Network Working Group E. Taft
Request for Comments: 3778 J. Pravetz
Category: Informational S. Zilles
L. Masinter
Adobe Systems
May 2004
Network Working Group E. Taft
Request for Comments: 3778 J. Pravetz
Category: Informational S. Zilles
L. Masinter
Adobe Systems
May 2004
The application/pdf Media Type
应用程序/pdf媒体类型
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2004). All Rights Reserved.
版权所有(C)互联网协会(2004年)。版权所有。
Abstract
摘要
PDF, the 'Portable Document Format', is a general document representation language that has been in use for document exchange on the Internet since 1993. This document provides an overview of the PDF format, explains the mechanisms for digital signatures and encryption within PDF files, and updates the media type registration of 'application/pdf'.
PDF,即“可移植文档格式”,是一种通用的文档表示语言,自1993年以来一直用于互联网上的文档交换。本文档概述了PDF格式,解释了PDF文件中的数字签名和加密机制,并更新了“应用程序/PDF”的媒体类型注册。
Table of Contents
目录
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 2
2. History . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Fragment Identifiers. . . . . . . . . . . . . . . . . . . . . 3
4. Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Digital Signatures. . . . . . . . . . . . . . . . . . . . . . 5
6. PDF implementations . . . . . . . . . . . . . . . . . . . . . 8
7. Security Considerations . . . . . . . . . . . . . . . . . . . 8
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
9. References. . . . . . . . . . . . . . . . . . . . . . . . . .
9.1. Normative References. . . . . . . . . . . . . . . . . . 10
9.2. Informative References. . . . . . . . . . . . . . . . . 10
10. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . 12
11. Full Copyright Statement. . . . . . . . . . . . . . . . . . . 14
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 2
2. History . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Fragment Identifiers. . . . . . . . . . . . . . . . . . . . . 3
4. Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Digital Signatures. . . . . . . . . . . . . . . . . . . . . . 5
6. PDF implementations . . . . . . . . . . . . . . . . . . . . . 8
7. Security Considerations . . . . . . . . . . . . . . . . . . . 8
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
9. References. . . . . . . . . . . . . . . . . . . . . . . . . .
9.1. Normative References. . . . . . . . . . . . . . . . . . 10
9.2. Informative References. . . . . . . . . . . . . . . . . 10
10. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . 12
11. Full Copyright Statement. . . . . . . . . . . . . . . . . . . 14
This document is intended to provide updated information on the registration of the MIME Media Type "application/pdf", with particular focus on the features that help mitigate security concerns. This document refers to features documented in the PDF References versions 1 [1], 1.3 [2], 1.4 [3] and 1.5 [4], as updated by errata [5].
本文档旨在提供有关MIME媒体类型“application/pdf”注册的最新信息,特别关注有助于缓解安全问题的功能。本文件引用了由勘误表[5]更新的PDF参考文件版本1[1]、1.3[2]、1.4[3]和1.5[4]中记录的功能。
PDF is used widely in the Internet Community. Since PDF was introduced in 1993, it has grown to be a widely-used format for capturing and exchanging formatted documents electronically, across the Web, via e-mail, and, for that matter, virtually every other document exchange mechanism.
PDF在互联网社区中被广泛使用。自1993年引入PDF以来,它已发展成为一种广泛使用的格式,用于通过电子方式、网络、电子邮件以及几乎所有其他文档交换机制捕获和交换格式化文档。
PDF represents formatted documents. These documents may be structured or simple. They may contain text, images, graphics, and other multimedia content, such as video and audio. There is support for annotations, metadata, hypertext links, and bookmarks.
PDF表示格式化文档。这些文件可以是结构化的,也可以是简单的。它们可能包含文本、图像、图形和其他多媒体内容,如视频和音频。支持注释、元数据、超文本链接和书签。
PDF supports encryption and digital signatures in the document. The encryption capability is also combined with access control information in a way that is intended to manage the uses that a recipient can make of a document.
PDF支持文档中的加密和数字签名。加密功能还与访问控制信息相结合,旨在管理收件人对文档的使用。
PDF usage is specified in other international standards. ISO 15930- 1:2001 PDF/X [16] has been adopted as the exchange standard for electronic documents within the Prepress community. PDF/X is a profile of PDF that references the PDF Reference, Third edition [2], as the source specification.
其他国际标准中规定了PDF的使用。ISO 15930-1:2001 PDF/X[16]已被采纳为印前社区内电子文档的交换标准。PDF/X是PDF的一个概要文件,引用PDF参考第三版[2]作为源规范。
Another profile of PDF, known as PDF/A [17], is being developed for use as an international standard as an electronic document file format for long-term preservation. Following the work on PDF/X, the activity is joint work between NPES (The Association for Suppliers of Printing, Publishing and Converting Technologies) and AIIM International (the Association for Information and Image Management, International). AIIM is the secretariat for ISO/TC 171 SC2, Document Imaging Applications.
另一种PDF格式,称为PDF/A[17],正在开发中,作为一种国际标准,用作长期保存的电子文档文件格式。继PDF/X工作之后,该活动是NPES(印刷、出版和转换技术供应商协会)和AIIM国际(国际信息和图像管理协会)之间的联合工作。AIIM是ISO/TC 171 SC2文件成像应用的秘书处。
PDF usage is widespread enough for 'application/pdf' to be used in other IETF specifications. RFC 2346 [15] describes how to better structure PDF files for international exchange of documents where different paper sizes are used; HTTP byte range retrieval is illustrated using application/pdf (RFC 2616 [14], Section 19.2); RFC 3297 [13] illustrates how PDF can be sent to a recipient that identifies his ability to accept the PDF using content negotiation.
PDF的使用非常广泛,足以在其他IETF规范中使用“应用程序/PDF”。RFC 2346[15]描述了如何更好地构造PDF文件,以便在使用不同纸张尺寸的情况下进行国际文档交换;HTTP字节范围检索使用application/pdf进行说明(RFC 2616[14],第19.2节);RFC 3297[13]说明了如何将PDF发送给收件人,以确定其是否能够通过内容协商接受PDF。
PDF was originally envisioned as a way to communicate and view printed information electronically across a wide variety of machine configurations, operating systems, and communication networks in a reliable manner.
PDF最初被设想为一种以可靠的方式跨各种机器配置、操作系统和通信网络以电子方式通信和查看打印信息的方式。
PDF relies on the same imaging model as the PostScript page description language to render complex text, images, and graphics in a device and resolution-independent manner, bringing this feature to the screen as well as the printer. To improve performance for interactive viewing, PDF defines a more structured format than that used by most PostScript language programs. PDF also includes objects, such as hypertext links and annotations, that are not part of the page itself, but are useful for building collections of related documents and for reviewing and commenting on documents.
PDF依赖于与PostScript页面描述语言相同的成像模型,以设备和分辨率独立的方式呈现复杂的文本、图像和图形,将此功能带到屏幕和打印机上。为了提高交互式查看的性能,PDF定义了比大多数PostScript语言程序使用的更结构化的格式。PDF还包括对象,例如超文本链接和注释,它们不是页面本身的一部分,但对于构建相关文档集合以及查看和评论文档非常有用。
The application/pdf media type was first registered in 1993 by Paul Lindner for use by the gopher protocol; the registration was subsequently updated in 1994 by Steve Zilles.
应用程序/pdf媒体类型于1993年由Paul Lindner首次注册,供gopher协议使用;随后,Steve Zilles于1994年更新了注册。
The handling of fragment identifiers [6] is currently defined in Adobe Technical Note 5428 [7]. This section summarizes that material.
片段标识符[6]的处理目前在Adobe技术说明5428[7]中定义。本节总结了该材料。
A fragment identifier consists of one or more PDF-open parameters in a single URL, separated by the ampersand (&) or pound (#) character. Each parameter implies an action to be performed and the value to be used for that action. Actions are processed and executed from left to right as they appear in the character string that makes up the fragment identifier.
片段标识符由单个URL中的一个或多个PDF打开参数组成,由符号(&)或磅(#)字符分隔。每个参数都表示要执行的操作以及用于该操作的值。当动作出现在组成片段标识符的字符串中时,从左到右处理和执行动作。
The PDF-open parameters allow the specification of a particular page or named destination to open. Named destinations are similar to the "anchors" used in HTML or the IDs used in XML. Once the target is specified, the view of the page in which it occurs can be specified, either by specifying the position of a viewing rectangle and its scale or size coordinates or by specifying a view relative to the viewing window in which the chosen page is to be presented.
PDF open参数允许打开特定页面或指定目的地的规范。命名目的地类似于HTML中使用的“锚”或XML中使用的ID。指定目标后,可以通过指定查看矩形的位置及其比例或大小坐标,或指定相对于要显示所选页面的查看窗口的视图,来指定目标所在页面的视图。
The list of PDF-open parameters and the action they imply is:
PDF打开参数列表及其暗示的操作为:
nameddest=<name> Open to a specified named destination (which includes a view).
NamedTest=<name>打开到指定的命名目标(包括视图)。
page=<pagenum> Open the specified (physical) page.
page=<pagenum>打开指定的(物理)页面。
zoom=<scale>,<left>,<top> Set the <scale> and scrolling factors. <left>, and <top> are measured from the top left corner of the page, independent of the size of the page. The pair <left> and <top> are optional but both must appear if present.
缩放=<scale>,<left>,<top>设置<scale>和滚动因子<left>和<top>从页面的左上角开始测量,与页面大小无关。对<left>和<top>是可选的,但如果存在,则两者都必须出现。
view=<keyword>,<position> Set the view to show some specified portion of the page or its bounding box; keywords are defined by Table 8.2 of the PDF Reference, version 1.5. The <position> value is required for some of the keywords and not allowed for others.
view=<keyword>,<position>设置视图以显示页面或其边框的某些指定部分;关键字由PDF参考1.5版的表8.2定义。某些关键字需要<position>值,而其他关键字则不允许。
viewrect=<left>,<top>,<wd>,<ht> As with the zoom parameter, set the scale and scrolling factors, but using an explicit width and height instead of a scale percentage.
viewrect=<left>,<top>,<wd>,<ht>与缩放参数一样,设置缩放和滚动因子,但使用显式宽度和高度而不是缩放百分比。
highlight=<lt>,<rt>,<top>,<btm> Highlight a rectangle on the chosen page where <lt>, <rt>, <top>, and <btm> are the coordinates of the sides of the rectangle measured from the top left corner of the page.
highlight=<lt>、<rt>、<top>、<btm>高亮显示所选页面上的矩形,其中<lt>、<rt>、<top>和<btm>是从页面左上角测量的矩形边的坐标。
All specified actions are executed in order; later actions will override the effects of previous actions; for this reason, page actions should appear before zoom actions. Commands are not case sensitive (except for the value of a named destination).
按顺序执行所有指定的操作;以后的操作将覆盖以前操作的效果;因此,页面操作应出现在缩放操作之前。命令不区分大小写(指定目标的值除外)。
PDF files allow access to be controlled using encryption and permission settings. A document's data decryption keys and permission settings are provided by encryption handlers. An 'Encryption Dictionary' is provided in the document trailer to enable encryption handlers to store document-specific information. Different encryption handlers can provide for different sets of permissions. The PDF encoding rules for password and public key encryption handlers are specified in the PDF Reference.
PDF文件允许使用加密和权限设置控制访问。文档的数据解密密钥和权限设置由加密处理程序提供。文档尾部中提供了一个“加密字典”,以使加密处理程序能够存储文档特定的信息。不同的加密处理程序可以提供不同的权限集。密码和公钥加密处理程序的PDF编码规则在PDF参考中指定。
A person that is able to 'access' a document is said to be able to open and view the document. Access is possible when a person can provide the key with which to decrypt the document. The key is protected and provided by the encryption handler. Encryption handlers will normally require some sort of authentication before a person can access the document decryption key.
能够“访问”文档的人被称为能够打开和查看文档。当一个人可以提供用于解密文档的密钥时,访问是可能的。密钥由加密处理程序保护和提供。加密处理程序通常需要某种身份验证才能访问文档解密密钥。
Encryption of PDF files is normally applied to all string and stream data in the document, and only to string and stream data. By encrypting only data portions of the PDF file, random access to PDF file contents is maintained. The data is normally encrypted using the 40 to 128-bit RC4 [8] encryption algorithm. Use of decryption filters allow algorithms other than RC4 to be used.
PDF文件的加密通常应用于文档中的所有字符串和流数据,并且仅应用于字符串和流数据。通过仅加密PDF文件的数据部分,可以保持对PDF文件内容的随机访问。数据通常使用40到128位RC4[8]加密算法进行加密。使用解密过滤器允许使用RC4以外的算法。
The person that has access to a document will be given certain permissions for the document. A person that has full permissions, including permission to save a document without encryption, is said to be an 'owner'. A person that has restricted permissions is said to be a 'user'. Example permissions include the ability to copy text and other content from the PDF file, the ability to fill in form field data, and the ability to print the PDF file. Enforcement of permissions is the responsibility of the viewing application.
有权访问文档的人将被授予文档的某些权限。拥有完全权限(包括不加密保存文档的权限)的人被称为“所有者”。拥有受限权限的人被称为“用户”。示例权限包括从PDF文件复制文本和其他内容的能力、填写表单字段数据的能力以及打印PDF文件的能力。权限的强制执行是查看应用程序的责任。
Password encryption allows the possibility of two different passwords to be used when providing access to the document. The 'author' password allows access to the document and full permissions, including the permission to save the document without encryption. The 'user' password allows access to the document, but access is restricted by a set of permissions.
密码加密允许在访问文档时使用两个不同的密码。“作者”密码允许访问文档和完全权限,包括不加密保存文档的权限。“用户”密码允许访问文档,但访问受到一组权限的限制。
Public key encryption of PDF files uses one or more PKCS#7 [9] objects to store information regarding recipients that are able to open a document. Each PKCS#7 object contains a list of recipients, a document decryption key, and permission settings that apply to all recipients listed for that PKCS#7 object. The document decryption key is protected with a triple-DES key that is encrypted once with the public key of each listed recipient.
PDF文件的公钥加密使用一个或多个PKCS#7[9]对象来存储有关能够打开文档的收件人的信息。每个PKCS#7对象都包含一个收件人列表、一个文档解密密钥以及适用于该PKCS#7对象列出的所有收件人的权限设置。文档解密密钥受三重DES密钥保护,该密钥使用每个列出的收件人的公钥加密一次。
A digital signature can be used to authenticate the identity of a user and the validity of a document's contents. PDF supports the association of a digital signature with a complete record that is needed to reproduce a visual representation of what a person saw when they signed the PDF file. PDF digital signatures allows for multiple signers to update and sign the same document; a subsequent user may then view the state of the document at each point when any individual signature was applied.
数字签名可用于验证用户身份和文档内容的有效性。PDF支持将数字签名与完整记录相关联,该记录是再现一个人在签署PDF文件时看到的内容的视觉表示所必需的。PDF数字签名允许多个签名者更新和签署同一文档;随后,当应用任何个人签名时,后续用户可以在每个点查看文档的状态。
The full specification for PDF digital signatures is contained in the PDF Reference [4] section 8.7 and Appendix I; an overview is provided here.
PDF数字签名的完整规范包含在PDF参考[4]第8.7节和附录I中;这里提供了一个概述。
PDF signature information is stored in a 'signature dictionary' data structure. A signature is created by computing a digest of the data stored in the document. To verify the signature, the digest is recomputed and compared with the one stored in the document. Differences in the digest values indicate that modifications have been made since the document was signed.
PDF签名信息存储在“签名字典”数据结构中。签名是通过计算文档中存储的数据摘要来创建的。为了验证签名,将重新计算摘要并与文档中存储的摘要进行比较。摘要值的差异表明自文件签署后已进行了修改。
All bytes of the PDF file are covered by the signature digest, including the signature dictionary, but excluding the signature value itself. The range of bytes is defined and stored as the value of the ByteRange key in the signature dictionary. The ByteRange value is an array of integer pairs, where each pair includes a starting byte offset and length in bytes. There are two pairs, one describing the range of bytes preceding the signature value, and the other describing the range of bytes that occur after the signature value.
PDF文件的所有字节都包含在签名摘要中,包括签名字典,但不包括签名值本身。字节范围被定义并存储为签名字典中ByteRange密钥的值。ByteRange值是一个整数对数组,其中每对包括起始字节偏移量和字节长度。有两对,一对描述签名值之前的字节范围,另一对描述签名值之后出现的字节范围。
PDF public key digital signature syntax is specified for PKCS#1 [11] and PKCS#7 [9] signatures. In both cases, all bytes of the PDF file are signed, with the exclusion of the PKCS#1 or PKCS#7, signature value, objects.
为PKCS#1[11]和PKCS#7[9]签名指定了PDF公钥数字签名语法。在这两种情况下,PDF文件的所有字节都经过签名,不包括PKCS#1或PKCS#7、签名值和对象。
The signature dictionary contains additional attributes. The 'SubFilter' attribute describes the encoding of the signature value, and the 'Contents' attribute contains the signature value which is normally hex (base16) encoded. There are currently three recommended SubFilter types:
签名字典包含其他属性。“SubFilter”属性描述签名值的编码,“Contents”属性包含通常为十六进制(base16)编码的签名值。目前有三种推荐的副过滤器类型:
adbe.x509.rsa_sha1 In this case, the Contents key contains a DER-encoded PKCS#1 [11] binary data object representing the signature obtained as the RSA encryption of the byte range SHA-1 digest with the signer's private key. When using PKCS#1, the certificate chain of the signer is included with other signature information in the signed document.
adbe.x509.rsa#u sha1在本例中,内容密钥包含一个DER编码的PKCS#1[11]二进制数据对象,表示作为签名者私钥对字节范围SHA-1摘要进行rsa加密而获得的签名。使用PKCS#1时,签名者的证书链与签名文档中的其他签名信息一起包含。
adbe.pkcs7.sha1 In this case, the value of Contents is a DER-encoded PKCS#7 binary data object containing the signature. The SHA1 digest of the byte range is encapsulated in the PKCS#7 signed-data field with ContentInfo of type "data".
adbe.pkcs7.sha1在本例中,内容的值是包含签名的DER编码的PKCS#7二进制数据对象。字节范围的SHA1摘要封装在PKCS#7有符号数据字段中,内容信息类型为“data”。
adbe.pkcs7.detached In this case, the value of Contents is a DER-encoded PKCS#7 binary data object containing the signature. No data is encapsulated in the PKCS#7 signed-data field.
在本例中,Contents的值是包含签名的DER编码的PKCS#7二进制数据对象。PKCS#7签名数据字段中未封装任何数据。
If the type of signature is 'adbe.x509.rsa_sha1', the signature dictionary includes a key named 'Cert', which contains at least the signer's X.509 public-key certificate represented as a binary string. The value could also be an array of strings where the first entry is the signer's certificate and the following entries are one or more issuer certifications from the signer's trust chain.
如果签名类型为“adbe.x509.rsa_sha1”,则签名字典包含一个名为“Cert”的密钥,该密钥至少包含签名者的X.509公钥证书(表示为二进制字符串)。该值也可以是字符串数组,其中第一个条目是签名者的证书,以下条目是来自签名者信任链的一个或多个颁发者证书。
If the type of signature is 'adbe.pkcs7.sha1' or 'adbe.pkcs7.detached', the 'Cert' key is not used and the certificate must be put in the PKCS#7 object stored in the 'Contents' key. The minimum required certificate to include in the PKCS#7 object is the signer's X.509 signing certificate. It may also optionally contain one or more issuer certifications from the signer's trust chain.
如果签名类型为'adbe.pkcs7.sha1'或'adbe.pkcs7.detached',则不使用'Cert'密钥,并且必须将证书放入存储在'Contents'密钥中的PKCS#7对象中。PKCS#7对象中包含的最低要求证书是签名者的X.509签名证书。它还可以选择性地包含来自签名者信任链的一个或多个颁发者证书。
Multiple signatures are supported using the incremental save capabilities of PDF. When changes to a file are made and a new signature is applied to the document, the changes are appended after the last byte of the previously existing document and then the new signature digest is of all bytes of the new file. In this manner, changes can be made to a document and new signatures added to a document without invalidating earlier signatures that have been applied to the PDF file. Any change to a document is detected because all bytes of the PDF file are digested.
使用PDF的增量保存功能支持多个签名。当对文件进行更改并对文档应用新签名时,更改将附加在先前现有文档的最后一个字节之后,然后新签名摘要将包含新文件的所有字节。通过这种方式,可以对文档进行更改并向文档添加新签名,而不会使应用于PDF文件的早期签名无效。检测到文档的任何更改,因为PDF文件的所有字节都已摘要化。
The state of a signed document, when an earlier signature of a multiple signature document was applied, can be viewed by extracting the earlier set of bytes of the file and opening them in a PDF viewing application. This process is called 'rollback' and allows viewing of the exact state of the document when it was signed.
当应用多签名文档的早期签名时,可以通过提取文件的早期字节集并在PDF查看应用程序中打开它们来查看已签名文档的状态。此过程称为“回滚”,允许在文档签名时查看文档的确切状态。
PDF syntax allows for 'author' and 'user' signatures. Under normal circumstances the first signature of a document is considered an author signature and all other signatures are considered user signatures. Authors can specify what changes are to be allowed to the PDF file before the author's signature is presented as invalid. Example changes include the ability to fill in form field data, the ability to add comments to a document, the ability to make no changes, and the ability to make any changes. Changes are detected by opening the existing document and the author's version of the document and performing a complete object compare of the two documents. Change detection is not a substitute for the legal value of document rollback.
PDF语法允许“作者”和“用户”签名。在正常情况下,文件的第一个签名被视为作者签名,所有其他签名被视为用户签名。作者可以指定在其签名显示为无效之前,允许对PDF文件进行哪些更改。示例更改包括填写表单字段数据的能力、向文档添加注释的能力、不进行更改的能力以及进行任何更改的能力。通过打开现有文档和作者的文档版本,并对这两个文档执行完整的对象比较,可以检测到更改。更改检测不能替代文档回滚的法律价值。
There are a number of widely available, independently implemented, interoperable implementations of PDF for a wide variety of platforms and systems. Because PDF is a publicly available specification, hundreds of companies and organizations make PDF creation, viewing, and manipulation tools. For examples, see descriptions or tools lists from Adobe [20], Apple [21], Ghostscript [22], Planet PDF [18], and PDFzone.com [19].
有许多广泛可用、独立实现、可互操作的PDF实现,可用于各种平台和系统。由于PDF是一种公开的规范,数百家公司和组织都使用PDF创建、查看和操作工具。例如,请参阅Adobe[20]、Apple[21]、Ghostscript[22]、Planet PDF[18]和PDFzone.com[19]中的说明或工具列表。
An "application/pdf" resource contains information to be parsed and processed by the recipient's PDF system. Because PDF is both a representation of formatted documents and a container system for the resources need to reproduce or view said documents, it is possible that a PDF file has embedded resources not described in the PDF Reference.
“应用程序/pdf”资源包含收件人的pdf系统要解析和处理的信息。由于PDF既是格式化文档的表示,也是复制或查看所述文档所需资源的容器系统,因此PDF文件可能包含PDF参考中未描述的嵌入式资源。
Although it is not a defined feature of PDF, a PDF processor could extract these resources and store them on the recipients system. Furthermore, a PDF processor may accept and execute "plug-in" modules accessible to the recipient. These may also access material in the PDF file or on the recipients system. Therefore, care in establishing the source, security, and reliability of such plug-ins is recommended. Message-sending software should not make use of arbitrary plug-ins without prior agreement on their presence at the intended recipients. Message-receiving and -displaying software should make sure that any non-standard plug-ins are secure and do not present a security threat.
虽然这不是PDF的一个定义功能,但PDF处理器可以提取这些资源并将其存储在收件人系统中。此外,PDF处理器可接受并执行接收者可访问的“插件”模块。他们还可以访问PDF文件或收件人系统中的资料。因此,建议在建立此类插件的源代码、安全性和可靠性时小心。未经事先同意,邮件发送软件不应使用任意插件在指定收件人处。消息接收和显示软件应确保任何非标准插件都是安全的,不会造成安全威胁。
PDF may contain "scripts" to customize the displaying and processing of PDF files. These scripts are expressed in a version of JavaScript [10] based on JavaScript version 1.5 of ISO-16262 (formerly known as ECMAScript). These scripts have access to an API that is similar to the "plug-in" API. They are intended for execution by the PDF processor. User agents executing such scripts or programs must be extremely careful to insure that untrusted software is executed in a protected environment.
PDF可能包含自定义PDF文件显示和处理的“脚本”。这些脚本以基于ISO-16262的JavaScript 1.5版(以前称为ECMAScript)的JavaScript[10]版本表示。这些脚本可以访问类似于“插件”API的API。它们旨在由PDF处理器执行。执行此类脚本或程序的用户代理必须非常小心,以确保在受保护的环境中执行不受信任的软件。
In addition, JavaScript code might modify the appearance of a PDF document. For this reason, validation of digital signatures should take this into account.
此外,JavaScript代码可能会修改PDF文档的外观。因此,数字签名的验证应考虑到这一点。
In general, any information stored outside of the direct control of the user -- including referenced application software or plug-ins and embedded files, scripts or other material not covered in the PDF reference -- can be a source of insecurity, by either obvious or
一般来说,任何存储在用户直接控制之外的信息——包括引用的应用软件或插件、嵌入文件、脚本或PDF引用中未包含的其他材料——都可能是不安全的来源,无论是明显的还是不安全的
subtle means. For example, a script can modify the content of a document prior to its being displayed. Thus, the security of any PDF document may be dependent on the resources referenced by that document.
微妙的手段。例如,脚本可以在显示文档之前修改其内容。因此,任何PDF文档的安全性可能取决于该文档引用的资源。
As noted above, PDF provides mechanism for helping insure the integrity of a PDF file, Encryption (Section 4), and to be able to digitally sign (Section 5) a PDF file. The latter capability allows a recipient to decide if he is willing to trust the file.
如上所述,PDF提供了帮助确保PDF文件完整性、加密(第4节)和能够对PDF文件进行数字签名(第5节)的机制。后一种功能允许接收者决定是否愿意信任该文件。
Where there is concern that tampering with the PDF file might be a problem, it is recommended that the encryption and digital signature features be used to protect and authenticate the PDF.
如果担心篡改PDF文件可能会出现问题,建议使用加密和数字签名功能来保护和验证PDF。
In addition, PDF processors may have mechanisms that track the source of scripts or plug-ins and will execute only those scripts or plug-ins that meet the processors requirements for trustworthiness of the sources.
此外,PDF处理器可能具有跟踪脚本或插件源的机制,并且只执行那些满足处理器对源可靠性要求的脚本或插件。
This document updates the registration of 'application/pdf', a media type registration as defined in Multipurpose Internet Mail Extensions (MIME) Part Four: Registration Procedures [12]:
本文档更新了“application/pdf”的注册,这是一种多用途互联网邮件扩展(MIME)第四部分:注册程序[12]中定义的媒体类型注册:
MIME media type name: application
MIME媒体类型名称:应用程序
MIME subtype name: pdf
MIME子类型名称:pdf
Required parameters: none
所需参数:无
Optional parameter: none
可选参数:无
Encoding considerations: PDF files frequently contain binary data, and thus must be encoded in non-binary contexts.
编码注意事项:PDF文件通常包含二进制数据,因此必须在非二进制上下文中进行编码。
Security considerations: See Section 7 of this document.
安全注意事项:见本文件第7节。
Interoperability considerations: See Section 6 of this document.
互操作性注意事项:见本文件第6节。
Published specification: Adobe Systems Incorporated, "PDF Reference, Fourth Edition", Version 1.5, August 2003, <http://partners.adobe.com/asn/tech/pdf/ specifications.jsp>, as amended by errata <http:// partners.adobe.com/asn/acrobat/sdk/public/docs/errata.txt>.
发布规范:Adobe Systems Incorporated,“PDF参考,第四版”,1.5版,2003年8月<http://partners.adobe.com/asn/tech/pdf/ specifications.jsp>,由勘误表<http://partners.adobe.com/asn/acrobat/sdk/public/docs/errata.txt>修订。
Applications which use this media type: See Section 6 of this document.
使用此媒体类型的应用程序:请参阅本文档第6节。
Additional information:
其他信息:
Magic number(s): All PDF files start with the characters '%PDF-' using the PDF version number, e.g., '%PDF-1.4'. These characters are in US-ASCII encoding.
幻数:所有PDF文件都以字符“%PDF-”开头,使用PDF版本号,例如“%PDF-1.4”。这些字符采用US-ASCII编码。
File extension(s): .pdf
文件扩展名:.pdf
Macintosh File Type Code(s): "PDF "
Macintosh文件类型代码:“PDF”
For further information:
Adobe Developer Support <dev-support@adobe.com>
Adobe Systems Incorporated
345 Park Ave
San Jose, CA 95110
http://www.adobe.com/support/main.html
For further information:
Adobe Developer Support <dev-support@adobe.com>
Adobe Systems Incorporated
345 Park Ave
San Jose, CA 95110
http://www.adobe.com/support/main.html
Intended usage: COMMON
预期用途:普通
Author/Change controller:
Adobe Developer Support <dev-support@adobe.com>
Adobe Systems Incorporated
345 Park Ave
San Jose, CA 95110
http://www.adobe.com/support/main.html
Author/Change controller:
Adobe Developer Support <dev-support@adobe.com>
Adobe Systems Incorporated
345 Park Ave
San Jose, CA 95110
http://www.adobe.com/support/main.html
[1] Adobe Systems Incorporated, "Portable Document Format Reference Manual", Version 1.0, ISBN: 0-201-62628-4, Addison-Wesley, New York NY, 1993.
[1] Adobe Systems Incorporated,“便携式文档格式参考手册”,1.0版,ISBN:0-201-62628-4,纽约州艾迪生·韦斯利,1993年。
[2] Adobe Systems Incorporated, "PDF Reference, Second Edition", Version 1.3, ISBN: 0-201-61588-6, Addison-Wesley, New York NY, 2000.
[2] Adobe Systems Incorporated,“PDF参考,第二版”,版本1.3,ISBN:0-201-61588-6,Addison-Wesley,纽约州纽约市,2000年。
[3] Adobe Systems Incorporated, "PDF Reference, Third Edition", Version 1.4, ISBN: 0-201-75839-3, Addison-Wesley, New York NY, November 2001.
[3] Adobe Systems Incorporated,“PDF参考,第三版”,版本1.4,ISBN:0-201-75839-3,Addison-Wesley,纽约,纽约,2001年11月。
[4] Adobe Systems Incorporated, "PDF Reference, Fourth Edition", Version 1.5, August 2003, <http://partners.adobe.com/asn/tech/ pdf/specifications.jsp>.
[4] Adobe Systems Incorporated,“PDF参考,第四版”,1.5版,2003年8月<http://partners.adobe.com/asn/tech/ pdf/specifications.jsp>。
[5] Adobe Systems Incorporated, "Errata for PDF Reference, Fourth Edition", December 2003, <http://partners.adobe.com/asn/ acrobat/sdk/public/docs/errata.txt>.
[5] Adobe Systems Incorporated,“PDF参考勘误表,第四版”,2003年12月<http://partners.adobe.com/asn/ acrobat/sdk/public/docs/errata.txt>。
[6] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax", RFC 2396, August 1998.
[6] Berners Lee,T.,Fielding,R.和L.Masinter,“统一资源标识符(URI):通用语法”,RFC 2396,1998年8月。
[7] Adobe Systems Incorporated, "PDF Open Parameters", Technical Note 5428, May 2003, <http://partners.adobe.com/asn/acrobat/ sdk/public/docs/PDFOpenParams.pdf>.
[7] Adobe Systems Incorporated,“PDF开放参数”,技术说明5428,2003年5月<http://partners.adobe.com/asn/acrobat/ sdk/public/docs/PDFOpenParams.pdf>。
[8] Rivest, R., "RC4 - an unpublished, trade secret encryption algorithm", November 1993, <http://www.rsasecurity.com/rsalabs/ faq/3-6-3.html>.
[8] Rivest,R.,“RC4-一种未公开的商业秘密加密算法”,1993年11月<http://www.rsasecurity.com/rsalabs/ 常见问题解答/3-6-3.html>。
[9] Kaliski, B., "PKCS #7: Cryptographic Message Syntax Version 1.5", RFC 2315, March 1998.
[9] Kaliski,B.,“PKCS#7:加密消息语法版本1.5”,RFC 2315,1998年3月。
[10] Adobe Systems Incorporated, "Acrobat JavaScript Scripting Reference", Technical Note 5431, September 2003, <http:// partners.adobe.com/asn/acrobat/sdk/public/docs/AcroJS.pdf>.
[10] Adobe Systems Incorporated,“Acrobat JavaScript脚本参考”,技术说明54312003年9月,<http://partners.Adobe.com/asn/Acrobat/sdk/public/docs/AcroJS.pdf>。
[11] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", RFC 3447, February 2003.
[11] Jonsson,J.和B.Kaliski,“公钥密码标准(PKCS)#1:RSA密码规范版本2.1”,RFC 3447,2003年2月。
[12] Freed, N., Klensin, J. and J. Postel, "Multipurpose Internet Mail Extensions (MIME) Part Four: Registration Procedures", BCP 13, RFC 2048, November 1996.
[12] Freed,N.,Klensin,J.和J.Postel,“多用途互联网邮件扩展(MIME)第四部分:注册程序”,BCP 13,RFC 2048,1996年11月。
[13] Klyne, G., Iwazaki, R. and D. Crocker, "Content Negotiation for Messaging Services based on Email", RFC 3297, July 2002.
[13] Klyne,G.,Iwazaki,R.和D.Crocker,“基于电子邮件的消息传递服务的内容协商”,RFC 3297,2002年7月。
[14] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
[14] 菲尔丁,R.,盖蒂斯,J.,莫卧儿,J.,弗莱斯蒂克,H.,马斯特,L.,利奇,P.和T.伯纳斯李,“超文本传输协议——HTTP/1.1”,RFC2616,1999年6月。
[15] Palme, J., "Making Postscript and PDF International", RFC 2346, May 1998.
[15] Palme,J.,“制作Postscript和PDF国际”,RFC 2346,1998年5月。
[16] International Standards Organization, "Graphic technology -- Prepress digital data exchange -- Use of PDF -- Part 1: Complete exchange using CMYK data (PDF/X-1 and PDF/X-1a)", ISO 15930-1:2001, November 2002.
[16] 国际标准组织,“图形技术——印前数字数据交换——PDF的使用——第1部分:使用CMYK数据的完全交换(PDF/X-1和PDF/X-1a)”,ISO 15930-1:2001,2002年11月。
[17] Association for Information and Image Management, "PDF-Archive Committee home page", December 2003, <http://www.aiim.org/pdf_a/>.
[17] 信息和图像管理协会,“PDF档案委员会主页”,2003年12月<http://www.aiim.org/pdf_a/>.
[18] Planet PDF, "Planet PDF Tools List", December 2003, <http:// www.planetpdf.com/>.
[18] Planet PDF,“Planet PDF工具列表”,2003年12月,<http://www.planetpdf.com/>。
[19] InternetBiz.net, "PDF software from the PDF zone toolbox", December 2003, <http://www.pdfzone.com/toolbox/>.
[19] InternetBiz.net,“PDF区域工具箱中的PDF软件”,2003年12月<http://www.pdfzone.com/toolbox/>.
[20] Adobe Systems Incorporated, "Adobe products page", December 2003, <http://www.adobe.com/products/>.
[20] Adobe Systems Incorporated,“Adobe产品页面”,2003年12月<http://www.adobe.com/products/>.
[21] Apple Computer, Inc., "Apple Mac OS X Features - Preview", December 2003, <http://www.apple.com/macosx/features/preview/>.
[21] 苹果电脑公司,“苹果Mac OS X功能-预览”,2003年12月<http://www.apple.com/macosx/features/preview/>.
[22] Artifex Software, Inc, "Ghostscript", December 2003, <http:// www.ghostscript.com/>.
[22] Artifex软件公司,“Ghostscript”,2003年12月,<http://www.Ghostscript.com/>。
Edward A. Taft Adobe Systems 345 Park Ave San Jose, CA 95110 US
美国加利福尼亚州圣何塞公园大道345号Edward A.Taft Adobe Systems 95110
EMail: taft@adobe.com
EMail: taft@adobe.com
James D. Pravetz Adobe Systems 345 Park Ave San Jose, CA 95110 US
美国加利福尼亚州圣何塞公园大道345号James D.Pravetz Adobe Systems 95110
EMail: jpravetz@adobe.com
EMail: jpravetz@adobe.com
Stephen Zilles Adobe Systems 345 Park Ave San Jose, CA 95110 US
美国加利福尼亚州圣何塞公园大道345号Stephen Zilles Adobe Systems 95110
Phone: +1 408 536 7692
EMail: szilles@adobe.com
Phone: +1 408 536 7692
EMail: szilles@adobe.com
Larry Masinter Adobe Systems 345 Park Ave San Jose, CA 95110 US
美国加利福尼亚州圣何塞公园大道345号Larry Masinter Adobe Systems 95110
Phone: +1 408 536 3024
EMail: LMM@acm.org
URI: http://larry.masinter.net
Phone: +1 408 536 3024
EMail: LMM@acm.org
URI: http://larry.masinter.net
Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
版权所有(C)互联网协会(2004年)。本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。