New AES-256 encryption (#872)

.banditrc.yml

@@ -2,3 +2,6 @@ skips:
   # Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   # => OK, we don't care though
   - B101
+  # B305:blacklist - Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.
+  # Need to bypass this check because the PDF specification demands the use of ECB mode on one of the encryption algorithms
+  - B305

docs/Encryption.md

@@ -81,7 +81,7 @@ If no permission is specified it will default to `all()`.
 
 ## Encryption method ##
 
-There are 3 available encryption methods:
+There are 4 available encryption methods:
 
   * `NO_ENCRYPTION`
     Data is not encrypted, only add the access permission flags.
@@ -90,7 +90,10 @@ There are 3 available encryption methods:
     Default PDF encryption algorithm.
 
   * `AES_128`
-    Encrypts the data with AES algorithm. Requires the `cryptography` package.
+    Encrypts the data with 128 bit key AES algorithm. Requires the `cryptography` package.
+
+  * `AES_256`
+    Encrypts the data with 256 bit key AES algorithm. Requires the `cryptography` package.
 
 ```python
 from fpdf import FPDF

fpdf/annotations.py

@@ -52,12 +52,12 @@ def __init__(
         self.f_t = Name(field_type) if field_type else None
         self.v = value
         self.f = sum(flags)
-        self.contents = PDFString(contents) if contents else None
+        self.contents = PDFString(contents, encrypt=True) if contents else None
         self.a = action
         self.dest = dest
         self.c = f"[{color[0]} {color[1]} {color[2]}]" if color else None
-        self.t = PDFString(title) if title else None
-        self.m = PDFDate(modification_time) if modification_time else None
+        self.t = PDFString(title, encrypt=True) if title else None
+        self.m = PDFDate(modification_time, encrypt=True) if modification_time else None
         self.quad_points = (
             pdf_list(f"{quad_point:.2f}" for quad_point in quad_points)
             if quad_points