origami-docspring 2.2.0 → 2.3.0

data/lib/origami/encryption.rb

@@ -1,22 +1,22 @@
-=begin
-
-    This file is part of Origami, PDF manipulation framework for Ruby
-    Copyright (C) 2016	Guillaume Delugré.
-
-    Origami is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Lesser General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    Origami is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Lesser General Public License for more details.
-
-    You should have received a copy of the GNU Lesser General Public License
-    along with Origami.  If not, see <http://www.gnu.org/licenses/>.
-
-=end
+# frozen_string_literal: true
+
+#
+#     This file is part of Origami, PDF manipulation framework for Ruby
+#     Copyright (C) 2016	Guillaume Delugré.
+#
+#     Origami is free software: you can redistribute it and/or modify
+#     it under the terms of the GNU Lesser General Public License as published by
+#     the Free Software Foundation, either version 3 of the License, or
+#     (at your option) any later version.
+#
+#     Origami is distributed in the hope that it will be useful,
+#     but WITHOUT ANY WARRANTY; without even the implied warranty of
+#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#     GNU Lesser General Public License for more details.
+#
+#     You should have received a copy of the GNU Lesser General Public License
+#     along with Origami.  If not, see <http://www.gnu.org/licenses/>.
+#
 
 require 'openssl'
 require 'securerandom'
@@ -24,1062 +24,1106 @@ require 'digest/md5'
 require 'digest/sha2'
 
 module Origami
+  class EncryptionError < Error # :nodoc:
+  end
+
+  class EncryptionInvalidPasswordError < EncryptionError # :nodoc:
+  end
+
+  class EncryptionNotSupportedError < EncryptionError # :nodoc:
+  end
 
-    class EncryptionError < Error #:nodoc:
+  class PDF
+    #
+    # Returns whether the PDF file is encrypted.
+    #
+    def encrypted?
+      trailer_key? :Encrypt
     end
 
-    class EncryptionInvalidPasswordError < EncryptionError #:nodoc:
+    #
+    # Decrypts the current document.
+    # _passwd_:: The password to decrypt the document.
+    #
+    def decrypt(passwd = "")
+      raise EncryptionError, "PDF is not encrypted" unless encrypted?
+
+      # Turn the encryption dictionary into a standard encryption dictionary.
+      handler = trailer_key(:Encrypt)
+      handler = cast_object(handler.reference, Encryption::Standard::Dictionary)
+
+      unless handler.Filter == :Standard
+        raise EncryptionNotSupportedError, "Unknown security handler : '#{handler.Filter}'"
+      end
+
+      doc_id = trailer_key(:ID)
+      if doc_id.is_a?(Array)
+        doc_id = doc_id.first
+      else
+        raise EncryptionError, "Document ID was not found or is invalid" unless handler.V.to_i == 5
+      end
+
+      encryption_key = handler.derive_encryption_key(passwd, doc_id)
+
+      extend(Encryption::EncryptedDocument)
+      self.encryption_handler = handler
+      self.encryption_key = encryption_key
+
+      decrypt_objects
+
+      self
     end
 
-    class EncryptionNotSupportedError < EncryptionError #:nodoc:
+    #
+    # Encrypts the current document with the provided passwords.
+    # The document will be encrypted at writing-on-disk time.
+    # _userpasswd_:: The user password.
+    # _ownerpasswd_:: The owner password.
+    # _options_:: A set of options to configure encryption.
+    #
+    def encrypt(options = {})
+      raise EncryptionError, "PDF is already encrypted" if encrypted?
+
+      #
+      # Default encryption options.
+      #
+      params =
+        {
+          user_passwd: '',
+          owner_passwd: '',
+          cipher: 'aes',            # :RC4 or :AES
+          key_size: 128,            # Key size in bits
+          hardened: false,          # Use newer password validation (since Reader X)
+          encrypt_metadata: true,   # Metadata shall be encrypted?
+          permissions: Encryption::Standard::Permissions::ALL    # Document permissions
+        }.update(options)
+
+      # Get the cryptographic parameters.
+      version, revision = crypto_revision_from_options(params)
+
+      # Create the security handler.
+      handler, encryption_key = create_security_handler(version, revision, params)
+
+      # Turn this document into an EncryptedDocument instance.
+      extend(Encryption::EncryptedDocument)
+      self.encryption_handler = handler
+      self.encryption_key = encryption_key
+
+      self
     end
 
-    class PDF
+    private
 
-        #
-        # Returns whether the PDF file is encrypted.
-        #
-        def encrypted?
-            trailer_key? :Encrypt
+    #
+    # Installs the standard security dictionary, marking the document as being encrypted.
+    # Returns the handler and the encryption key used for protecting contents.
+    #
+    def create_security_handler(version, revision, params)
+      # Ensure the document has an ID.
+      doc_id = (trailer_key(:ID) || generate_id).first
+
+      # Create the standard encryption dictionary.
+      handler = Encryption::Standard::Dictionary.new
+      handler.Filter = :Standard
+      handler.V = version
+      handler.R = revision
+      handler.Length = params[:key_size]
+      handler.P = -1 # params[:Permissions]
+
+      # Build the crypt filter dictionary.
+      if revision >= 4
+        handler.EncryptMetadata = params[:encrypt_metadata]
+        handler.CF = Dictionary.new
+        crypt_filter = Encryption::CryptFilterDictionary.new
+        crypt_filter.AuthEvent = :DocOpen
+
+        crypt_filter.CFM = if revision == 4
+          :AESV2
+        else
+          :AESV3
         end
 
-        #
-        # Decrypts the current document.
-        # _passwd_:: The password to decrypt the document.
-        #
-        def decrypt(passwd = "")
-            raise EncryptionError, "PDF is not encrypted" unless self.encrypted?
+        crypt_filter.Length = params[:key_size] >> 3
 
-            # Turn the encryption dictionary into a standard encryption dictionary.
-            handler = trailer_key(:Encrypt)
-            handler = self.cast_object(handler.reference, Encryption::Standard::Dictionary)
+        handler.CF[:StdCF] = crypt_filter
+        handler.StmF = handler.StrF = :StdCF
+      end
 
-            unless handler.Filter == :Standard
-                raise EncryptionNotSupportedError, "Unknown security handler : '#{handler.Filter}'"
-            end
+      user_passwd, owner_passwd = params[:user_passwd], params[:owner_passwd]
 
-            doc_id = trailer_key(:ID)
-            unless doc_id.is_a?(Array)
-                raise EncryptionError, "Document ID was not found or is invalid" unless handler.V.to_i == 5
-            else
-                doc_id = doc_id.first
-            end
+      # Setup keys.
+      handler.set_passwords(owner_passwd, user_passwd, doc_id)
+      encryption_key = handler.compute_user_encryption_key(user_passwd, doc_id)
 
-            encryption_key = handler.derive_encryption_key(passwd, doc_id)
+      # Install the encryption dictionary to the document.
+      trailer.Encrypt = self << handler
 
-            self.extend(Encryption::EncryptedDocument)
-            self.encryption_handler = handler
-            self.encryption_key = encryption_key
+      [handler, encryption_key]
+    end
 
-            decrypt_objects
+    #
+    # Converts the parameters passed to PDF#encrypt.
+    # Returns [ version, revision, crypt_filters ]
+    #
+    def crypto_revision_from_options(params)
+      case params[:cipher].upcase
+      when 'RC4'
+        crypto_revision_from_rc4_key(params[:key_size])
+      when 'AES'
+        crypto_revision_from_aes_key(params[:key_size], params[:hardened])
+      else
+        raise EncryptionNotSupportedError, "Cipher not supported : #{params[:cipher]}"
+      end
+    end
 
-            self
-        end
+    #
+    # Compute the required standard security handler version based on the RC4 key size.
+    # _key_size_:: Key size in bits.
+    # Returns [ version, revision ].
+    #
+    def crypto_revision_from_rc4_key(key_size)
+      raise EncryptionError, "Invalid RC4 key length" unless key_size.between?(40, 128) && (key_size % 8 == 0)
+
+      if key_size > 40
+        version = 2
+        revision = 3
+      else
+        version = 1
+        revision = 2
+      end
+
+      [version, revision]
+    end
 
-        #
-        # Encrypts the current document with the provided passwords.
-        # The document will be encrypted at writing-on-disk time.
-        # _userpasswd_:: The user password.
-        # _ownerpasswd_:: The owner password.
-        # _options_:: A set of options to configure encryption.
-        #
-        def encrypt(options = {})
-            raise EncryptionError, "PDF is already encrypted" if self.encrypted?
-
-            #
-            # Default encryption options.
-            #
-            params =
-            {
-                :user_passwd => '',
-                :owner_passwd => '',
-                :cipher => 'aes',            # :RC4 or :AES
-                :key_size => 128,            # Key size in bits
-                :hardened => false,          # Use newer password validation (since Reader X)
-                :encrypt_metadata => true,   # Metadata shall be encrypted?
-                :permissions => Encryption::Standard::Permissions::ALL    # Document permissions
-            }.update(options)
-
-            # Get the cryptographic parameters.
-            version, revision = crypto_revision_from_options(params)
-
-            # Create the security handler.
-            handler, encryption_key = create_security_handler(version, revision, params)
-
-            # Turn this document into an EncryptedDocument instance.
-            self.extend(Encryption::EncryptedDocument)
-            self.encryption_handler = handler
-            self.encryption_key = encryption_key
-
-            self
+    #
+    # Compute the required standard security handler version based on the AES key size.
+    # _key_size_:: Key size in bits.
+    # _hardened_:: Use the extension level 8 hardened derivation algorithm.
+    # Returns [ version, revision ].
+    #
+    def crypto_revision_from_aes_key(key_size, hardened)
+      if key_size == 128
+        version = revision = 4
+      elsif key_size == 256
+        version = 5
+        revision = if hardened
+          6
+        else
+          5
         end
+      else
+        raise EncryptionError, "Invalid AES key length (Only 128 and 256 bits keys are supported)"
+      end
 
-        private
-
-        #
-        # Installs the standard security dictionary, marking the document as being encrypted.
-        # Returns the handler and the encryption key used for protecting contents.
-        #
-        def create_security_handler(version, revision, params)
-
-            # Ensure the document has an ID.
-            doc_id = (trailer_key(:ID) || generate_id).first
-
-            # Create the standard encryption dictionary.
-            handler = Encryption::Standard::Dictionary.new
-            handler.Filter = :Standard
-            handler.V = version
-            handler.R = revision
-            handler.Length = params[:key_size]
-            handler.P = -1 # params[:Permissions]
-
-            # Build the crypt filter dictionary.
-            if revision >= 4
-                handler.EncryptMetadata = params[:encrypt_metadata]
-                handler.CF = Dictionary.new
-                crypt_filter = Encryption::CryptFilterDictionary.new
-                crypt_filter.AuthEvent = :DocOpen
-
-                if revision == 4
-                    crypt_filter.CFM = :AESV2
-                else
-                    crypt_filter.CFM = :AESV3
-                end
-
-                crypt_filter.Length = params[:key_size] >> 3
-
-                handler.CF[:StdCF] = crypt_filter
-                handler.StmF = handler.StrF = :StdCF
-            end
-
-            user_passwd, owner_passwd = params[:user_passwd], params[:owner_passwd]
+      [version, revision]
+    end
+  end
 
-            # Setup keys.
-            handler.set_passwords(owner_passwd, user_passwd, doc_id)
-            encryption_key = handler.compute_user_encryption_key(user_passwd, doc_id)
+  #
+  # Module to provide support for encrypting and decrypting PDF documents.
+  #
+  module Encryption
+    #
+    # Generates _n_ random bytes from a fast PRNG.
+    #
+    def self.rand_bytes(n)
+      Random.new.bytes(n)
+    end
 
-            # Install the encryption dictionary to the document.
-            self.trailer.Encrypt = self << handler
+    #
+    # Generates _n_ random bytes from a crypto PRNG.
+    #
+    def self.strong_rand_bytes(n)
+      SecureRandom.random_bytes(n)
+    end
 
-            [ handler, encryption_key ]
+    module EncryptedDocument
+      attr_accessor :encryption_key
+      attr_accessor :encryption_handler
+
+      # Get the encryption cipher from the crypt filter name.
+      def encryption_cipher(name)
+        @encryption_handler.encryption_cipher(name)
+      end
+
+      # Get the default string encryption cipher.
+      def string_encryption_cipher
+        @encryption_handler.string_encryption_cipher
+      end
+
+      # Get the default stream encryption cipher.
+      def stream_encryption_cipher
+        @encryption_handler.stream_encryption_cipher
+      end
+
+      private
+
+      #
+      # For each object subject to encryption, convert it to an EncryptedObject and decrypt it if necessary.
+      #
+      def decrypt_objects
+        each_encryptable_object do |object|
+          case object
+          when String
+            object.extend(EncryptedString) unless object.is_a?(EncryptedString)
+            object.decrypt!
+
+          when Stream
+            object.extend(EncryptedStream) unless object.is_a?(EncryptedStream)
+          end
         end
+      end
+
+      #
+      # For each object subject to encryption, convert it to an EncryptedObject and mark it as not encrypted yet.
+      #
+      def encrypt_objects
+        each_encryptable_object do |object|
+          case object
+          when String
+            unless object.is_a?(EncryptedString)
+              object.extend(EncryptedString)
+              object.decrypted = true
+            end
 
-        #
-        # Converts the parameters passed to PDF#encrypt.
-        # Returns [ version, revision, crypt_filters ]
-        #
-        def crypto_revision_from_options(params)
-            case params[:cipher].upcase
-            when 'RC4'
-                crypto_revision_from_rc4_key(params[:key_size])
-            when 'AES'
-                crypto_revision_from_aes_key(params[:key_size], params[:hardened])
-            else
-                raise EncryptionNotSupportedError, "Cipher not supported : #{params[:cipher]}"
+          when Stream
+            unless object.is_a?(EncryptedStream)
+              object.extend(EncryptedStream)
+              object.decrypted = true
             end
+          end
+        end
+      end
+
+      #
+      # Iterates over each encryptable objects in the document.
+      #
+      def each_encryptable_object(&b)
+        # Metadata may not be encrypted depending on the security handler configuration.
+        encrypt_metadata = (@encryption_handler.EncryptMetadata != false)
+        metadata = self.Catalog.Metadata
+
+        each_object(recursive: true)
+          .lazy
+          .select { |object|
+          case object
+          when Stream
+            !object.is_a?(XRefStream) or (encrypt_metadata and object.equal?(metadata))
+          when String
+            !object.parent.equal?(@encryption_handler)
+          end
+        }
+          .each(&b)
+      end
+
+      def physicalize(options = {})
+        encrypt_objects
+
+        super
+
+        # remove encrypt dictionary if requested
+        if options[:decrypt]
+          delete_object(trailer[:Encrypt])
+          trailer[:Encrypt] = nil
         end
 
-        #
-        # Compute the required standard security handler version based on the RC4 key size.
-        # _key_size_:: Key size in bits.
-        # Returns [ version, revision ].
-        #
-        def crypto_revision_from_rc4_key(key_size)
-            raise EncryptionError, "Invalid RC4 key length" unless key_size.between?(40, 128) and key_size % 8 == 0
+        self
+      end
 
-            if key_size > 40
-                version = 2
-                revision = 3
-            else
-                version = 1
-                revision = 2
-            end
+      def build_object(object, revision, options)
+        if object.is_a?(EncryptedObject) && options[:decrypt]
+          object.pre_build
+          object.decrypt!
+          object.decrypted = false # makes it believe no encryption pass is required
+          object.post_build
 
-            [ version, revision ]
+          return
         end
 
-        #
-        # Compute the required standard security handler version based on the AES key size.
-        # _key_size_:: Key size in bits.
-        # _hardened_:: Use the extension level 8 hardened derivation algorithm.
-        # Returns [ version, revision ].
-        #
-        def crypto_revision_from_aes_key(key_size, hardened)
-            if key_size == 128
-                version = revision = 4
-            elsif key_size == 256
-                version = 5
-                if hardened
-                    revision = 6
-                else
-                    revision = 5
-                end
-            else
-                raise EncryptionError, "Invalid AES key length (Only 128 and 256 bits keys are supported)"
-            end
+        super
+      end
+    end
+
+    #
+    # Module for encrypted PDF objects.
+    #
+    module EncryptedObject # :nodoc
+      attr_accessor :decrypted
+
+      def post_build
+        encrypt!
+
+        super
+      end
+
+      private
+
+      def compute_object_key(cipher)
+        doc = document
+        raise EncryptionError, "Document is not encrypted" unless doc.is_a?(EncryptedDocument)
+
+        encryption_key = doc.encryption_key
 
-            [ version, revision ]
+        if doc.encryption_handler.V < 5
+          parent = indirect_parent
+          no, gen = parent.no, parent.generation
+          k = encryption_key + [no].pack("I")[0..2] + [gen].pack("I")[0..1]
+
+          key_len = [k.length, 16].min
+          k << "sAlT" if cipher == Encryption::AES
+
+          Digest::MD5.digest(k)[0, key_len]
+        else
+          encryption_key
         end
+      end
     end
 
     #
-    # Module to provide support for encrypting and decrypting PDF documents.
+    # Module for encrypted String.
     #
-    module Encryption
+    module EncryptedString
+      include EncryptedObject
 
-        #
-        # Generates _n_ random bytes from a fast PRNG.
-        #
-        def self.rand_bytes(n)
-            Random.new.bytes(n)
-        end
+      def self.extended(obj)
+        obj.decrypted = false
+      end
 
-        #
-        # Generates _n_ random bytes from a crypto PRNG.
-        #
-        def self.strong_rand_bytes(n)
-            SecureRandom.random_bytes(n)
-        end
+      def encrypt!
+        return self unless @decrypted
 
-        module EncryptedDocument
-            attr_accessor :encryption_key
-            attr_accessor :encryption_handler
+        cipher = document.string_encryption_cipher
+        raise EncryptionError, "Cannot find string encryption filter" if cipher.nil?
 
-            # Get the encryption cipher from the crypt filter name.
-            def encryption_cipher(name)
-                @encryption_handler.encryption_cipher(name)
-            end
+        key = compute_object_key(cipher)
 
-            # Get the default string encryption cipher.
-            def string_encryption_cipher
-                @encryption_handler.string_encryption_cipher
-            end
+        encrypted_data =
+          if (cipher == RC4) || (cipher == Identity)
+            cipher.encrypt(key, value)
+          else
+            iv = Encryption.rand_bytes(AES::BLOCKSIZE)
+            cipher.encrypt(key, iv, value)
+          end
 
-            # Get the default stream encryption cipher.
-            def stream_encryption_cipher
-                @encryption_handler.stream_encryption_cipher
-            end
+        @decrypted = false
 
-            private
-
-            #
-            # For each object subject to encryption, convert it to an EncryptedObject and decrypt it if necessary.
-            #
-            def decrypt_objects
-                each_encryptable_object do |object|
-                    case object
-                    when String
-                        object.extend(EncryptedString) unless object.is_a?(EncryptedString)
-                        object.decrypt!
-
-                    when Stream
-                        object.extend(EncryptedStream) unless object.is_a?(EncryptedStream)
-                    end
-                end
-            end
+        replace(encrypted_data)
+        freeze
 
-            #
-            # For each object subject to encryption, convert it to an EncryptedObject and mark it as not encrypted yet.
-            #
-            def encrypt_objects
-                each_encryptable_object do |object|
-                    case object
-                    when String
-                        unless object.is_a?(EncryptedString)
-                            object.extend(EncryptedString)
-                            object.decrypted = true
-                        end
-
-                    when Stream
-                        unless object.is_a?(EncryptedStream)
-                            object.extend(EncryptedStream)
-                            object.decrypted = true
-                        end
-                    end
-                end
-            end
+        self
+      end
 
-            #
-            # Iterates over each encryptable objects in the document.
-            #
-            def each_encryptable_object(&b)
-
-                # Metadata may not be encrypted depending on the security handler configuration.
-                encrypt_metadata = (@encryption_handler.EncryptMetadata != false)
-                metadata = self.Catalog.Metadata
-
-                self.each_object(recursive: true)
-                    .lazy
-                    .select { |object|
-                        case object
-                        when Stream
-                            not object.is_a?(XRefStream) or (encrypt_metadata and object.equal?(metadata))
-                        when String
-                            not object.parent.equal?(@encryption_handler)
-                        end
-                    }
-                    .each(&b)
-            end
+      def decrypt!
+        return self if @decrypted
 
-            def physicalize(options = {})
-                encrypt_objects
+        cipher = document.string_encryption_cipher
+        raise EncryptionError, "Cannot find string encryption filter" if cipher.nil?
 
-                super
+        key = compute_object_key(cipher)
 
-                # remove encrypt dictionary if requested
-                if options[:decrypt]
-                    delete_object(self.trailer[:Encrypt])
-                    self.trailer[:Encrypt] = nil
-                end
+        replace(cipher.decrypt(key, to_str))
+        @decrypted = true
 
-                self
-            end
+        self
+      end
+    end
 
-            def build_object(object, revision, options)
-                if object.is_a?(EncryptedObject) and options[:decrypt]
-                    object.pre_build
-                    object.decrypt!
-                    object.decrypted = false # makes it believe no encryption pass is required
-                    object.post_build
+    #
+    # Module for encrypted Stream.
+    #
+    module EncryptedStream
+      include EncryptedObject
 
-                    return
-                end
+      def self.extended(obj)
+        obj.decrypted = false
+      end
 
-                super
-            end
-        end
+      def encrypt!
+        return self unless @decrypted
 
-        #
-        # Module for encrypted PDF objects.
-        #
-        module EncryptedObject #:nodoc
-            attr_accessor :decrypted
+        encode!
 
-            def post_build
-                encrypt!
+        cipher = get_encryption_cipher
+        key = compute_object_key(cipher)
 
-                super
-            end
+        @encoded_data =
+          if (cipher == RC4) || (cipher == Identity)
+            cipher.encrypt(key, encoded_data)
+          else
+            iv = Encryption.rand_bytes(AES::BLOCKSIZE)
+            cipher.encrypt(key, iv, @encoded_data)
+          end
 
-            private
+        @decrypted = false
 
-            def compute_object_key(cipher)
-                doc = self.document
-                raise EncryptionError, "Document is not encrypted" unless doc.is_a?(EncryptedDocument)
+        @encoded_data.freeze
+        freeze
 
-                encryption_key = doc.encryption_key
+        self
+      end
 
-                if doc.encryption_handler.V < 5
-                    parent = self.indirect_parent
-                    no, gen = parent.no, parent.generation
-                    k = encryption_key + [no].pack("I")[0..2] + [gen].pack("I")[0..1]
+      def decrypt!
+        return self if @decrypted
 
-                    key_len = [k.length, 16].min
-                    k << "sAlT" if cipher == Encryption::AES
+        cipher = get_encryption_cipher
+        key = compute_object_key(cipher)
 
-                    Digest::MD5.digest(k)[0, key_len]
-                else
-                    encryption_key
-                end
-            end
-        end
+        self.encoded_data = cipher.decrypt(key, @encoded_data)
+        @decrypted = true
 
-        #
-        # Module for encrypted String.
-        #
-        module EncryptedString
-            include EncryptedObject
+        self
+      end
 
-            def self.extended(obj)
-                obj.decrypted = false
-            end
+      private
 
-            def encrypt!
-                return self unless @decrypted
+      #
+      # Get the stream encryption cipher.
+      # The cipher used may depend on the presence of a Crypt filter.
+      #
+      def get_encryption_cipher
+        if filters.first == :Crypt
+          params = decode_params.first
 
-                cipher = self.document.string_encryption_cipher
-                raise EncryptionError, "Cannot find string encryption filter" if cipher.nil?
+          crypt_filter = if params.is_a?(Dictionary) && params.Name.is_a?(Name)
+            params.Name.value
+          else
+            :Identity
+          end
 
-                key = compute_object_key(cipher)
+          cipher = document.encryption_cipher(crypt_filter)
+        else
+          cipher = document.stream_encryption_cipher
+        end
 
-                encrypted_data =
-                    if cipher == RC4 or cipher == Identity
-                        cipher.encrypt(key, self.value)
-                    else
-                        iv = Encryption.rand_bytes(AES::BLOCKSIZE)
-                        cipher.encrypt(key, iv, self.value)
-                    end
+        raise EncryptionError, "Cannot find stream encryption filter" if cipher.nil?
 
-                @decrypted = false
+        cipher
+      end
+    end
 
-                self.replace(encrypted_data)
-                self.freeze
+    #
+    # Identity transformation.
+    #
+    module Identity
+      def self.encrypt(_key, data)
+        data
+      end
+
+      def self.decrypt(_key, data)
+        data
+      end
+    end
 
-                self
+    #
+    # Class wrapper for the RC4 algorithm.
+    #
+    class RC4
+      #
+      # Encrypts data using the given key
+      #
+      def self.encrypt(key, data)
+        RC4.new(key).encrypt(data)
+      end
+
+      #
+      # Decrypts data using the given key
+      #
+      def self.decrypt(key, data)
+        RC4.new(key).decrypt(data)
+      end
+
+      #
+      # Creates and initialises a new RC4 generator using given key
+      #
+      def initialize(key)
+        @key = key
+      end
+
+      #
+      # Encrypt/decrypt data with the RC4 encryption algorithm
+      # RC4 is part of the PDF specification, so we need to support it
+      #
+      def cipher(data)
+        return +'' if data.empty?
+
+        # Enable RC4 cipher in OpenSSL security level
+        # This is needed for PDF compatibility as per PDF 1.7 specification
+        begin
+          # Try to lower security level temporarily to enable legacy ciphers
+          original_security_level = begin
+            OpenSSL::SSL.send(:security_level)
+          rescue
+            nil
+          end
+          if original_security_level
+            begin
+              OpenSSL::SSL.send(:security_level=, 0)
+            rescue
+              nil
             end
+          end
+
+          # Now try to use RC4
+          rc4 = OpenSSL::Cipher.new('rc4').encrypt
+          rc4.key_len = @key.length
+          rc4.key = @key
+          result = rc4.update(data) + rc4.final
+
+          # Restore security level
+          if original_security_level
+            begin
+              OpenSSL::SSL.send(:security_level=, original_security_level)
+            rescue
+              nil
+            end
+          end
 
-            def decrypt!
-                return self if @decrypted
-
-                cipher = self.document.string_encryption_cipher
-                raise EncryptionError, "Cannot find string encryption filter" if cipher.nil?
+          return result
+        rescue
+          # If we can't use OpenSSL's RC4 for any reason, silently fall back to pure Ruby implementation
+        end
 
-                key = compute_object_key(cipher)
+        # Pure Ruby RC4 implementation as fallback
+        s = (0..255).to_a
+        key_bytes = @key.bytes
+        key_length = key_bytes.length
+        j = 0
 
-                self.replace(cipher.decrypt(key, self.to_str))
-                @decrypted = true
+        # Key-scheduling algorithm (KSA)
+        256.times do |i|
+          j = (j + s[i] + key_bytes[i % key_length]) % 256
+          s[i], s[j] = s[j], s[i]
+        end
 
-                self
-            end
+        # Pseudo-random generation algorithm (PRGA)
+        result = +""
+        i = j = 0
+        data.each_byte do |byte|
+          i = (i + 1) % 256
+          j = (j + s[i]) % 256
+          s[i], s[j] = s[j], s[i]
+          k = s[(s[i] + s[j]) % 256]
+          result << (byte ^ k).chr
         end
 
-        #
-        # Module for encrypted Stream.
-        #
-        module EncryptedStream
-            include EncryptedObject
+        result
+      end
 
-            def self.extended(obj)
-                obj.decrypted = false
-            end
+      alias_method :encrypt, :cipher
+      alias_method :decrypt, :cipher
+    end
 
-            def encrypt!
-                return self unless @decrypted
+    #
+    # Class wrapper for AES mode CBC.
+    #
+    class AES
+      BLOCKSIZE = 16
 
-                encode!
+      attr_writer :iv
 
-                cipher = get_encryption_cipher
-                key = compute_object_key(cipher)
+      def self.encrypt(key, iv, data)
+        AES.new(key, iv).encrypt(data)
+      end
 
-                @encoded_data =
-                    if cipher == RC4 or cipher == Identity
-                        cipher.encrypt(key, self.encoded_data)
-                    else
-                        iv = Encryption.rand_bytes(AES::BLOCKSIZE)
-                        cipher.encrypt(key, iv, @encoded_data)
-                    end
+      def self.decrypt(key, data)
+        AES.new(key, nil).decrypt(data)
+      end
 
-                @decrypted = false
+      def initialize(key, iv, use_padding = true)
+        unless [16, 24, 32].include?(key.size)
+          raise EncryptionError, "Key must have a length of 128, 192 or 256 bits."
+        end
 
-                @encoded_data.freeze
-                self.freeze
+        if !iv.nil? && (iv.size != BLOCKSIZE)
+          raise EncryptionError, "Initialization vector must have a length of #{BLOCKSIZE} bytes."
+        end
 
-                self
-            end
+        @key = key
+        @iv = iv
+        @use_padding = use_padding
+      end
 
-            def decrypt!
-                return self if @decrypted
+      def encrypt(data)
+        if @iv.nil?
+          raise EncryptionError, "No initialization vector has been set."
+        end
 
-                cipher = get_encryption_cipher
-                key = compute_object_key(cipher)
+        if @use_padding
+          padlen = BLOCKSIZE - (data.size % BLOCKSIZE)
+          data << (padlen.chr * padlen)
+        end
 
-                self.encoded_data = cipher.decrypt(key, @encoded_data)
-                @decrypted = true
+        aes = OpenSSL::Cipher.new("aes-#{@key.length << 3}-cbc").encrypt
+        aes.iv = @iv
+        aes.key = @key
+        aes.padding = 0
 
-                self
-            end
+        @iv + aes.update(data) + aes.final
+      end
 
-            private
+      def decrypt(data)
+        unless data.size % BLOCKSIZE == 0
+          raise EncryptionError, "Data must be 16-bytes padded (data size = #{data.size} bytes)"
+        end
 
-            #
-            # Get the stream encryption cipher.
-            # The cipher used may depend on the presence of a Crypt filter.
-            #
-            def get_encryption_cipher
-                if self.filters.first == :Crypt
-                    params = decode_params.first
+        @iv = data.slice!(0, BLOCKSIZE)
 
-                    if params.is_a?(Dictionary) and params.Name.is_a?(Name)
-                        crypt_filter = params.Name.value
-                    else
-                        crypt_filter = :Identity
-                    end
+        aes = OpenSSL::Cipher.new("aes-#{@key.length << 3}-cbc").decrypt
+        aes.iv = @iv
+        aes.key = @key
+        aes.padding = 0
 
-                    cipher = self.document.encryption_cipher(crypt_filter)
-                else
-                    cipher = self.document.stream_encryption_cipher
-                end
+        plain = (aes.update(data) + aes.final).unpack("C*")
 
-                raise EncryptionError, "Cannot find stream encryption filter" if cipher.nil?
+        if @use_padding
+          padlen = plain[-1]
+          unless padlen.between?(1, 16)
+            raise EncryptionError, "Incorrect padding length : #{padlen}"
+          end
 
-                cipher
-            end
+          padlen.times do
+            pad = plain.pop
+            raise EncryptionError, "Incorrect padding byte : 0x#{pad.to_s 16}" if pad != padlen
+          end
         end
 
-        #
-        # Identity transformation.
-        #
-        module Identity
-            def Identity.encrypt(_key, data)
-                data
-            end
+        plain.pack("C*")
+      end
+    end
 
-            def Identity.decrypt(_key, data)
-                data
-            end
+    #
+    # Class representing a crypt filter Dictionary
+    #
+    class CryptFilterDictionary < Dictionary
+      include StandardObject
+
+      field :Type, Type: Name, Default: :CryptFilter
+      field :CFM, Type: Name, Default: :None
+      field :AuthEvent, Type: Name, Default: :DocOpen
+      field :Length, Type: Integer
+    end
+
+    #
+    # Common class for encryption dictionaries.
+    #
+    class EncryptionDictionary < Dictionary
+      include StandardObject
+
+      field :Filter, Type: Name, Default: :Standard, Required: true
+      field :SubFilter, Type: Name, Version: "1.3"
+      field :V, Type: Integer, Default: 0
+      field :Length, Type: Integer, Default: 40, Version: "1.4"
+      field :CF, Type: Dictionary, Version: "1.5"
+      field :StmF, Type: Name, Default: :Identity, Version: "1.5"
+      field :StrF, Type: Name, Default: :Identity, Version: "1.5"
+      field :EFF, Type: Name, Version: "1.6"
+
+      #
+      # Returns the default string encryption cipher.
+      #
+      def string_encryption_cipher
+        encryption_cipher(self.StrF || :Identity)
+      end
+
+      #
+      # Returns the default stream encryption cipher.
+      #
+      def stream_encryption_cipher
+        encryption_cipher(self.StmF || :Identity)
+      end
+
+      #
+      # Returns the encryption cipher corresponding to a crypt filter name.
+      #
+      def encryption_cipher(name)
+        case self.V.to_i
+        when 1, 2
+          Encryption::RC4
+        when 4, 5
+          return Encryption::Identity if name == :Identity
+
+          select_cipher_by_name(name)
+        else
+          raise EncryptionNotSupportedError, "Unsupported encryption version: #{handler.V}"
+        end
+      end
+
+      private
+
+      #
+      # Returns the cipher associated with a crypt filter name.
+      #
+      def select_cipher_by_name(name)
+        raise EncryptionError, "Broken CF entry" unless self.CF.is_a?(Dictionary)
+
+        self.CF.select { |key, dict| key == name and dict.is_a?(Dictionary) }
+          .map { |_, dict| cipher_from_crypt_filter_method(dict[:CFM] || :None) }
+          .first
+      end
+
+      #
+      # Converts a crypt filter method identifier to its cipher class.
+      #
+      def cipher_from_crypt_filter_method(name)
+        case name.to_sym
+        when :None then Encryption::Identity
+        when :V2 then Encryption::RC4
+        when :AESV2 then Encryption::AES
+        when :AESV3
+          raise EncryptionNotSupportedError, "AESV3 requires a version 5 handler" if self.V.to_i != 5
+          Encryption::AES
+        else
+          raise EncryptionNotSupportedError, "Unsupported crypt filter method: #{name}"
+        end
+      end
+    end
+
+    #
+    # The standard security handler for PDF encryption.
+    #
+    module Standard
+      PADDING = "\x28\xBF\x4E\x5E\x4E\x75\x8A\x41\x64\x00\x4E\x56\xFF\xFA\x01\x08\x2E\x2E\x00\xB6\xD0\x68\x3E\x80\x2F\x0C\xA9\xFE\x64\x53\x69\x7A".b # :nodoc:
+
+      #
+      # Permission constants for encrypted documents.
+      #
+      module Permissions
+        RESERVED = 1 << 6 | 1 << 7 | 0xFFFFF000
+        PRINT = 1 << 2 | RESERVED
+        MODIFY_CONTENTS = 1 << 3 | RESERVED
+        COPY_CONTENTS = 1 << 4 | RESERVED
+        MODIFY_ANNOTATIONS = 1 << 5 | RESERVED
+        FILLIN_FORMS = 1 << 8 | RESERVED
+        EXTRACT_CONTENTS = 1 << 9 | RESERVED
+        ASSEMBLE_DOC = 1 << 10 | RESERVED
+        HIGH_QUALITY_PRINT = 1 << 11 | RESERVED
+
+        ALL = PRINT | MODIFY_CONTENTS | COPY_CONTENTS |
+          MODIFY_ANNOTATIONS | FILLIN_FORMS | EXTRACT_CONTENTS |
+          ASSEMBLE_DOC | HIGH_QUALITY_PRINT
+      end
+
+      #
+      # Class defining a standard encryption dictionary.
+      #
+      class Dictionary < EncryptionDictionary
+        field :R, Type: Number, Required: true
+        field :O, Type: String, Required: true
+        field :U, Type: String, Required: true
+        field :OE, Type: String, Version: '1.7', ExtensionLevel: 3
+        field :UE, Type: String, Version: '1.7', ExtensionLevel: 3
+        field :Perms, Type: String, Version: '1.7', ExtensionLevel: 3
+        field :P, Type: Integer, Default: 0, Required: true
+        field :EncryptMetadata, Type: Boolean, Default: true, Version: "1.5"
+
+        def version_required # :nodoc:
+          if self.R > 5
+            ['1.7', 8]
+          else
+            super
+          end
         end
 
         #
-        # Class wrapper for the RC4 algorithm.
+        # Checks the given password and derives the document encryption key.
+        # Raises EncryptionInvalidPasswordError on invalid password.
         #
-        class RC4
-
-            #
-            # Encrypts data using the given key
-            #
-            def RC4.encrypt(key, data)
-                RC4.new(key).encrypt(data)
-            end
-
-            #
-            # Decrypts data using the given key
-            #
-            def RC4.decrypt(key, data)
-                RC4.new(key).decrypt(data)
+        def derive_encryption_key(passwd, doc_id)
+          if is_user_password?(passwd, doc_id)
+            compute_user_encryption_key(passwd, doc_id)
+          elsif is_owner_password?(passwd, doc_id)
+            if self.V.to_i < 5
+              user_passwd = retrieve_user_password(passwd)
+              compute_user_encryption_key(user_passwd, doc_id)
+            else
+              compute_owner_encryption_key(passwd)
             end
+          else
+            raise EncryptionInvalidPasswordError
+          end
+        end
 
-            #
-            # Creates and initialises a new RC4 generator using given key
-            #
-            def initialize(key)
-                @key = key
-            end
+        #
+        # Computes the key that will be used to encrypt/decrypt the document contents with user password.
+        # Called at all revisions.
+        #
+        def compute_user_encryption_key(user_password, file_id)
+          return compute_legacy_user_encryption_key(user_password, file_id) if self.R < 5
 
-            #
-            # Encrypt/decrypt data with the RC4 encryption algorithm
-            #
-            def cipher(data)
-                return '' if data.empty?
+          passwd = password_to_utf8(user_password)
 
-                rc4 = OpenSSL::Cipher::RC4.new.encrypt
-                rc4.key_len = @key.length
-                rc4.key = @key
+          uks = self.U[40, 8]
 
-                rc4.update(data) + rc4.final
-            end
+          ukey = if self.R == 5
+            Digest::SHA256.digest(passwd + uks)
+          else
+            compute_hardened_hash(passwd, uks)
+          end
 
-            alias encrypt cipher
-            alias decrypt cipher
+          iv = ::Array.new(AES::BLOCKSIZE, 0).pack("C*")
+          AES.new(ukey, nil, false).decrypt(iv + self.UE.value)
         end
 
         #
-        # Class wrapper for AES mode CBC.
+        # Computes the key that will be used to encrypt/decrypt the document contents.
+        # Only for Revision 4 and less.
         #
-        class AES
-            BLOCKSIZE = 16
+        def compute_legacy_user_encryption_key(user_password, file_id)
+          padded = pad_password(user_password)
+          padded.force_encoding('binary')
 
-            attr_writer :iv
+          padded << self.O
+          padded << [self.P].pack("i")
 
-            def AES.encrypt(key, iv, data)
-                AES.new(key, iv).encrypt(data)
-            end
+          padded << file_id
 
-            def AES.decrypt(key, data)
-                AES.new(key, nil).decrypt(data)
-            end
+          encrypt_metadata = self.EncryptMetadata != false
+          padded << [-1].pack("i") if (self.R >= 4) && !encrypt_metadata
 
-            def initialize(key, iv, use_padding = true)
-                unless [16, 24, 32].include?(key.size)
-                    raise EncryptionError, "Key must have a length of 128, 192 or 256 bits."
-                end
+          key = Digest::MD5.digest(padded)
 
-                if not iv.nil? and iv.size != BLOCKSIZE
-                    raise EncryptionError, "Initialization vector must have a length of #{BLOCKSIZE} bytes."
-                end
+          50.times { key = Digest::MD5.digest(key[0, self.Length / 8]) } if self.R >= 3
 
-                @key = key
-                @iv = iv
-                @use_padding = use_padding
-            end
+          truncate_key(key)
+        end
 
-            def encrypt(data)
-                if @iv.nil?
-                    raise EncryptionError, "No initialization vector has been set."
-                end
+        #
+        # Computes the key that will be used to encrypt/decrypt the document contents with owner password.
+        # Revision 5 and above.
+        #
+        def compute_owner_encryption_key(owner_password)
+          return if self.R < 5
 
-                if @use_padding
-                    padlen = BLOCKSIZE - (data.size % BLOCKSIZE)
-                    data << (padlen.chr * padlen)
-                end
+          passwd = password_to_utf8(owner_password)
+          oks = self.O[40, 8]
 
-                aes = OpenSSL::Cipher.new("aes-#{@key.length << 3}-cbc").encrypt
-                aes.iv = @iv
-                aes.key = @key
-                aes.padding = 0
+          okey = if self.R == 5
+            Digest::SHA256.digest(passwd + oks + self.U)
+          else
+            compute_hardened_hash(passwd, oks, self.U)
+          end
 
-                @iv + aes.update(data) + aes.final
-            end
+          iv = ::Array.new(AES::BLOCKSIZE, 0).pack("C*")
+          AES.new(okey, nil, false).decrypt(iv + self.OE.value)
+        end
 
-            def decrypt(data)
-                unless data.size % BLOCKSIZE == 0
-                    raise EncryptionError, "Data must be 16-bytes padded (data size = #{data.size} bytes)"
-                end
+        #
+        # Set up document passwords.
+        #
+        def set_passwords(owner_password, user_password, salt = nil)
+          return set_legacy_passwords(owner_password, user_password, salt) if self.R < 5
+
+          upass = password_to_utf8(user_password)
+          opass = password_to_utf8(owner_password)
+
+          uvs, uks, ovs, oks = ::Array.new(4) { Encryption.rand_bytes(8) }
+          file_key = Encryption.strong_rand_bytes(32)
+          iv = ::Array.new(AES::BLOCKSIZE, 0).pack("C*")
+
+          if self.R == 5
+            self.U = Digest::SHA256.digest(upass + uvs) + uvs + uks
+            self.O = Digest::SHA256.digest(opass + ovs + self.U) + ovs + oks
+            ukey = Digest::SHA256.digest(upass + uks)
+            okey = Digest::SHA256.digest(opass + oks + self.U)
+          else
+            self.U = compute_hardened_hash(upass, uvs) + uvs + uks
+            self.O = compute_hardened_hash(opass, ovs, self.U) + ovs + oks
+            ukey = compute_hardened_hash(upass, uks)
+            okey = compute_hardened_hash(opass, oks, self.U)
+          end
+
+          self.UE = AES.new(ukey, iv, false).encrypt(file_key)[iv.size, 32]
+          self.OE = AES.new(okey, iv, false).encrypt(file_key)[iv.size, 32]
+
+          perms =
+            [self.P].pack("V") +                              # 0-3
+            [-1].pack("V") +                                  # 4-7
+            ((self.EncryptMetadata == true) ? "T" : "F") +        # 8
+            "adb" +                                             # 9-11
+            [0].pack("V")                                     # 12-15
+
+          self.Perms = AES.new(file_key, iv, false).encrypt(perms)[iv.size, 16]
+
+          file_key
+        end
+
+        #
+        # Set up document passwords.
+        # Only for Revision 4 and less.
+        #
+        def set_legacy_passwords(owner_password, user_password, salt)
+          owner_key = compute_owner_key(owner_password)
+          upadded = pad_password(user_password)
 
-                @iv = data.slice!(0, BLOCKSIZE)
+          owner_key_hash = RC4.encrypt(owner_key, upadded)
+          19.times { |i| owner_key_hash = RC4.encrypt(xor(owner_key, i + 1), owner_key_hash) } if self.R >= 3
 
-                aes = OpenSSL::Cipher.new("aes-#{@key.length << 3}-cbc").decrypt
-                aes.iv = @iv
-                aes.key = @key
-                aes.padding = 0
+          self.O = owner_key_hash
+          self.U = compute_user_password_hash(user_password, salt)
+        end
+
+        #
+        # Checks user password.
+        # For version 2, 3 and 4, _salt_ is the document ID.
+        # For version 5 and 6, _salt_ is the User Key Salt.
+        #
+        def is_user_password?(pass, salt)
+          if self.R == 2
+            compute_user_password_hash(pass, salt) == self.U
+          elsif (self.R == 3) || (self.R == 4)
+            compute_user_password_hash(pass, salt)[0, 16] == self.U[0, 16]
+          elsif self.R == 5
+            uvs = self.U[32, 8]
+            Digest::SHA256.digest(password_to_utf8(pass) + uvs) == self.U[0, 32]
+          elsif self.R == 6
+            uvs = self.U[32, 8]
+            compute_hardened_hash(password_to_utf8(pass), uvs) == self.U[0, 32]
+          end
+        end
 
-                plain = (aes.update(data) + aes.final).unpack("C*")
+        #
+        # Checks owner password.
+        # For version 2,3 and 4, _salt_ is the document ID.
+        # For version 5, _salt_ is (Owner Key Salt + U)
+        #
+        def is_owner_password?(pass, salt)
+          if self.R < 5
+            user_password = retrieve_user_password(pass)
+            is_user_password?(user_password, salt)
+          elsif self.R == 5
+            ovs = self.O[32, 8]
+            Digest::SHA256.digest(password_to_utf8(pass) + ovs + self.U) == self.O[0, 32]
+          elsif self.R == 6
+            ovs = self.O[32, 8]
+            compute_hardened_hash(password_to_utf8(pass), ovs, self.U[0, 48]) == self.O[0, 32]
+          end
+        end
 
-                if @use_padding
-                    padlen = plain[-1]
-                    unless padlen.between?(1, 16)
-                        raise EncryptionError, "Incorrect padding length : #{padlen}"
-                    end
+        #
+        # Retrieve user password from owner password.
+        # Cannot be used with revision 5.
+        #
+        def retrieve_user_password(owner_password)
+          key = compute_owner_key(owner_password)
 
-                    padlen.times do
-                        pad = plain.pop
-                        raise EncryptionError, "Incorrect padding byte : 0x#{pad.to_s 16}" if pad != padlen
-                    end
-                end
+          if self.R == 2
+            RC4.decrypt(key, self.O)
+          elsif (self.R == 3) || (self.R == 4)
+            user_password = RC4.decrypt(xor(key, 19), self.O)
+            19.times { |i| user_password = RC4.decrypt(xor(key, 18 - i), user_password) }
 
-                plain.pack("C*")
-            end
+            user_password
+          end
         end
 
+        private
+
         #
-        # Class representing a crypt filter Dictionary
+        # Used to encrypt/decrypt the O field.
+        # Rev 2,3,4: O = crypt(user_pass, owner_key).
+        # Rev 5: unused.
         #
-        class CryptFilterDictionary < Dictionary
-            include StandardObject
+        def compute_owner_key(owner_password) # :nodoc:
+          opadded = pad_password(owner_password)
 
-            field   :Type,          :Type => Name, :Default => :CryptFilter
-            field   :CFM,           :Type => Name, :Default => :None
-            field   :AuthEvent,     :Type => Name, :Default => :DocOpen
-            field   :Length,        :Type => Integer
+          owner_key = Digest::MD5.digest(opadded)
+          50.times { owner_key = Digest::MD5.digest(owner_key) } if self.R >= 3
+
+          truncate_key(owner_key)
         end
 
         #
-        # Common class for encryption dictionaries.
+        # Compute the value of the U field.
+        # Cannot be used with revision 5.
         #
-        class EncryptionDictionary < Dictionary
-            include StandardObject
-
-            field   :Filter,        :Type => Name, :Default => :Standard, :Required => true
-            field   :SubFilter,     :Type => Name, :Version => "1.3"
-            field   :V,             :Type => Integer, :Default => 0
-            field   :Length,        :Type => Integer, :Default => 40, :Version => "1.4"
-            field   :CF,            :Type => Dictionary, :Version => "1.5"
-            field   :StmF,          :Type => Name, :Default => :Identity, :Version => "1.5"
-            field   :StrF,          :Type => Name, :Default => :Identity, :Version => "1.5"
-            field   :EFF,           :Type => Name, :Version => "1.6"
-
-            #
-            # Returns the default string encryption cipher.
-            #
-            def string_encryption_cipher
-                encryption_cipher(self.StrF || :Identity)
-            end
+        def compute_user_password_hash(user_password, salt) # :nodoc:
+          if self.R == 2
+            key = compute_user_encryption_key(user_password, salt)
+            user_key = RC4.encrypt(key, PADDING)
+          elsif (self.R == 3) || (self.R == 4)
+            key = compute_user_encryption_key(user_password, salt)
 
-            #
-            # Returns the default stream encryption cipher.
-            #
-            def stream_encryption_cipher
-                encryption_cipher(self.StmF || :Identity)
-            end
+            upadded = PADDING + salt
+            hash = Digest::MD5.digest(upadded)
 
-            #
-            # Returns the encryption cipher corresponding to a crypt filter name.
-            #
-            def encryption_cipher(name)
-                case self.V.to_i
-                when 1, 2
-                    Encryption::RC4
-                when 4, 5
-                    return Encryption::Identity if name == :Identity
-
-                    select_cipher_by_name(name)
-                else
-                    raise EncryptionNotSupportedError, "Unsupported encryption version: #{handler.V}"
-                end
-            end
+            user_key = RC4.encrypt(key, hash)
 
-            private
+            19.times { |i| user_key = RC4.encrypt(xor(key, i + 1), user_key) }
 
-            #
-            # Returns the cipher associated with a crypt filter name.
-            #
-            def select_cipher_by_name(name)
-                raise EncryptionError, "Broken CF entry" unless self.CF.is_a?(Dictionary)
+            user_key.ljust(32, 0xFF.chr)
+          end
+        end
 
-                self.CF.select { |key, dict| key == name and dict.is_a?(Dictionary) }
-                       .map { |_, dict| cipher_from_crypt_filter_method(dict[:CFM] || :None) }
-                       .first
+        #
+        # Computes hardened hash used in revision 6 (extension level 8).
+        #
+        def compute_hardened_hash(password, salt, vector = '')
+          block_size = 32
+          input = Digest::SHA256.digest(password + salt + vector) + "\x00" * 32
+          key = input[0, 16]
+          iv = input[16, 16]
+          digest, aes, h, x = nil, nil, nil, nil
+
+          i = 0
+          while (i < 64) || (i < x[-1].ord + 32)
+
+            block = input[0, block_size]
+
+            aes = OpenSSL::Cipher.new("aes-128-cbc").encrypt
+            aes.iv = iv
+            aes.key = key
+            aes.padding = 0
+
+            64.times do |j|
+              x = ''
+              x += aes.update(password) unless password.empty?
+              x += aes.update(block)
+              x += aes.update(vector) unless vector.empty?
+
+              if j == 0
+                block_size = 32 + (x.unpack("C16").inject(0) { |a, b| a + b } % 3) * 16
+                digest = Digest::SHA2.new(block_size << 3)
+              end
+
+              digest.update(x)
             end
 
-            #
-            # Converts a crypt filter method identifier to its cipher class.
-            #
-            def cipher_from_crypt_filter_method(name)
-                case name.to_sym
-                when :None then Encryption::Identity
-                when :V2 then Encryption::RC4
-                when :AESV2 then Encryption::AES
-                when :AESV3
-                    raise EncryptionNotSupportedError, "AESV3 requires a version 5 handler" if self.V.to_i != 5
-                    Encryption::AES
-                else
-                     raise EncryptionNotSupportedError, "Unsupported crypt filter method: #{name}"
-                end
-            end
+            h = digest.digest
+            key = h[0, 16]
+            input[0, block_size] = h[0, block_size]
+            iv = h[16, 16]
+
+            i += 1
+          end
+
+          h[0, 32]
         end
 
         #
-        # The standard security handler for PDF encryption.
+        # Some revision handlers require different key sizes.
+        # Revision 2 uses 40-bit keys.
+        # Revisions 3 and higher rely on the Length field for the key size.
         #
-        module Standard
-            PADDING = "\x28\xBF\x4E\x5E\x4E\x75\x8A\x41\x64\x00\x4E\x56\xFF\xFA\x01\x08\x2E\x2E\x00\xB6\xD0\x68\x3E\x80\x2F\x0C\xA9\xFE\x64\x53\x69\x7A".b #:nodoc:
-
-            #
-            # Permission constants for encrypted documents.
-            #
-            module Permissions
-                RESERVED = 1 << 6 | 1 << 7 | 0xFFFFF000
-                PRINT = 1 << 2 | RESERVED
-                MODIFY_CONTENTS = 1 << 3 | RESERVED
-                COPY_CONTENTS = 1 << 4 | RESERVED
-                MODIFY_ANNOTATIONS = 1 << 5 | RESERVED
-                FILLIN_FORMS = 1 << 8 | RESERVED
-                EXTRACT_CONTENTS = 1 << 9 | RESERVED
-                ASSEMBLE_DOC = 1 << 10 | RESERVED
-                HIGH_QUALITY_PRINT = 1 << 11 | RESERVED
-
-                ALL = PRINT | MODIFY_CONTENTS | COPY_CONTENTS |
-                      MODIFY_ANNOTATIONS | FILLIN_FORMS | EXTRACT_CONTENTS |
-                      ASSEMBLE_DOC | HIGH_QUALITY_PRINT
-            end
+        def truncate_key(key)
+          if self.R == 2
+            key[0, 5]
+          elsif self.R >= 3
+            key[0, self.Length / 8]
+          end
+        end
 
-            #
-            # Class defining a standard encryption dictionary.
-            #
-            class Dictionary < EncryptionDictionary
-
-                field   :R,             :Type => Number, :Required => true
-                field   :O,             :Type => String, :Required => true
-                field   :U,             :Type => String, :Required => true
-                field   :OE,            :Type => String, :Version => '1.7', :ExtensionLevel => 3
-                field   :UE,            :Type => String, :Version => '1.7', :ExtensionLevel => 3
-                field   :Perms,         :Type => String, :Version => '1.7', :ExtensionLevel => 3
-                field   :P,             :Type => Integer, :Default => 0, :Required => true
-                field   :EncryptMetadata, :Type => Boolean, :Default => true, :Version => "1.5"
-
-                def version_required #:nodoc:
-                    if self.R > 5
-                        [ '1.7', 8 ]
-                    else
-                        super
-                    end
-                end
-
-                #
-                # Checks the given password and derives the document encryption key.
-                # Raises EncryptionInvalidPasswordError on invalid password.
-                #
-                def derive_encryption_key(passwd, doc_id)
-                    if is_user_password?(passwd, doc_id)
-                        compute_user_encryption_key(passwd, doc_id)
-                    elsif is_owner_password?(passwd, doc_id)
-                        if self.V.to_i < 5
-                            user_passwd = retrieve_user_password(passwd)
-                            compute_user_encryption_key(user_passwd, doc_id)
-                        else
-                            compute_owner_encryption_key(passwd)
-                        end
-                    else
-                        raise EncryptionInvalidPasswordError
-                    end
-                end
-
-                #
-                # Computes the key that will be used to encrypt/decrypt the document contents with user password.
-                # Called at all revisions.
-                #
-                def compute_user_encryption_key(user_password, file_id)
-                    return compute_legacy_user_encryption_key(user_password, file_id) if self.R < 5
-
-                    passwd = password_to_utf8(user_password)
-
-                    uks = self.U[40, 8]
-
-                    if self.R == 5
-                        ukey = Digest::SHA256.digest(passwd + uks)
-                    else
-                        ukey = compute_hardened_hash(passwd, uks)
-                    end
-
-                    iv = ::Array.new(AES::BLOCKSIZE, 0).pack("C*")
-                    AES.new(ukey, nil, false).decrypt(iv + self.UE.value)
-                end
-
-                #
-                # Computes the key that will be used to encrypt/decrypt the document contents.
-                # Only for Revision 4 and less.
-                #
-                def compute_legacy_user_encryption_key(user_password, file_id)
-                    padded = pad_password(user_password)
-                    padded.force_encoding('binary')
-
-                    padded << self.O
-                    padded << [ self.P ].pack("i")
-
-                    padded << file_id
-
-                    encrypt_metadata = self.EncryptMetadata != false
-                    padded << [ -1 ].pack("i") if self.R >= 4 and not encrypt_metadata
-
-                    key = Digest::MD5.digest(padded)
-
-                    50.times { key = Digest::MD5.digest(key[0, self.Length / 8]) } if self.R >= 3
-
-                    truncate_key(key)
-                end
-
-                #
-                # Computes the key that will be used to encrypt/decrypt the document contents with owner password.
-                # Revision 5 and above.
-                #
-                def compute_owner_encryption_key(owner_password)
-                    return if self.R < 5
-
-                    passwd = password_to_utf8(owner_password)
-                    oks = self.O[40, 8]
-
-                    if self.R == 5
-                        okey = Digest::SHA256.digest(passwd + oks + self.U)
-                    else
-                        okey = compute_hardened_hash(passwd, oks, self.U)
-                    end
-
-                    iv = ::Array.new(AES::BLOCKSIZE, 0).pack("C*")
-                    AES.new(okey, nil, false).decrypt(iv + self.OE.value)
-                end
-
-                #
-                # Set up document passwords.
-                #
-                def set_passwords(owner_password, user_password, salt = nil)
-                    return set_legacy_passwords(owner_password, user_password, salt) if self.R < 5
-
-                    upass = password_to_utf8(user_password)
-                    opass = password_to_utf8(owner_password)
-
-                    uvs, uks, ovs, oks = ::Array.new(4) { Encryption.rand_bytes(8) }
-                    file_key = Encryption.strong_rand_bytes(32)
-                    iv = ::Array.new(AES::BLOCKSIZE, 0).pack("C*")
-
-                    if self.R == 5
-                        self.U = Digest::SHA256.digest(upass + uvs) + uvs + uks
-                        self.O = Digest::SHA256.digest(opass + ovs + self.U) + ovs + oks
-                        ukey = Digest::SHA256.digest(upass + uks)
-                        okey = Digest::SHA256.digest(opass + oks + self.U)
-                    else
-                        self.U = compute_hardened_hash(upass, uvs) + uvs + uks
-                        self.O = compute_hardened_hash(opass, ovs, self.U) + ovs + oks
-                        ukey = compute_hardened_hash(upass, uks)
-                        okey = compute_hardened_hash(opass, oks, self.U)
-                    end
-
-                    self.UE = AES.new(ukey, iv, false).encrypt(file_key)[iv.size, 32]
-                    self.OE = AES.new(okey, iv, false).encrypt(file_key)[iv.size, 32]
-
-                    perms =
-                        [ self.P ].pack("V") +                              # 0-3
-                        [ -1 ].pack("V") +                                  # 4-7
-                        (self.EncryptMetadata == true ? "T" : "F") +        # 8
-                        "adb" +                                             # 9-11
-                        [ 0 ].pack("V")                                     # 12-15
-
-                    self.Perms = AES.new(file_key, iv, false).encrypt(perms)[iv.size, 16]
-
-                    file_key
-                end
-
-                #
-                # Set up document passwords.
-                # Only for Revision 4 and less.
-                #
-                def set_legacy_passwords(owner_password, user_password, salt)
-                    owner_key = compute_owner_key(owner_password)
-                    upadded = pad_password(user_password)
-
-                    owner_key_hash = RC4.encrypt(owner_key, upadded)
-                    19.times { |i| owner_key_hash = RC4.encrypt(xor(owner_key, i + 1), owner_key_hash) } if self.R >= 3
-
-                    self.O = owner_key_hash
-                    self.U = compute_user_password_hash(user_password, salt)
-                end
-
-                #
-                # Checks user password.
-                # For version 2, 3 and 4, _salt_ is the document ID.
-                # For version 5 and 6, _salt_ is the User Key Salt.
-                #
-                def is_user_password?(pass, salt)
-
-                    if self.R == 2
-                        compute_user_password_hash(pass, salt) == self.U
-                    elsif self.R == 3 or self.R == 4
-                        compute_user_password_hash(pass, salt)[0, 16] == self.U[0, 16]
-                    elsif self.R == 5
-                        uvs = self.U[32, 8]
-                        Digest::SHA256.digest(password_to_utf8(pass) + uvs) == self.U[0, 32]
-                    elsif self.R == 6
-                        uvs = self.U[32, 8]
-                        compute_hardened_hash(password_to_utf8(pass), uvs) == self.U[0, 32]
-                    end
-                end
-
-                #
-                # Checks owner password.
-                # For version 2,3 and 4, _salt_ is the document ID.
-                # For version 5, _salt_ is (Owner Key Salt + U)
-                #
-                def is_owner_password?(pass, salt)
-
-                    if self.R < 5
-                        user_password = retrieve_user_password(pass)
-                        is_user_password?(user_password, salt)
-                    elsif self.R == 5
-                        ovs = self.O[32, 8]
-                        Digest::SHA256.digest(password_to_utf8(pass) + ovs + self.U) == self.O[0, 32]
-                    elsif self.R == 6
-                        ovs = self.O[32, 8]
-                        compute_hardened_hash(password_to_utf8(pass), ovs, self.U[0,48]) == self.O[0, 32]
-                    end
-                end
-
-                #
-                # Retrieve user password from owner password.
-                # Cannot be used with revision 5.
-                #
-                def retrieve_user_password(owner_password)
-
-                    key = compute_owner_key(owner_password)
-
-                    if self.R == 2
-                        RC4.decrypt(key, self.O)
-                    elsif self.R == 3 or self.R == 4
-                        user_password = RC4.decrypt(xor(key, 19), self.O)
-                        19.times { |i| user_password = RC4.decrypt(xor(key, 18-i), user_password) }
-
-                        user_password
-                    end
-                end
-
-                private
-
-                #
-                # Used to encrypt/decrypt the O field.
-                # Rev 2,3,4: O = crypt(user_pass, owner_key).
-                # Rev 5: unused.
-                #
-                def compute_owner_key(owner_password) #:nodoc:
-
-                    opadded = pad_password(owner_password)
-
-                    owner_key = Digest::MD5.digest(opadded)
-                    50.times { owner_key = Digest::MD5.digest(owner_key) } if self.R >= 3
-
-                    truncate_key(owner_key)
-                end
-
-                #
-                # Compute the value of the U field.
-                # Cannot be used with revision 5.
-                #
-                def compute_user_password_hash(user_password, salt) #:nodoc:
-
-                    if self.R == 2
-                        key = compute_user_encryption_key(user_password, salt)
-                        user_key = RC4.encrypt(key, PADDING)
-                    elsif self.R == 3 or self.R == 4
-                        key = compute_user_encryption_key(user_password, salt)
-
-                        upadded = PADDING + salt
-                        hash = Digest::MD5.digest(upadded)
-
-                        user_key = RC4.encrypt(key, hash)
-
-                        19.times { |i| user_key = RC4.encrypt(xor(key,i+1), user_key) }
-
-                        user_key.ljust(32, 0xFF.chr)
-                    end
-                end
-
-                #
-                # Computes hardened hash used in revision 6 (extension level 8).
-                #
-                def compute_hardened_hash(password, salt, vector = '')
-                    block_size = 32
-                    input = Digest::SHA256.digest(password + salt + vector) + "\x00" * 32
-                    key = input[0, 16]
-                    iv = input[16, 16]
-                    digest, aes, h, x = nil, nil, nil, nil
-
-                    i = 0
-                    while i < 64 or i < x[-1].ord + 32
-
-                        block = input[0, block_size]
-
-                        aes = OpenSSL::Cipher.new("aes-128-cbc").encrypt
-                        aes.iv = iv
-                        aes.key = key
-                        aes.padding = 0
-
-                        64.times do |j|
-                            x = ''
-                            x += aes.update(password) unless password.empty?
-                            x += aes.update(block)
-                            x += aes.update(vector) unless vector.empty?
-
-                            if j == 0
-                                block_size = 32 + (x.unpack("C16").inject(0) {|a,b| a+b} % 3) * 16
-                                digest = Digest::SHA2.new(block_size << 3)
-                            end
-
-                            digest.update(x)
-                        end
-
-                        h = digest.digest
-                        key = h[0, 16]
-                        input[0, block_size] = h[0, block_size]
-                        iv = h[16, 16]
-
-                        i = i + 1
-                    end
-
-                    h[0, 32]
-                end
-
-                #
-                # Some revision handlers require different key sizes.
-                # Revision 2 uses 40-bit keys.
-                # Revisions 3 and higher rely on the Length field for the key size.
-                #
-                def truncate_key(key)
-                    if self.R == 2
-                        key[0, 5]
-                    elsif self.R >= 3
-                        key[0, self.Length / 8]
-                    end
-                end
-
-                def xor(str, byte) #:nodoc:
-                    str.bytes.map!{|b| b ^ byte }.pack("C*")
-                end
-
-                def pad_password(password) #:nodoc:
-                    password[0, 32].ljust(32, PADDING)
-                end
-
-                def password_to_utf8(passwd) #:nodoc:
-                    LiteralString.new(passwd).to_utf8[0, 127]
-                end
-            end
+        def xor(str, byte) # :nodoc:
+          str.bytes.map! { |b| b ^ byte }.pack("C*")
+        end
+
+        def pad_password(password) # :nodoc:
+          password[0, 32].ljust(32, PADDING)
         end
-    end
 
+        def password_to_utf8(passwd) # :nodoc:
+          LiteralString.new(passwd).to_utf8[0, 127]
+        end
+      end
+    end
+  end
 end