PSPDFAESCryptoDataProvider

Objective-C


@interface PSPDFAESCryptoDataProvider : NSObject <PSPDFFileDataProviding>

Swift

class AESCryptoDataProvider : NSObject, FileDataProviding

This class allows a transparent decryption of AES256 encrypted files using the RNCryptor file format https://github.com/RNCryptor/RNCryptor-Spec/blob/master/RNCryptor-Spec-v3.md

Legacy PSPDFKit old file format is also supported. Use the provided encryption tool to prepare your documents.

Ensure your passphrase/salt are also protected within the binary, or at least obfuscated. Encryption marginally slows down rendering, since everything is decrypted on the fly.

If saving annotations to a file managed by a PSPDFAESCryptoDataProvider, the whole file will be re-written.

Note

The initializers will return nil if the strong encryption feature is not enabled, or if you pass an invalid parameter configuration.

  • Designated initializer with the passphrase and salt. URL must be a file-based URL.

    Declaration

    Objective-C

    - (nullable instancetype)initWithURL:(nonnull NSURL *)URL
                  passphraseProvider:
                      (nonnull NSString *_Nonnull (^)(void))passphraseProvider
                                salt:(nonnull NSString *)salt
                              rounds:(NSUInteger)rounds;

    Swift

    init?(url URL: URL, passphraseProvider: @escaping () -> String, salt: String, rounds: UInt)

  • Initializer with the passphrase and salt as NSData rather than NSString. URL must be a file-based URL.

    Declaration

    Objective-C

    - (nullable instancetype)initWithURL:(nonnull NSURL *)URL
              passphraseDataProvider:
                  (nonnull NSData *_Nonnull (^)(void))passphraseDataProvider
                                salt:(nonnull NSData *)saltData
                              rounds:(NSUInteger)rounds;

    Swift

    init?(url URL: URL, passphraseDataProvider: @escaping () -> Data, salt saltData: Data, rounds: UInt)

  • Designated initializer with the passphrase. Salt will be loaded from the header of the file format (see https://github.com/RNCryptor/RNCryptor-Spec/blob/master/RNCryptor-Spec-v3.md )

    The default PRF is kCCPRFHmacAlgSHA1. The number of iterations will be the new default PSPDFAESDefaultPBKDFNumberOfRounds (10000) URL must be a file-based URL.

    Declaration

    Objective-C

    - (nullable instancetype)initWithURL:(nonnull NSURL *)URL
                  passphraseProvider:
                      (nonnull NSString *_Nonnull (^)(void))passphraseProvider;

    Swift

    init?(url URL: URL, passphraseProvider: @escaping () -> String)

  • Designated initializer with the passphrase and legacy file format PRF kCCPRFHmacAlgSHA256 and 50000 rounds.

    Salt will be loaded from the header of the URL must be a file-based URL.

    Declaration

    Objective-C

    - (nullable instancetype)initWithLegacyFileFormatURL:(nonnull NSURL *)URL
                                  passphraseProvider:
                                      (nonnull NSString *_Nonnull (^)(void))
                                          passphraseProvider;

    Swift

    init?(legacyFileFormatURL URL: URL, passphraseProvider: @escaping () -> String)

  • Designated initializer with a prepared, stretched, binary key.

    Warning: only use this if the key is cryptographically random and of length kCCKeySizeAES256. The default PRF is kCCPRFHmacAlgSHA1. The default number of iterations is PSPDFAESDefaultPBKDFNumberOfRounds (10000). For legacy file format use kCCPRFHmacAlgSHA256 and 50000 rounds. URL must be a file-based URL.

    Declaration

    Objective-C

    - (nullable instancetype)initWithURL:(nonnull NSURL *)URL
                   binaryKeyProvider:
                       (nonnull NSData *_Nonnull (^)(void))binaryKeyProvider;

    Swift

    init?(url URL: URL, binaryKeyProvider: @escaping () -> Data)

  • The local file URL the data provider was initialized with.

    Declaration

    Objective-C

    @property (nonatomic, readonly) NSURL *_Nonnull fileURL;

    Swift

    var fileURL: URL { get }

Implementations of optional protocol methods

  • Creates a new AESCryptoDataSink with the receiver’s UID and the given options.

    This call never fails.

    Declaration

    Objective-C

    - (nonnull id<PSPDFDataSink>)
    createDataSinkWithOptions:(PSPDFDataSinkOptions)options
                        error:(NSError *_Nullable *_Nullable)error;

    Swift

    func createDataSink(options: DataSinkOptions = []) throws -> DataSink

  • Replaces the file at fileURL with the contents of replacementDataSink.

    Warning

    This method raises an exception if replacementDataSink is not an instance of AESCryptoDataSink, or if replacementDataSink.isFinished is false. or you forgot to call finish on it before passing it.

    Declaration

    Objective-C

    - (BOOL)replaceContentsWithDataSink:
            (nonnull id<PSPDFDataSink>)replacementDataSink
                              error:(NSError *_Nullable *_Nullable)error;

    Swift

    func replaceContents(with replacementDataSink: DataSink) throws

    Parameters

    replacementDataSink

    An instance of AESCryptoDataSink, typically created by calling createDataSink(options:).
    error

    A pointer to populate with an error IFF replacing the receiver’s content fails.

  • Removes the file at fileURL.

    This method fails if the filesystem item at fileURL cannot be removed.

    Declaration

    Objective-C

    - (BOOL)deleteDataWithError:(NSError *_Nullable *_Nullable)error;

    Swift

    func deleteData() throws

  • Returns false

    Declaration

    Objective-C

    - (BOOL)useDiskCache;

    Swift

    func useDiskCache() -> Bool