FileOpen's core solution is built around the Security Handler mechanism as defined in the PDF Specification (ISO 32000). This design calls for symmetric encryption (the same key used for encryption and decryption) using one of a set of defined algorithms. Because they are encrypted via the methods defined in the PDF Specification, FileOpen-encrypted PDFs can be accessed in any PDF viewer that also supports the specification and supports the loading of Security Handlers.
FileOpen also implements encryption of private metadata, e.g. encryption of local files to store Offline Permission, and of communications elements being passed between client and server. These implementations use the same ciphers and key lengths as the ones for PDF files.
Encryption keys used by the FileOpen software are created and managed by the application that invokes the encryption process. We recommend, and ensure in our own implementations, that each document is encrypted with a unique key. Storage of keys at the server, always under the licensee's control, is normally within a database but hardware security modules may also be employed.