Integrity protection for encrypted documents: ISO TS 32004 is the latest Extension to PDF 2.0
The latest ISO Extension to PDF 2.0 offers backwards-compatible integrity protection via Message Authentication Code (MAC).BUSINESS NOTE
While encryption preserves confidentiality, it does not ensure that the receiving party can verify the document's integrity.
This new ISO extension for PDF 2.0 describes a mechanism to protect the integrity of an encrypted PDF document using a Message Authentication Code (MAC) with a key derived from the encryption key.
BUSINESS NOTE
While encryption preserves confidentiality, it does not ensure that the receiving party can verify the document's integrity.
This new ISO extension for PDF 2.0 describes a mechanism to protect the integrity of an encrypted PDF document using a Message Authentication Code (MAC) with a key derived from the encryption key.
ISO TC 171 SC 2 WG 8's latest PDF 2.0 extension, ISO/TS 32004:2024 Document management — Portable Document Format — Integrity protection in encrypted documents in PDF 2.0 is now published by ISO and available at no cost from pdfa.org!
With encryption, preserving the confidentiality of the protected content is critical, but so is ensuring that the receiving party can verify the document's integrity. The existing encryption mechanisms defined in ISO 32000-2 provide confidentiality, but without any authentication features.
ISO TS 32004 describes a mechanism to protect the integrity of an encrypted PDF document using a Message Authentication Code (MAC) with a key derived from the encryption key. This approach differs from - but is complementary with - public-key cryptography-based digital signatures: a valid MAC created on the basis of ISO TS 32004 proves knowledge of the file encryption key.
The mechanism described in ISO TS 32004 is backwards compatible with ISO 32000-2:2020 and can be used with PDF files containing digital signatures.
To learn more, read PDF Digital Signatures TWG chair Matthias Valvekens' technical overview and explanation of MACs versus signatures.
You can buy ISO TS 32004 from ISO or download it at no cost thanks to the sponsors of ISO 32000-2, Adobe, Apryse and Foxit.
ISO TS 32004 is also available in the ISO 32000-2 bundle, together with:
- ISO 32000-2 (the core PDF specification + errata)
- ISO TS 32001
- ISO TS 32002
- ISO TS 32003, and now...
- ISO TS 32004