diff --git a/pyhanko/cli/commands/crypt.py b/pyhanko/cli/commands/crypt.py
index db888b3e..d36d5fa4 100644
--- a/pyhanko/cli/commands/crypt.py
+++ b/pyhanko/cli/commands/crypt.py
@@ -8,6 +8,7 @@
 from pyhanko.keys import load_certs_from_pemder
 from pyhanko.pdf_utils import crypt
 from pyhanko.pdf_utils.crypt import StandardSecurityHandler
+from pyhanko.pdf_utils.crypt.permissions import PubKeyPermissions
 from pyhanko.pdf_utils.reader import PdfFileReader
 from pyhanko.pdf_utils.writer import copy_into_new_writer
 
@@ -175,9 +176,14 @@ def _decrypt_pubkey(
                 )
             auth_result = r.decrypt_pubkey(sedk)
             if auth_result.status == crypt.AuthStatus.USER:
-                # TODO read 2nd bit of perms in CMS enveloped data
-                #  is the one indicating that change of encryption is OK
-                if not force:
+                if (
+                    not force
+                    and auth_result.permission_flags
+                    and not (
+                        PubKeyPermissions.ALLOW_ENCRYPTION_CHANGE
+                        in auth_result.permission_flags
+                    )
+                ):
                     raise click.ClickException(
                         "Change of encryption is typically not allowed with "
                         "user access. Pass --force to decrypt the file anyway."
diff --git a/pyhanko/pdf_utils/crypt/__init__.py b/pyhanko/pdf_utils/crypt/__init__.py
index e6b05412..c35d98be 100644
--- a/pyhanko/pdf_utils/crypt/__init__.py
+++ b/pyhanko/pdf_utils/crypt/__init__.py
@@ -57,7 +57,6 @@
 """
 
 from .api import (
-    ALL_PERMS,
     IDENTITY,
     AuthResult,
     AuthStatus,
diff --git a/pyhanko/pdf_utils/crypt/_legacy.py b/pyhanko/pdf_utils/crypt/_legacy.py
index 1aa90b58..7ea64097 100644
--- a/pyhanko/pdf_utils/crypt/_legacy.py
+++ b/pyhanko/pdf_utils/crypt/_legacy.py
@@ -35,7 +35,7 @@ def derive_legacy_file_key(
     m.update(owner_entry)
     # 4. Treat the value of the /P entry as an unsigned 4-byte integer and pass
     # these bytes to the MD5 hash function, low-order byte first.
-    p_entry = struct.pack('<i', p_entry)
+    p_entry = struct.pack('<I', p_entry.as_uint32())
     m.update(p_entry)
     # 5. Pass the first element of the file's file identifier array to the MD5
     # hash function.
diff --git a/pyhanko/pdf_utils/crypt/_util.py b/pyhanko/pdf_utils/crypt/_util.py
index 59f955ef..d0c448f6 100644
--- a/pyhanko/pdf_utils/crypt/_util.py
+++ b/pyhanko/pdf_utils/crypt/_util.py
@@ -5,11 +5,6 @@
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 
 
-def as_signed(val: int):
-    # converts an integer to a signed int
-    return struct.unpack('<i', struct.pack('<I', val & 0xFFFFFFFF))[0]
-
-
 def aes_cbc_decrypt(key, data, iv, use_padding=True):
     cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
     decryptor = cipher.decryptor()
diff --git a/pyhanko/pdf_utils/crypt/api.py b/pyhanko/pdf_utils/crypt/api.py
index 30281c68..63ce12c6 100644
--- a/pyhanko/pdf_utils/crypt/api.py
+++ b/pyhanko/pdf_utils/crypt/api.py
@@ -4,6 +4,7 @@
 
 from pyhanko.pdf_utils import generic, misc
 from pyhanko.pdf_utils.crypt.cred_ser import SerialisableCredential
+from pyhanko.pdf_utils.crypt.permissions import PdfPermissions
 
 
 class PdfKeyNotAvailableError(misc.PdfReadError):
@@ -31,7 +32,7 @@ class AuthResult:
     Authentication status after the authentication attempt.
     """
 
-    permission_flags: Optional[int] = None
+    permission_flags: Optional[PdfPermissions] = None
     """
     Granular permission flags. The precise meaning depends on the security
     handler.
@@ -855,10 +856,3 @@ def build_crypt_filter(
     except KeyError:
         raise NotImplementedError("No such crypt filter method: " + cfm)
     return factory(cfdict, acts_as_default)
-
-
-ALL_PERMS = -4
-"""
-Dummy value that translates to "everything is allowed" in an
-encrypted PDF document.
-"""
diff --git a/pyhanko/pdf_utils/crypt/permissions.py b/pyhanko/pdf_utils/crypt/permissions.py
new file mode 100644
index 00000000..f2f1f919
--- /dev/null
+++ b/pyhanko/pdf_utils/crypt/permissions.py
@@ -0,0 +1,72 @@
+import operator
+import struct
+from enum import Flag
+from functools import reduce
+
+
+class PdfPermissions(Flag):
+
+    @classmethod
+    def allow_everything(cls):
+        return reduce(operator.or_, cls.__members__.values())
+
+    @classmethod
+    def from_uint(cls, uint_flags: int):
+        result = cls(0)
+        for flag in cls:
+            if uint_flags & flag.value:
+                result |= flag
+        return result
+
+    @classmethod
+    def from_bytes(cls, flags: bytes):
+        uint_flags = struct.unpack('>I', flags)[0]
+        return cls.from_uint(uint_flags)
+
+    @classmethod
+    def from_sint32(cls, sint32_flags: int):
+        return cls.from_uint(sint32_flags & 0xFFFFFFFF)
+
+    def as_uint32(self):
+        raise NotImplementedError
+
+    def as_bytes(self) -> bytes:
+        return struct.pack('>I', self.as_uint32())
+
+    def as_sint32(self) -> int:
+        return struct.unpack('>i', self.as_bytes())[0]
+
+
+class StandardPermissions(PdfPermissions, Flag):
+    # We purposefully do not inherit from IntFlag since
+    # PDF uses 32-bit twos complement to treat flags as ints,
+    # which doesn't jive well with what IntFlag would do,
+    # so it's hard to detect backwards compatibility issues.
+
+    ALLOW_PRINTING = 4
+    ALLOW_MODIFICATION_GENERIC = 8
+    ALLOW_CONTENT_EXTRACTION = 16
+    ALLOW_ANNOTS_FORM_FILLING = 32
+    ALLOW_FORM_FILLING = 256
+    ALLOW_ASSISTIVE_TECHNOLOGY = 512
+    ALLOW_REASSEMBLY = 1024
+    ALLOW_HIGH_QUALITY_PRINTING = 2048
+
+    def as_uint32(self):
+        return sum(x.value for x in self.__class__ if x in self) | 0xFFFFF0C0
+
+
+class PubKeyPermissions(PdfPermissions, Flag):
+    ALLOW_ENCRYPTION_CHANGE = 2
+    ALLOW_PRINTING = 4
+    ALLOW_MODIFICATION_GENERIC = 8
+    ALLOW_CONTENT_EXTRACTION = 16
+    ALLOW_ANNOTS_FORM_FILLING = 32
+    ALLOW_FORM_FILLING = 256
+    ALLOW_ASSISTIVE_TECHNOLOGY = 512
+    ALLOW_REASSEMBLY = 1024
+    ALLOW_HIGH_QUALITY_PRINTING = 2048
+
+    def as_uint32(self):
+        # ensure the first bit is set for compatibility with Acrobat
+        return sum(x.value for x in self.__class__ if x in self) | 0xFFFFF0C1
diff --git a/pyhanko/pdf_utils/crypt/pubkey.py b/pyhanko/pdf_utils/crypt/pubkey.py
index f42f8f4e..d006b2e9 100644
--- a/pyhanko/pdf_utils/crypt/pubkey.py
+++ b/pyhanko/pdf_utils/crypt/pubkey.py
@@ -44,9 +44,8 @@
 from cryptography.hazmat.primitives.serialization import pkcs12
 
 from .. import generic, misc
-from ._util import aes_cbc_decrypt, aes_cbc_encrypt, as_signed, rc4_encrypt
+from ._util import aes_cbc_decrypt, aes_cbc_encrypt, rc4_encrypt
 from .api import (
-    ALL_PERMS,
     AuthResult,
     AuthStatus,
     CryptFilter,
@@ -59,6 +58,7 @@
 )
 from .cred_ser import SerialisableCredential, SerialisedCredential
 from .filter_mixins import AESCryptFilterMixin, RC4CryptFilterMixin
+from .permissions import PubKeyPermissions
 
 logger = logging.getLogger(__name__)
 
@@ -131,7 +131,7 @@ def add_recipients(
         self,
         certs: List[x509.Certificate],
         policy: RecipientEncryptionPolicy,
-        perms=ALL_PERMS,
+        perms: PubKeyPermissions = PubKeyPermissions.allow_everything(),
     ):
         """
         Add recipients to this crypt filter.
@@ -164,7 +164,7 @@ def add_recipients(
         new_cms = construct_recipient_cms(
             certs,
             self._recp_key_seed,
-            perms & 0xFFFFFFFF,
+            perms,
             policy=policy,
             include_permissions=self.acts_as_default,
         )
@@ -307,10 +307,10 @@ class PubKeyAdbeSubFilter(enum.Enum):
 
 
 def construct_envelope_content(
-    seed: bytes, perms: int, include_permissions=True
+    seed: bytes, perms: PubKeyPermissions, include_permissions=True
 ):
     assert len(seed) == 20
-    return seed + (struct.pack('>I', perms) if include_permissions else b'')
+    return seed + (perms.as_bytes() if include_permissions else b'')
 
 
 def _rsaes_pkcs1v15_recipient(
@@ -546,7 +546,7 @@ def _recipient_info(
 def construct_recipient_cms(
     certificates: List[x509.Certificate],
     seed: bytes,
-    perms: int,
+    perms: PubKeyPermissions,
     policy: RecipientEncryptionPolicy,
     include_permissions=True,
 ) -> cms.ContentInfo:
@@ -1055,7 +1055,7 @@ def read_envelope_key(
 
 def read_seed_from_recipient_cms(
     recipient_cms: cms.ContentInfo, decrypter: EnvelopeKeyDecrypter
-) -> Tuple[Optional[bytes], Optional[int]]:
+) -> Tuple[Optional[bytes], Optional[PubKeyPermissions]]:
     content_type = recipient_cms['content_type'].native
     if content_type != 'enveloped_data':
         raise misc.PdfReadError(
@@ -1120,10 +1120,10 @@ def read_seed_from_recipient_cms(
         )
 
     seed = content[:20]
-    perms: Optional[int] = None
+    perms: Optional[PubKeyPermissions] = None
     if len(content) == 24:
         # permissions are included
-        perms = struct.unpack('>I', content[20:])[0]
+        perms = PubKeyPermissions.from_bytes(content[20:])
     return seed, perms
 
 
@@ -1192,7 +1192,7 @@ def build_from_certs(
         version=SecurityHandlerVersion.AES256,
         use_aes=True,
         use_crypt_filters=True,
-        perms: int = ALL_PERMS,
+        perms: PubKeyPermissions = PubKeyPermissions.allow_everything(),
         encrypt_metadata=True,
         policy: RecipientEncryptionPolicy = RecipientEncryptionPolicy(),
         **kwargs,
@@ -1220,7 +1220,7 @@ def build_from_certs(
             handlers of version :attr:`~.SecurityHandlerVersion.RC4_OR_AES128`
             or higher.
         :param perms:
-            Permission flags (as a 4-byte signed integer).
+            Permission flags.
         :param encrypt_metadata:
             Whether to encrypt document metadata.
 
@@ -1449,7 +1449,7 @@ def as_pdf_object(self):
     def add_recipients(
         self,
         certs: List[x509.Certificate],
-        perms=ALL_PERMS,
+        perms: PubKeyPermissions = PubKeyPermissions.allow_everything(),
         policy: RecipientEncryptionPolicy = RecipientEncryptionPolicy(),
     ):
         # add recipients to all *default* crypt filters
@@ -1492,7 +1492,7 @@ def authenticate(
         else:
             actual_credential = credential
 
-        perms = 0xFFFFFFFF
+        perms = PubKeyPermissions.allow_everything()
         for cf in self.crypt_filter_config.standard_filters():
             if not isinstance(cf, PubKeyCryptFilter):
                 continue
@@ -1503,11 +1503,13 @@ def authenticate(
             # these should really be the same for both filters, but hey,
             # you never know. ANDing them seems to be the most reasonable
             # course of action
-            if result.permission_flags is not None:
-                perms &= result.permission_flags
+            cf_flags = result.permission_flags
+            if cf_flags is not None:
+                assert isinstance(cf_flags, PubKeyPermissions)
+                perms &= cf_flags
         if isinstance(actual_credential, SerialisableCredential):
             self._credential = actual_credential
-        return AuthResult(AuthStatus.USER, as_signed(perms))
+        return AuthResult(AuthStatus.USER, perms)
 
     def get_file_encryption_key(self) -> bytes:
         # just grab the key from the default stream filter
diff --git a/pyhanko/pdf_utils/crypt/standard.py b/pyhanko/pdf_utils/crypt/standard.py
index 5cbd5f1a..fe4733d1 100644
--- a/pyhanko/pdf_utils/crypt/standard.py
+++ b/pyhanko/pdf_utils/crypt/standard.py
@@ -18,9 +18,8 @@
     compute_u_value_r34,
     legacy_normalise_pw,
 )
-from ._util import aes_cbc_decrypt, aes_cbc_encrypt, as_signed, rc4_encrypt
+from ._util import aes_cbc_decrypt, aes_cbc_encrypt, rc4_encrypt
 from .api import (
-    ALL_PERMS,
     AuthResult,
     AuthStatus,
     CryptFilter,
@@ -33,6 +32,7 @@
 )
 from .cred_ser import SerialisableCredential, SerialisedCredential
 from .filter_mixins import AESCryptFilterMixin, RC4CryptFilterMixin
+from .permissions import StandardPermissions
 
 
 @dataclass
@@ -274,7 +274,7 @@ def build_from_pw_legacy(
         desired_user_pass=None,
         keylen_bytes=16,
         use_aes128=True,
-        perms: int = ALL_PERMS,
+        perms: StandardPermissions = StandardPermissions.allow_everything(),
         crypt_filter_config=None,
         encrypt_metadata=True,
         **kwargs,
@@ -303,7 +303,7 @@ def build_from_pw_legacy(
         :param use_aes128:
             Use AES-128 instead of RC4 (default: ``True``).
         :param perms:
-            Permission bits to set (defined as an integer)
+            Permission bits to set
         :param crypt_filter_config:
             Custom crypt filter configuration. PyHanko will supply a reasonable
             default if none is specified.
@@ -331,10 +331,16 @@ def build_from_pw_legacy(
         )
 
         # force perms to a 4-byte format
-        perms = as_signed(perms & 0xFFFFFFFC)
         if rev == StandardSecuritySettingsRevision.RC4_BASIC:
             # some permissions are not available for these security handlers
-            perms = as_signed(perms | 0xFFFFFFC0)
+            # the default is 'allow'
+            perms = (
+                perms
+                | StandardPermissions.ALLOW_FORM_FILLING
+                | StandardPermissions.ALLOW_ASSISTIVE_TECHNOLOGY
+                | StandardPermissions.ALLOW_REASSEMBLY
+                | StandardPermissions.ALLOW_HIGH_QUALITY_PRINTING
+            )
             u_entry, key = compute_u_value_r2(
                 desired_user_pass, o_entry, perms, id1
             )
@@ -387,7 +393,7 @@ def build_from_pw(
         cls,
         desired_owner_pass,
         desired_user_pass=None,
-        perms=ALL_PERMS,
+        perms: StandardPermissions = StandardPermissions.allow_everything(),
         encrypt_metadata=True,
         **kwargs,
     ):
@@ -437,7 +443,7 @@ def build_from_pw(
         )
         assert len(oe_seed) == 32
 
-        perms_bytes = struct.pack('<I', perms & 0xFFFFFFFC)
+        perms_bytes = perms.as_bytes()
         extd_perms_bytes = (
             perms_bytes
             + (b'\xff' * 4)
@@ -496,7 +502,7 @@ def __init__(
         version: SecurityHandlerVersion,
         revision: StandardSecuritySettingsRevision,
         legacy_keylen,  # in bytes, not bits
-        perm_flags: int,
+        perm_flags: StandardPermissions,
         odata,
         udata,
         oeseed=None,
@@ -530,7 +536,7 @@ def __init__(
             compat_entries=compat_entries,
         )
         self.revision = revision
-        self.perms = as_signed(perm_flags)
+        self.perms = perm_flags
         if revision >= StandardSecuritySettingsRevision.AES256:
             self.__class__._check_r6_values(
                 udata, odata, oeseed, ueseed, encrypted_perms
@@ -579,9 +585,21 @@ def _get_bytes(x: generic.PdfObject) -> bytes:
                 raise misc.PdfReadError(f"Expected string, but got {type(x)}")
             return x.original_bytes
 
+        def _parse_permissions(x: generic.PdfObject) -> StandardPermissions:
+            if isinstance(x, generic.NumberObject):
+                return StandardPermissions.from_sint32(x)
+            else:
+                raise misc.PdfReadError(
+                    f"Cannot parse {x} as a permission indicator"
+                )
+
         return dict(
             legacy_keylen=keylen,
-            perm_flags=as_signed(encrypt_dict.get('/P', ALL_PERMS)),
+            perm_flags=encrypt_dict.get_and_apply(
+                '/P',
+                _parse_permissions,
+                default=StandardPermissions.allow_everything(),
+            ),
             odata=odata.original_bytes[:48],
             udata=udata.original_bytes[:48],
             oeseed=encrypt_dict.get_and_apply('/OE', _get_bytes),
@@ -610,7 +628,7 @@ def as_pdf_object(self):
         result['/Filter'] = generic.NameObject('/Standard')
         result['/O'] = generic.ByteStringObject(self.odata)
         result['/U'] = generic.ByteStringObject(self.udata)
-        result['/P'] = generic.NumberObject(as_signed(self.perms))
+        result['/P'] = generic.NumberObject(self.perms.as_sint32())
         # this shouldn't be necessary for V5 handlers, but Adobe Reader
         # requires it anyway ...sigh...
         if (
@@ -752,7 +770,10 @@ def _authenticate_r6(self, password) -> Tuple[AuthStatus, Optional[bytes]]:
 
         # known plaintext mandated in the standard ...sigh...
         perms_ok = decrypted_p_entry[9:12] == b'adb'
-        perms_ok &= self.perms == struct.unpack('<i', decrypted_p_entry[:4])[0]
+        # endianness reversal
+        perms_ok &= self.perms == StandardPermissions.from_uint(
+            struct.unpack('<I', decrypted_p_entry[:4])[0]
+        )
         try:
             # check encrypt_metadata flag
             decr_metadata_flag = _EXPECTED_PERMS_8[decrypted_p_entry[8]]
diff --git a/pyhanko_tests/cli_tests/test_cli_crypt.py b/pyhanko_tests/cli_tests/test_cli_crypt.py
index e99510c9..cc1b257c 100644
--- a/pyhanko_tests/cli_tests/test_cli_crypt.py
+++ b/pyhanko_tests/cli_tests/test_cli_crypt.py
@@ -1,4 +1,5 @@
 import getpass
+from io import BytesIO
 
 import pytest
 from cryptography import x509 as pyca_x509
@@ -6,7 +7,14 @@
 from cryptography.hazmat.primitives.serialization import pkcs12
 
 from pyhanko.cli import cli_root
-from pyhanko.pdf_utils.crypt import AuthStatus
+from pyhanko.pdf_utils import writer
+from pyhanko.pdf_utils.crypt import (
+    AuthStatus,
+    PubKeySecurityHandler,
+    SecurityHandlerVersion,
+)
+from pyhanko.pdf_utils.crypt.permissions import PubKeyPermissions
+from pyhanko.pdf_utils.crypt.pubkey import RecipientEncryptionPolicy
 from pyhanko.pdf_utils.reader import PdfFileReader
 from pyhanko_tests.cli_tests.conftest import INPUT_PATH, _const
 from pyhanko_tests.samples import (
@@ -288,7 +296,28 @@ def pubkey_decryption(request):
         return ('pkcs12', [p12_file])
 
 
-def test_decrypt_with_private_key(cli_runner, pubkey_decryption, monkeypatch):
+def _sample_with_forbidden_encryption_change(h):
+
+    r = PdfFileReader(BytesIO(MINIMAL))
+    w = writer.copy_into_new_writer(r)
+
+    sh = PubKeySecurityHandler.build_from_certs(
+        [PUBKEY_SELFSIGNED_DECRYPTER.cert],
+        version=SecurityHandlerVersion.AES256,
+        keylen_bytes=32,
+        use_aes=True,
+        use_crypt_filters=True,
+        perms=~PubKeyPermissions.ALLOW_ENCRYPTION_CHANGE,
+        policy=RecipientEncryptionPolicy(ignore_key_usage=True),
+    )
+    w._assign_security_handler(sh)
+    w.write(h)
+
+
+@pytest.mark.parametrize('force', [True, False])
+def test_decrypt_with_private_key(
+    cli_runner, pubkey_decryption, monkeypatch, force
+):
     with open(INPUT_PATH, 'wb') as inf:
         inf.write(MINIMAL_PUBKEY_AES256)
     monkeypatch.setattr(getpass, 'getpass', _const('secret'))
@@ -299,7 +328,7 @@ def test_decrypt_with_private_key(cli_runner, pubkey_decryption, monkeypatch):
         [
             'decrypt',
             pubkey_decryption[0],
-            '--force',
+            *(('--force',) if force else ()),
             INPUT_PATH,
             output_path,
             *pubkey_decryption[1],
@@ -309,11 +338,11 @@ def test_decrypt_with_private_key(cli_runner, pubkey_decryption, monkeypatch):
     _check_first_page(output_path)
 
 
-def test_decrypt_with_private_key_no_force(
+def test_decrypt_with_private_key_no_force_change_of_encryption_forbidden(
     cli_runner, pubkey_decryption, monkeypatch
 ):
     with open(INPUT_PATH, 'wb') as inf:
-        inf.write(MINIMAL_PUBKEY_AES256)
+        _sample_with_forbidden_encryption_change(inf)
     monkeypatch.setattr(getpass, 'getpass', _const('secret'))
 
     output_path = 'out.pdf'
@@ -331,6 +360,29 @@ def test_decrypt_with_private_key_no_force(
     assert "Pass --force" in result.output
 
 
+def test_decrypt_with_private_key_force_change_of_encryption_forbidden(
+    cli_runner, pubkey_decryption, monkeypatch
+):
+    with open(INPUT_PATH, 'wb') as inf:
+        _sample_with_forbidden_encryption_change(inf)
+    monkeypatch.setattr(getpass, 'getpass', _const('secret'))
+
+    output_path = 'out.pdf'
+    result = cli_runner.invoke(
+        cli_root,
+        [
+            'decrypt',
+            pubkey_decryption[0],
+            '--force',
+            INPUT_PATH,
+            output_path,
+            *pubkey_decryption[1],
+        ],
+    )
+    assert not result.exception, result.output
+    _check_first_page(output_path)
+
+
 def test_decrypt_with_private_key_and_passfile(cli_runner, pubkey_decryption):
     with open(INPUT_PATH, 'wb') as inf:
         inf.write(MINIMAL_PUBKEY_AES256)
diff --git a/pyhanko_tests/data/pdf/minimal-aes256-malformed-oe.pdf b/pyhanko_tests/data/pdf/minimal-aes256-malformed-oe.pdf
new file mode 100644
index 00000000..a0bcdb9e
Binary files /dev/null and b/pyhanko_tests/data/pdf/minimal-aes256-malformed-oe.pdf differ
diff --git a/pyhanko_tests/data/pdf/minimal-aes256-malformed-perms.pdf b/pyhanko_tests/data/pdf/minimal-aes256-malformed-perms.pdf
new file mode 100644
index 00000000..1e7177fe
Binary files /dev/null and b/pyhanko_tests/data/pdf/minimal-aes256-malformed-perms.pdf differ
diff --git a/pyhanko_tests/test_crypt.py b/pyhanko_tests/test_crypt.py
index b384289c..da45218c 100644
--- a/pyhanko_tests/test_crypt.py
+++ b/pyhanko_tests/test_crypt.py
@@ -31,6 +31,10 @@
     build_crypt_filter,
     pubkey,
 )
+from pyhanko.pdf_utils.crypt.permissions import (
+    PubKeyPermissions,
+    StandardPermissions,
+)
 from pyhanko.pdf_utils.generic import pdf_name
 from pyhanko.pdf_utils.incremental_writer import IncrementalPdfFileWriter
 from pyhanko.pdf_utils.reader import PdfFileReader
@@ -47,6 +51,17 @@
     VECTOR_IMAGE_PDF,
 )
 
+STD_PERMS = (
+    ~StandardPermissions.ALLOW_MODIFICATION_GENERIC
+    & ~StandardPermissions.ALLOW_ANNOTS_FORM_FILLING
+)
+
+PUBKEY_PERMS = (
+    ~PubKeyPermissions.ALLOW_ENCRYPTION_CHANGE
+    & ~PubKeyPermissions.ALLOW_MODIFICATION_GENERIC
+    & ~PubKeyPermissions.ALLOW_ANNOTS_FORM_FILLING
+)
+
 
 def _produce_legacy_encrypted_file(rev, keylen_bytes, use_aes):
     r = PdfFileReader(BytesIO(VECTOR_IMAGE_PDF))
@@ -58,7 +73,7 @@ def _produce_legacy_encrypted_file(rev, keylen_bytes, use_aes):
         "usersecret",
         keylen_bytes=keylen_bytes,
         use_aes128=use_aes,
-        perms=-44,
+        perms=STD_PERMS,
     )
     w._assign_security_handler(sh)
     new_page_tree = w.import_object(
@@ -95,7 +110,7 @@ def test_legacy_encryption(use_owner_pass, rev, keylen_bytes, use_aes):
         assert result.status == AuthStatus.OWNER
     else:
         assert result.status == AuthStatus.USER
-    assert result.permission_flags == -44
+    assert result.permission_flags.as_sint32() == -44
     page = r.root['/Pages']['/Kids'][0].get_object()
     assert r.trailer['/Encrypt']['/P'] == -44
     assert '/ExtGState' in page['/Resources']
@@ -206,7 +221,7 @@ def _produce_pubkey_encrypted_file(
         version=version,
         use_aes=use_aes,
         use_crypt_filters=use_crypt_filters,
-        perms=-44,
+        perms=PUBKEY_PERMS,
         policy=policy,
     )
     w._assign_security_handler(sh)
@@ -221,7 +236,7 @@ def _produce_pubkey_encrypted_file(
 
 def _validate_pubkey_decryption(r, result):
     assert result.status == AuthStatus.USER
-    assert result.permission_flags == -44
+    assert result.permission_flags == PUBKEY_PERMS
     page = r.root['/Pages']['/Kids'][0].get_object()
     assert '/ExtGState' in page['/Resources']
     # just a piece of data I know occurs in the decoded content stream
@@ -323,6 +338,7 @@ def test_ecdh_decryption_smoke():
         r = PdfFileReader(inf)
         result = r.decrypt_pubkey(decrypter)
         assert result.status == AuthStatus.USER
+        assert result.permission_flags == PubKeyPermissions.allow_everything()
 
 
 def test_ecdh_decryption_wrong_key_type():
@@ -433,7 +449,7 @@ def test_key_encipherment_requirement():
             version=SecurityHandlerVersion.AES256,
             use_aes=True,
             use_crypt_filters=True,
-            perms=-44,
+            perms=PUBKEY_PERMS,
         )
 
 
@@ -464,7 +480,7 @@ def test_key_encipherment_requirement_override(
         version=version,
         use_aes=use_aes,
         use_crypt_filters=use_crypt_filters,
-        perms=-44,
+        perms=PUBKEY_PERMS,
         policy=pubkey.RecipientEncryptionPolicy(ignore_key_usage=True),
     )
     w._assign_security_handler(sh)
@@ -817,11 +833,11 @@ def test_aes256_perm_read():
     r = PdfFileReader(BytesIO(MINIMAL_ONE_FIELD_AES256))
     result = r.decrypt("ownersecret")
     assert result.status == AuthStatus.OWNER
-    assert result.permission_flags == -4
+    assert result.permission_flags == StandardPermissions.allow_everything()
     r = PdfFileReader(BytesIO(MINIMAL_ONE_FIELD_AES256))
     result = r.decrypt("usersecret")
     assert result.status == AuthStatus.USER
-    assert result.permission_flags == -4
+    assert result.permission_flags == StandardPermissions.allow_everything()
 
     assert r.trailer['/Encrypt']['/P'] == -4
 
@@ -1173,7 +1189,7 @@ def test_ser_deser_credential_pubkey_sh_cannot_extract_from_builder():
         version=SecurityHandlerVersion.RC4_OR_AES128,
         use_aes=True,
         use_crypt_filters=True,
-        perms=-44,
+        perms=PUBKEY_PERMS,
     )
     assert sh.extract_credential() is None
 
@@ -1273,7 +1289,7 @@ def test_encrypt_skipping_metadata(legacy):
             desired_user_pass="secret",
             keylen_bytes=16,
             use_aes128=True,
-            perms=-44,
+            perms=STD_PERMS,
             encrypt_metadata=False,
         )
         w._assign_security_handler(sh)
@@ -1434,7 +1450,7 @@ def test_legacy_o_u_values(entry):
         "usersecret",
         keylen_bytes=True,
         use_aes128=True,
-        perms=-44,
+        perms=STD_PERMS,
     )
     w.security_handler = sh
     enc_dict = sh.as_pdf_object()
@@ -1585,3 +1601,46 @@ def test_tolerate_empty_encrypted_string():
             decrypted, (generic.TextStringObject, generic.ByteStringObject)
         )
         assert decrypted.original_bytes == b""
+
+
+def test_process_malformed_p_entry():
+    with open(
+        f'{PDF_DATA_DIR}/minimal-aes256-malformed-perms.pdf', 'rb'
+    ) as inf:
+        r = PdfFileReader(inf)
+        with pytest.raises(
+            misc.PdfReadError, match="Cannot parse.*as a permission"
+        ):
+            r.decrypt("usersecret")
+
+
+def test_process_malformed_oe_entry():
+    with open(f'{PDF_DATA_DIR}/minimal-aes256-malformed-oe.pdf', 'rb') as inf:
+        r = PdfFileReader(inf)
+        with pytest.raises(misc.PdfReadError, match="Expected string"):
+            r.decrypt("usersecret")
+
+
+@pytest.mark.parametrize(
+    ['perm', 'expected_sint', 'expected_bytes'],
+    (
+        (StandardPermissions.allow_everything(), -4, b"\xff\xff\xff\xfc"),
+        (STD_PERMS, -44, b"\xff\xff\xff\xd4"),
+    ),
+)
+def test_std_permission_transformations(perm, expected_sint, expected_bytes):
+    assert (perm.as_sint32(), perm.as_bytes()) == (
+        expected_sint,
+        expected_bytes,
+    )
+
+
+@pytest.mark.parametrize(
+    ['perm', 'expected_bytes'],
+    (
+        (PubKeyPermissions.allow_everything(), b"\xff\xff\xff\xff"),
+        (PUBKEY_PERMS, b"\xff\xff\xff\xd5"),
+    ),
+)
+def test_pubkey_permission_transformations(perm, expected_bytes):
+    assert perm.as_bytes() == expected_bytes