Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The EncryptedPackage stream (1) MUST be encrypted in 4096-byte segments to facilitate nearly random access while allowing CBC modes to be used in the encryption process.
The initialization vector for the encryption process MUST be obtained by using the zero-based segment number as a blockKey and the binary form of the KeyData.saltValue as specified in section 2.3.4.12. The block number MUST be represented as a 32-bit unsigned integer.
Data blocks MUST then be encrypted by using the initialization vector and the intermediate key obtained by decrypting the encryptedKeyValue from a KeyEncryptor contained within the KeyEncryptors sequence as specified in section 2.3.4.10. The final data block MUST be padded to the next integral multiple of the KeyData.blockSize value. Any padding bytes can be used. Note that the StreamSize field of the EncryptedPackage stream (1) specifies the number of bytes of unencrypted data as specified in section 2.3.4.4.