In order to more rapidly update PDF technology to address industry demands and advances in technology, ISO TC 171 SC 2 is publishing extensions and clarifications to PDF 2.0 as separate ISO Technical Specifications (TS). The first pair of ISO-approved PDF 2.0 extensions update the set of supported hash algorithms and extend PDF digital signatures to include modern elliptic curves. These short documents use well-known and widely-implemented existing cryptographic algorithms and are built on top of the digital signature and encryption frameworks that already exist in PDF.
An ISO TS follows the same rigorous development processes used for International Standards (IS), but works with an accelerated schedule better suited to the rapid rate of change in software, making it possible to bring new features to market far more quickly than updating and republishing a full new edition of ISO 32000.
These short ISO TS publications for PDF 2.0 are normative documents that are now part of PDF’s core specification; they are therefore as authoritative as ISO 32000 or any of the other ISO-standardized subsets of PDF such as PDF/A, PDF/X or PDF/UA. ISO TS publications are only available for a maximum of 6 years, with reviews by the ISO committee at 3 year intervals. It is expected that the content of ISO TS extension and clarification publications will be incorporated into the core PDF specification document itself within the 6 year period.
As listed on the PDF Association’s ISO status page, as of the end of 2022 there are four separate PDF 2.0 cryptographic related extensions:
ISO/TS 32001 extends PDF 2.0 by adding “support for digitally signing PDF documents using the SHA3-256, SHA3-384, SHA3-512 and SHAKE256 hash algorithms in the secure hash algorithm 3 (SHA-3) hash algorithm family as defined in FIPS PUB 202”.
ISO/TS 32001:2022 can be purchased via the PDF Association.
ISO/TS 32002 extends PDF 2.0 by adding support for the following modern elliptic curves for digital signatures:
ISO/TS 32002:2022 can be purchased via the PDF Association.
Although not yet finalized and published, ISO/TS 32003 extends PDF 2.0 by adding support for AES-GCM (Advanced Encryption Standard - Galois/Counter Mode). Without going into the technical details of how AES encryption and its various modes of operation work, AES-GCM is a more modern algorithm that provides authenticated encryption (i.e. confidentiality as well as authentication).
Back in 2004 PDF 1.6 first introduced support for AES-CBC (Advanced Encryption Standard - Cipher Block Chaining) with various bit lengths up to 128 bit. In 2017, the first edition of PDF 2.0 (ISO 32000-2:2017) extended the bit lengths to include 256-bit AES-CBC, while also deprecating all shorter bit lengths. This was because in the intervening years shorter bit lengths had become susceptible to practical new attacks. ISO/TS 32003 goes further in enhancing document security to add 256-bit AES-GCM.
As soon as ISO/TS 32003 is published, it will be available for purchase from the PDF Association.
As soon as ISO/TS 32004 is published, it will be available for purchase from the PDF Association.
As stated in ISO 32000-2, sub-clause 6.3.2 “Conformance of PDF processors”:
Each PDF processor chooses which subsets of PDF functionality to support. For each subset that the processor chooses to support, the processor shall comply with the applicable provisions in this document.
As with any feature defined in ISO 32000, PDF software vendors are free to choose which extensions and features are implemented. But if that software supports a new PDF 2.0 feature that support must fully comply with the appropriate ISO TS publication and ISO 32000-2 (PDF 2.0).
As digital signatures, modern hash algorithms and encryption are all vital for many workflows and documents, it is expected that mainstream PDF products (both PDF creators and PDF viewers) will implement all PDF 2.0 cryptographic extensions as soon as they are published.
Extensions defined by ISO TS publications are not supported by PDF 1.7 or earlier versions - they are specific to PDF 2.0 only.
The PDF extension model was introduced with ISO’s first standardization of PDF: ISO 32000-1:2008 (PDF 1.7). The Document Catalog Extensions entry (a set of direct data structures specified in clause 7.12 “Extension Dictionary”) provides the means by which a PDF document can declare the extensions support that it requires beyond the core feature set of ISO 32000. As shown in the example below, a single PDF can depend on multiple extensions from multiple vendors:
%PDF-2.0 … 5 0 obj << /Type /Catalog /Pages … /Extensions << /Type /Extensions /ISO_ [ % Multiple extensions are registered with prefix “ISO_” << /Type /DeveloperExtensions /BaseVersion /2.0 /ExtensionLevel 32001 /ExtensionRevision (2022) /URL (https://www.iso.org/standard/45874.html) >> << /Type /DeveloperExtensions /BaseVersion /2.0 /ExtensionLevel 32002 /ExtensionRevision (2022) /URL (https://www.iso.org/standard/45875.html) >> ] … % Other extensions using different registered prefixes >> >> endobj …
Although the Extensions entry is required by all PDF files using ISO TS extensions, neither PDF 2.0 nor the ISO TS extension specifications mandate or describe how the data should be used by software. In addition to enabling support, the Extensions entry also provides sufficient data for software to present useful feedback to users who open a PDF file containing unsupported extensions. Similar information might also be presented in a File… | Properties dialog when listing the PDF version and other meta-information about a PDF file.
A critical aspect of development for ISO TS extension publications is interoperability testing and practical confirmation that the document is unambiguous to all developers. As a result, some early technology is already available.
PDF Association members have access to sample ISO/TS 320001 and ISO/TS 32002 PDF files in GitHub that have been created and shared within the PDF Digital Signature Technical Working Group (TWG). Via the PDF Association liaison status with ISO, members can also get access to drafts of all ISO documents including ISO TS extensions and clarifications.
At the time of writing, the pyHanko library supports both ISO/TS 32001 and ISO/TS 32002 and is described in this article by its author. A contribution to iText to support both ISO/TS 32001 and ISO/TS 32002 is also pending.
Although the TS publications of ISO/TS 32003 and ISO/TS 32004 are not yet finalized by the ISO committee, interoperability testing means that some early technology already exists. FoxIt has a proof-of-concept implementation based on earlier drafts of ISO/TS 32003 and ISO/TS 32004, and this ZIP file contains example PDFs created using different technology. Note that unlike ISO/TS 32001 and ISO/TS 32002, the technical details of both ISO/TS 32003 and ISO/TS 32004 may change. and these technologies and samples are not definitive and should not be relied upon until the TSs are published.
The PDF Digital Signature TWG is the right forum for members to discuss and learn about these new cryptographic extensions.
Contact your vendor today to find out when support for these ISO cryptographic extensions for PDF 2.0 will be added to your PDF software. If you are interested in contributing new ideas or to learn more about PDF digital signatures, then become a member of the PDF Association and join the Digital Signature Technical Working Group.
Peter Wyatt is the PDF Association’s CTO and an independent technology consultant with deep file format and parsing expertise. A developer and researcher working on PDF technologies for more than 20 years, he is ISO Project Leader of ISO 32000 (the core PDF standard), co-Chairs the PDF Association’s PDF TWG and is the PDF Association’s Principal Scientist leading the organization’s …