PDF Association logo

Discover pdfa.org

Key resources

Get involved

How do you find the right PDF technology vendor?
Use the Solution Agent to ask the entire PDF communuity!
The PDF Association celebrates its members’ public statements
of support
for ISO-standardized PDF technology.

Member Area

Cover of ISO TS 32004 (sponsored).

Integrity protection for encrypted documents: ISO TS 32004 is the latest Extension to PDF 2.0

The latest ISO Extension to PDF 2.0 offers backwards-compatible integrity protection via Message Authentication Code (MAC).
About the author: The PDF Association staff delivers a vendor-neutral platform for PDF’s stakeholders, facilitating the development of open specifications and ISO standards for PDF technology. The staff are located in Germany, the … Read more

BUSINESS NOTE

While encryption preserves confidentiality, it does not ensure that the receiving party can verify the document's integrity.

This new ISO extension for PDF 2.0 describes a mechanism to protect the integrity of an encrypted PDF document using a Message Authentication Code (MAC) with a key derived from the encryption key.

BUSINESS NOTE

While encryption preserves confidentiality, it does not ensure that the receiving party can verify the document's integrity.

This new ISO extension for PDF 2.0 describes a mechanism to protect the integrity of an encrypted PDF document using a Message Authentication Code (MAC) with a key derived from the encryption key.

ISO TC 171 SC 2 WG 8's latest PDF 2.0 extension, ISO/TS 32004:2024 Document management — Portable Document Format — Integrity protection in encrypted documents in PDF 2.0 is now published by ISO and available at no cost from pdfa.org!

With encryption, preserving the confidentiality of the protected content is critical, but so is ensuring that the receiving party can verify the document's integrity. The existing encryption mechanisms defined in ISO 32000-2 provide confidentiality, but without any authentication features.

ISO TS 32004 describes a mechanism to protect the integrity of an encrypted PDF document using a Message Authentication Code (MAC) with a key derived from the encryption key. This approach differs from - but is complementary with - public-key cryptography-based digital signatures: a valid MAC created on the basis of ISO TS 32004 proves knowledge of the file encryption key.

The mechanism described in ISO TS 32004 is backwards compatible with ISO 32000-2:2020 and can be used with PDF files containing digital signatures.

To learn more, read PDF Digital Signatures TWG chair Matthias Valvekens' technical overview and explanation of MACs versus signatures.

You can buy ISO TS 32004 from ISO or download it at no cost thanks to the sponsors of ISO 32000-2, Adobe, Apryse and Foxit.

ISO TS 32004 is also available in the ISO 32000-2 bundle, together with:

  • ISO 32000-2 (the core PDF specification + errata)
  • ISO TS 32001
  • ISO TS 32002
  • ISO TS 32003, and now...
  • ISO TS 32004
WordPress Cookie Notice by Real Cookie Banner