ISO/TS 32003:2023

TECHNICAL ISO/TS
SPECIFICATION 32003
First edition
2023-05
Document management — Portable
Document Format — Adding support
of AES-GCM in PDF 2.0
Gestion de documents — Format de document portable — Ajout d'un
support pour AES-GCM dans PDF 2.0
Reference number
© ISO 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Extension schema details .2
5 Proposed Changes . 2
5.1 Encrypt Dictionary . 2
5.2 Encryption of data using AES-GCM in PDF objects . 3
Bibliography . 5
iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use
of (a) patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed
patent rights in respect thereof. As of the date of publication of this document, ISO had not received
notice of (a) patent(s) which may be required to implement this document. However, implementers are
cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents. ISO shall not be held responsible for identifying any or all
such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 171, Document management applications,
Subcommittee SC 2, Document file formats, EDMS systems and authenticity of information.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv
Introduction
The Galois/Counter Mode (GCM) is a block cipher mode of operation that was standardized for use with
the Advanced Encryption Standard (AES) by the US National Institute for Standards and Technology
(NIST). AES-GCM provides high-speed encryption and data integrity.
AES-GCM is an authenticated encryption algorithm: it provides confidentiality as well as ciphertext
authentication. The two cryptographic primitives supplied by AES-GCM are referred to as authenticated
encryption and authenticated decryption. The authenticated encryption function encrypts the
confidential data and computes an authentication tag on both the ciphertext and, optionally, an
additional authenticated data (AAD) payload. The authenticated decryption function decrypts the
confidential data, contingent on the verification of the tag. Each of these functions is relatively efficient
and able to be parallelized; consequently, high throughput implementations are possible in both
hardware and software. The AES-GCM algorithm supports cipher key of size 128-bits, 192-bits and
256-bits. The block size is of 128 bits.
In PDF encryption, encryption is applied to individual streams and strings. Using AES-GCM therefore
authenticates all individual ciphertexts, but a separate mechanism is required to achieve document-
1)
level integrity guarantees. One such mechanism is defined in ISO/TS 32004.
v
TECHNICAL SPECIFICATION ISO/TS 32003:2023(E)
Document management — Portable Document Format —
Adding support of AES-GCM in PDF 2.0
1 Scope
This document specifies how to extend the specification contained in ISO 32000-2 by adding extensions
to the Encrypt dictionary to support the Advanced Encryption Standard (AES)-Galois/Counter Mode
(GCM) encryption algorithm.
These extensions are intended for developers of:
— software that creates PDF files (PDF writers);
— software that reads existing PDF files and (usually) interprets their contents for display (PDF
readers);
— software that reads and displays PDF content and interacts with the computer users to possibly
modify and save the PDF file (interactive PDF processors) and PDF products that read and/or write PDF
files for a variety of other purposes (PDF processors).
NOTE PDF writers and PDF readers are more specialized classifications of interactive PDF processors and
all are PDF processors.
This document does not specify the following:
— specific processes for converting paper or electronic documents to the PDF file format;
— specific technical design, user i
...