import { ByteArray, PdfPermissions } from '../../types.js'; import { PdfEncryptionDictionary, PdfEncryptionRecipient, PdfId } from '../types.js'; import { PdfSecurityHandler, PdfStandardSecurityHandler } from './base.js'; /** * Public key security handler implementing certificate-based encryption. * Uses PKCS#7 enveloped data to encrypt the file key for each recipient. * * @example * ```typescript * const handler = new PdfPublicKeySecurityHandler({ * recipients: [{ * certificate: recipientCertBytes, * privateKey: privateKeyBytes * }] * }) * ``` */ export declare class PdfPublicKeySecurityHandler extends PdfSecurityHandler { /** Underlying standard security handler for key derivation. */ private standardSecurityHandler; /** List of recipients with their certificates and optional private keys. */ private recipients; /** Random seed for key generation. */ private seed; /** Promise resolving to PKCS#7 CMS data for each recipient. */ private recipientsCms; /** * Creates a new public key security handler. * * @param options - Configuration including recipients and encryption settings. */ constructor(options: { recipients: PdfEncryptionRecipient[]; standardSecurityHandler?: PdfStandardSecurityHandler; seed?: ByteArray; permissions?: PdfPermissions | number; encryptMetadata?: boolean; }); /** * Gets the security handler filter name. * * @returns 'Adobe.PubSec' for public key encryption. */ getName(): string; /** * Checks if metadata encryption is enabled. * * @returns True if metadata should be encrypted. */ canEncryptMetadata(): boolean; /** * Sets the document ID. * * @param id - The document ID array. */ setDocumentId(id: PdfId): void; /** * Gets the document ID. * * @returns The document ID, or undefined if not set. */ getDocumentId(): PdfId | undefined; /** * Checks if the handler is ready. * * @returns True if the underlying handler is ready. */ isReady(): boolean; /** * Gets the encryption version number. * * @returns The version from the underlying handler. */ getVersion(): number; /** * Gets the encryption revision number. * * @returns The revision from the underlying handler. */ getRevision(): number; /** * Initializes encryption keys from the seed and recipient data. * * @param seed - Optional seed to use instead of the default. * @returns The derived encryption key. * @throws Error if no recipients are configured. */ private initKeys; /** * Writes the encryption dictionary with public key-specific entries. */ write(): Promise; /** * Creates PKCS#7 enveloped data for each recipient. * * @param data - The data to encrypt for recipients. * @returns Array of PKCS#7 CMS bytes for each recipient. * @throws Error if any recipient lacks a certificate. */ private getRecipientsPkcs7; /** * Reads encryption parameters from the encryption dictionary. * * @param dictionary - The encryption dictionary from the PDF. * @throws Error if required entries are missing. */ readEncryptionDictionary(dictionary: PdfEncryptionDictionary): void; /** * Gets the underlying standard security handler. * * @returns The standard security handler used for encryption. */ getStandardSecurityHandler(): PdfStandardSecurityHandler; /** * Decrypts recipient CMS data to recover the seed and permissions. * * @returns The seed and permissions, or throws if no matching recipient is found. * @throws Error if no recipient with private key can decrypt the CMS data. */ private getSeed; /** * Decrypts data using the underlying security handler. * * @param type - The type of content being decrypted. * @param data - The encrypted data. * @param objectNumber - The PDF object number. * @param generationNumber - The PDF generation number. * @returns The decrypted data. */ decrypt(type: 'string' | 'stream' | 'file', data: ByteArray, objectNumber?: number, generationNumber?: number): Promise; /** * Encrypts data using the underlying security handler. * * @param type - The type of content being encrypted. * @param data - The data to encrypt. * @param objectNumber - The PDF object number. * @param generationNumber - The PDF generation number. * @returns The encrypted data. */ encrypt(type: 'string' | 'stream' | 'file', data: ByteArray, objectNumber?: number, generationNumber?: number): Promise; /** * Computes the object encryption key. * * @param objectNumber - The PDF object number. * @param generationNumber - The PDF generation number. * @returns The computed object key. */ computeObjectKey(objectNumber?: number, generationNumber?: number): Promise; /** * Creates PKCS#7 enveloped data for recipients. * * @param options - Data and recipient certificates. * @returns The PKCS#7 CMS bytes. */ private pkcs7EnvelopedData; /** * Extracts the seed and permissions from CMS enveloped data. * * @param contentInfoBytes - The CMS content info bytes. * @param privateKey - The private key for decryption. * @returns The extracted seed and permissions. */ private extractSeedAndPermissions; }