08-29-2010, 12:57 AM | #1 |
Junior Member
Posts: 2
Karma: 10
Join Date: Aug 2010
Device: none
|
Understanding Adobe ACSM
Hello,
As I understand it, the idea of the acsm file is to give information to ADE so that it can pass your public key to Adobe (or whoever is hosting the ebook) which will take the key, encrypt the book, then download it to ADE. The acsm file is an XML file, and contains the url of the ebook. I purchased a book looked at the acsm file (which never went near ADE as it is not installed), and downloaded the epub file mentioned in the acsm from the site I bought the book from. I was expecting that the book wouldn't have been at the download location until the key was sent, but it was. So this epub book isn't encrypted with my key, as I don't have one. It is encrypted of course, but with what? Cheers, Paul |
08-29-2010, 04:28 AM | #2 |
Addict
Posts: 206
Karma: 547516
Join Date: Mar 2008
Location: Berlin, Germany
Device: KObo Clara, Kobo Aura, PRS-T1, PB602, CyBook Gen3
|
I think the mechanism of encryption is a bit different than you describe. There is one encryption key for each differnt book (same content = same key). What the Adobe server does, when ADE downloads the book, is to insert the key for the book in it. Since it would be stupid to just give everyone the key without protection, the key itself is encrypted with your personal key.
Adobe puts encrypted keys for all your registered devices in the encrypted book and the registered ADEs then are able to first decrypt the key and afterwards decrypt the book. The ACSM is only a link, all important information for the encryption of the key and the information which keys have to be inserted in the book come from ADE. |
Advert | |
|
08-29-2010, 04:58 AM | #3 |
Junior Member
Posts: 2
Karma: 10
Join Date: Aug 2010
Device: none
|
Ahh, ok. So what I have is the encrypted book, but without an encrypted (with my key) decryption key, because I did not pass my keys to Adobe for them to encrypt the decryption keys and insert into the book.
Is that it?! |
08-29-2010, 05:00 AM | #4 |
Addict
Posts: 206
Karma: 547516
Join Date: Mar 2008
Location: Berlin, Germany
Device: KObo Clara, Kobo Aura, PRS-T1, PB602, CyBook Gen3
|
As far as I understand the system - yes.
|
08-29-2010, 10:32 AM | #5 |
Wizard
Posts: 1,196
Karma: 1281258
Join Date: Sep 2009
Device: PRS-505
|
I think Sunlite has the answer here, this sort of nested key system is quite common. Also note that if you simply download the epub from the link provided inside the ACSM it will lack a rights.xml file inside the META-INF directory. Since this contains the key needed to decrypt it, ADE can't open the epub.
|
Advert | |
|
08-29-2010, 06:14 PM | #6 |
Wizard
Posts: 1,745
Karma: 4382514
Join Date: Jul 2006
Location: Somewhere on earth
Device: Onyx Boox Tab X
|
No the main pdf decryption section in the pdf is encrypted with Adobe's private key and your public key.
Your RSA key is encrypted with your hardware configuration and some custom information blocks. After decrypting your private RSA key with your hardware information you can decrypt the encrypted information within your ADE pdf or epub. Now you get your symmetric encryption/decryption key (RC4 or AES) and it is possible to decrypt your pdf with the algorithm specified in the INFO section (V = 1 ... 5)- |
08-29-2010, 06:33 PM | #7 |
Wizard
Posts: 1,196
Karma: 1281258
Join Date: Sep 2009
Device: PRS-505
|
|
08-29-2010, 07:55 PM | #8 |
Booklegger
Posts: 1,801
Karma: 7999816
Join Date: Jun 2009
Location: Toronto, Ontario, Canada
Device: BeBook(1 & 2010), PEZ, PRS-505, Kobo BT, PRS-T1, Playbook, Kobo Touch
|
Ahh-ha! That makes sense - if the whole book was encrypted with the customer's key, each download would have to wait on encrypting a big file. As Charleski describes it, only the relatively short (1024 bits? whatever...) payload-key needs to be encrypted for each customer.
I think.... something like that... |
08-29-2010, 11:30 PM | #9 | |
Wizard
Posts: 1,745
Karma: 4382514
Join Date: Jul 2006
Location: Somewhere on earth
Device: Onyx Boox Tab X
|
Quote:
Almost all public key encryption schemes (OpenSSH, ...) work the steps: decrypt symmetric key with asymmetric ones and then use the faster symmetric decryption (like RC4 or AES). The pdf won't be changed later on. As far as I can see only the device key is adjusted. That's the reason why you can reauthorize a newer hardware with an Adobe ID. The symmetric and asymmetric key remain the same only your decryption information for the asymmetric key has to be adjusted (because of the changed hardware information) |
|
Tags |
acsm, epub |
Thread Tools | Search this Thread |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
ACSM format | jjansen | Other formats | 37 | 03-07-2014 07:16 PM |
Adobe epub pdf and URLLINK.acsm | Mutts | ePub | 14 | 01-21-2012 03:16 PM |
acsm file | frozennorth | Onyx Boox | 4 | 05-30-2010 07:16 PM |
I can't open acsm files | BookCat | Sony Reader | 8 | 12-27-2009 09:52 PM |
What is .ACSM | papa4ahe | Workshop | 1 | 10-17-2008 09:06 PM |