassword := 'password';          // Set owner password (required to change security settings)
HPDF.UserPassword := 'user';               // Set user password (required to open the document)
HPDF.ProtectOptions := [poEdit, poAnnot];  // Disallow editing and annotations
HPDF.ActivateProtection := true;           // Enable PDF security

 

See also: ActivateProtection, OwnerPassword, ProtectOptions, UserPassword