PDF Association logo

Discover pdfa.org

Key resources

Get involved

How do you find the right PDF technology vendor?
Use the Solution Agent to ask the entire PDF communuity!
The PDF Association celebrates its members’ public statements
of support
for ISO-standardized PDF technology.

Member Area

Stylized image of

PDF 2.0 adds AES-GCM support

The PDF Association is pleased to announce no-cost availability of ISO/TS 32003, adding support for AES-GCM to PDF 2.0.
About the author: The PDF Association staff delivers a vendor-neutral platform for PDF’s stakeholders, facilitating the development of open specifications and ISO standards for PDF technology. Staff members include: Alexandra Oettler (Editor), Betsy Fanning … Read more

Cover of ISO / TS 32003The latest product of ISO TC 171 SC 2 WG 8: ISO/TS 32003:2023 Document management — Portable Document Format — Adding support of AES-GCM in PDF 2.0, is now published. This ISO Technical Specification extends PDF encryption to include AES-GCM with cipher keys of size 128-bits, 192-bits and 256-bits, and a block size of 128 bits.

The PDF Association is pleased to announce that ISO/TS 32003 is available to all PDF developers at no cost thanks to the sponsors of ISO 32000-2:2020, Adobe, Apryse and Foxit.

The Galois/Counter Mode (GCM) is a block cipher mode of operation standardized for use with the Advanced Encryption Standard (AES) by the US National Institute for Standards and Technology (NIST) as NIST SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. AES-GCM provides high-speed encryption and data integrity, and is a big improvement over the previous AES-CBC (Cipher Block Chaining) methods introduced in PDF 1.6 but deprecated in PDF 2.0.

AES-GCM is an authenticated encryption algorithm: it provides confidentiality as well as ciphertext authentication. The two cryptographic primitives supplied by AES-GCM are referred to as authenticated encryption and authenticated decryption. The authenticated encryption function encrypts the confidential data and computes an authentication tag on both the ciphertext and, optionally, an additional authenticated data (AAD) payload. The authenticated decryption function decrypts the confidential data contingent on verification of the tag. Each function is relatively efficient and able to be parallelized; consequently, high throughput implementations are possible in both hardware and software.

In PDF encryption, encryption is always applied to individual streams and strings. Although using AES-GCM authenticates all individual ciphertexts a separate mechanism is required to achieve document-level integrity guarantees. One such mechanism will be defined in the soon-to-be published ISO/TS 32004 Document management — Portable Document Format — Integrity protection in encrypted documents in PDF 2.0, as described in this overview and Matthias Valvekens' explanation of MACs versus signatures.

Download your no-cost copy of ISO/TS 32003 today!

WordPress Cookie Notice by Real Cookie Banner