Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Formats > ePub

Notices

Reply
 
Thread Tools Search this Thread
Old 08-29-2010, 12:57 AM   #1
paulkoan
Junior Member
paulkoan began at the beginning.
 
Posts: 2
Karma: 10
Join Date: Aug 2010
Device: none
Understanding Adobe ACSM

Hello,

As I understand it, the idea of the acsm file is to give information to ADE so that it can pass your public key to Adobe (or whoever is hosting the ebook) which will take the key, encrypt the book, then download it to ADE.

The acsm file is an XML file, and contains the url of the ebook. I purchased a book looked at the acsm file (which never went near ADE as it is not installed), and downloaded the epub file mentioned in the acsm from the site I bought the book from. I was expecting that the book wouldn't have been at the download location until the key was sent, but it was.

So this epub book isn't encrypted with my key, as I don't have one. It is encrypted of course, but with what?

Cheers,

Paul
paulkoan is offline   Reply With Quote
Old 08-29-2010, 04:28 AM   #2
Sunlite
Zealot
Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.
 
Sunlite's Avatar
 
Posts: 119
Karma: 165124
Join Date: Mar 2008
Location: Berlin, Germany
Device: Kobo Aura, PRS-T1, PB602, CyBook Gen3
I think the mechanism of encryption is a bit different than you describe. There is one encryption key for each differnt book (same content = same key). What the Adobe server does, when ADE downloads the book, is to insert the key for the book in it. Since it would be stupid to just give everyone the key without protection, the key itself is encrypted with your personal key.

Adobe puts encrypted keys for all your registered devices in the encrypted book and the registered ADEs then are able to first decrypt the key and afterwards decrypt the book.

The ACSM is only a link, all important information for the encryption of the key and the information which keys have to be inserted in the book come from ADE.
Sunlite is offline   Reply With Quote
Old 08-29-2010, 04:58 AM   #3
paulkoan
Junior Member
paulkoan began at the beginning.
 
Posts: 2
Karma: 10
Join Date: Aug 2010
Device: none
Ahh, ok. So what I have is the encrypted book, but without an encrypted (with my key) decryption key, because I did not pass my keys to Adobe for them to encrypt the decryption keys and insert into the book.

Is that it?!
paulkoan is offline   Reply With Quote
Old 08-29-2010, 05:00 AM   #4
Sunlite
Zealot
Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.Sunlite can program the VCR without an owner's manual.
 
Sunlite's Avatar
 
Posts: 119
Karma: 165124
Join Date: Mar 2008
Location: Berlin, Germany
Device: Kobo Aura, PRS-T1, PB602, CyBook Gen3
As far as I understand the system - yes.
Sunlite is offline   Reply With Quote
Old 08-29-2010, 10:32 AM   #5
charleski
Wizard
charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.
 
Posts: 1,188
Karma: 727236
Join Date: Sep 2009
Device: PRS-505
I think Sunlite has the answer here, this sort of nested key system is quite common. Also note that if you simply download the epub from the link provided inside the ACSM it will lack a rights.xml file inside the META-INF directory. Since this contains the key needed to decrypt it, ADE can't open the epub.
charleski is offline   Reply With Quote
Old 08-29-2010, 06:14 PM   #6
joblack
Wizard
joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.
 
Posts: 1,256
Karma: 1418786
Join Date: Jul 2006
Location: Somewhere on earth
Device: Kindle Paperwhite, Kindle DX, JBC, Onyx M92
No the main pdf decryption section in the pdf is encrypted with Adobe's private key and your public key.

Your RSA key is encrypted with your hardware configuration and some custom information blocks. After decrypting your private RSA key with your hardware information you can decrypt the encrypted information within your ADE pdf or epub.

Now you get your symmetric encryption/decryption key (RC4 or AES) and it is possible to decrypt your pdf with the algorithm specified in the INFO section (V = 1 ... 5)-
joblack is offline   Reply With Quote
Old 08-29-2010, 06:33 PM   #7
charleski
Wizard
charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.charleski ought to be getting tired of karma fortunes by now.
 
Posts: 1,188
Karma: 727236
Join Date: Sep 2009
Device: PRS-505
Quote:
Originally Posted by joblack View Post
No the main pdf decryption section in the pdf is encrypted with Adobe's private key and your public key.
The point is that the payload isn't encrypted with your key at all. Your key is only used to retrieve the key needed to decrypt the payload.
charleski is offline   Reply With Quote
Old 08-29-2010, 07:55 PM   #8
pholy
Booklegger
pholy ought to be getting tired of karma fortunes by now.pholy ought to be getting tired of karma fortunes by now.pholy ought to be getting tired of karma fortunes by now.pholy ought to be getting tired of karma fortunes by now.pholy ought to be getting tired of karma fortunes by now.pholy ought to be getting tired of karma fortunes by now.pholy ought to be getting tired of karma fortunes by now.pholy ought to be getting tired of karma fortunes by now.pholy ought to be getting tired of karma fortunes by now.pholy ought to be getting tired of karma fortunes by now.pholy ought to be getting tired of karma fortunes by now.
 
pholy's Avatar
 
Posts: 1,783
Karma: 7999034
Join Date: Jun 2009
Location: Toronto, Ontario, Canada
Device: BeBook(1 & 2010), PEZ, PRS-505, Kobo BT, PRS-T1, Playbook, Kobo Touch
Ahh-ha! That makes sense - if the whole book was encrypted with the customer's key, each download would have to wait on encrypting a big file. As Charleski describes it, only the relatively short (1024 bits? whatever...) payload-key needs to be encrypted for each customer.

I think.... something like that...
pholy is offline   Reply With Quote
Old 08-29-2010, 11:30 PM   #9
joblack
Wizard
joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.joblack ought to be getting tired of karma fortunes by now.
 
Posts: 1,256
Karma: 1418786
Join Date: Jul 2006
Location: Somewhere on earth
Device: Kindle Paperwhite, Kindle DX, JBC, Onyx M92
Quote:
Originally Posted by pholy View Post
Ahh-ha! That makes sense - if the whole book was encrypted with the customer's key, each download would have to wait on encrypting a big file. As Charleski describes it, only the relatively short (1024 bits? whatever...) payload-key needs to be encrypted for each customer.

I think.... something like that...
Asymmetric encryption algorithms (like RSA) are a huge amount slower than the symmetric one.

Almost all public key encryption schemes (OpenSSH, ...) work the steps: decrypt symmetric key with asymmetric ones and then use the faster symmetric decryption (like RC4 or AES).

The pdf won't be changed later on. As far as I can see only the device key is adjusted. That's the reason why you can reauthorize a newer hardware with an Adobe ID.

The symmetric and asymmetric key remain the same only your decryption information for the asymmetric key has to be adjusted (because of the changed hardware information)
joblack is offline   Reply With Quote
Reply

Tags
acsm, epub

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ACSM format jjansen Other formats 37 03-07-2014 07:16 PM
Adobe epub pdf and URLLINK.acsm Mutts ePub 14 01-21-2012 03:16 PM
acsm file frozennorth Onyx Boox 4 05-30-2010 07:16 PM
I can't open acsm files BookCat Sony Reader 8 12-27-2009 09:52 PM
What is .ACSM papa4ahe Workshop 1 10-17-2008 09:06 PM


All times are GMT -4. The time now is 02:05 AM.


MobileRead.com is a privately owned, operated and funded community.