You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Martijn Brinkers (JIRA)" <ji...@apache.org> on 2010/11/26 14:27:13 UTC
[jira] Created: (PDFBOX-907) Encrypted Key not correctly calculated
when the meta data is not encrypted
Encrypted Key not correctly calculated when the meta data is not encrypted
--------------------------------------------------------------------------
Key: PDFBOX-907
URL: https://issues.apache.org/jira/browse/PDFBOX-907
Project: PDFBox
Issue Type: Bug
Components: Parsing
Affects Versions: 1.3.1
Reporter: Martijn Brinkers
Since rev 4, meta data can be unencrypted while the data is encrypted. If the metadata is not encrypted 0xFFFFFFFF should be added to the hash:
"Security handlers of revision 4 or greater) If document metadata is not being encrypted, pass 4 bytes with
the value 0xFFFFFFFF to the MD5 hash function."
(see see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008)
Whether or not the metadata is encrypted is store in the encryption dictionary. The default value is to encrypt the meta data.
I will attach a patch to detect whether the meta data is encrypted, and if not 0xFFFFFFFF will be added.
The document that I have tested with can be downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (PDFBOX-907) Encrypted Key not correctly calculated
when the meta data is not encrypted
Posted by "Martijn Brinkers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/PDFBOX-907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martijn Brinkers updated PDFBOX-907:
------------------------------------
Attachment: MBTA_Review_2009.pdf
Test file downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf
The file was found using google so it should be a file that is allowed to be read by the public
> Encrypted Key not correctly calculated when the meta data is not encrypted
> --------------------------------------------------------------------------
>
> Key: PDFBOX-907
> URL: https://issues.apache.org/jira/browse/PDFBOX-907
> Project: PDFBox
> Issue Type: Bug
> Components: Parsing
> Affects Versions: 1.3.1
> Reporter: Martijn Brinkers
> Attachments: MBTA_Review_2009.pdf, PDFBOX-907.patch
>
>
> Since rev 4, meta data can be unencrypted while the data is encrypted. If the metadata is not encrypted 0xFFFFFFFF should be added to the hash:
> "Security handlers of revision 4 or greater) If document metadata is not being encrypted, pass 4 bytes with
> the value 0xFFFFFFFF to the MD5 hash function."
> (see see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008)
> Whether or not the metadata is encrypted is store in the encryption dictionary. The default value is to encrypt the meta data.
> I will attach a patch to detect whether the meta data is encrypted, and if not 0xFFFFFFFF will be added.
> The document that I have tested with can be downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (PDFBOX-907) Encrypted Key not correctly calculated
when the meta data is not encrypted
Posted by "Martijn Brinkers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/PDFBOX-907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martijn Brinkers updated PDFBOX-907:
------------------------------------
Attachment: PDFBOX-907.patch
Patch that makes sure that the encryption key is correctly calculated if meta data is not encrypted.
This patch will also add a patch to throw an IllegalArgumentException when trying to encrypt with AES. AES encryption is not yet supported (it requires a random IV and the Encryption Dictionary must be modified to contain the AES encryption)
> Encrypted Key not correctly calculated when the meta data is not encrypted
> --------------------------------------------------------------------------
>
> Key: PDFBOX-907
> URL: https://issues.apache.org/jira/browse/PDFBOX-907
> Project: PDFBox
> Issue Type: Bug
> Components: Parsing
> Affects Versions: 1.3.1
> Reporter: Martijn Brinkers
> Attachments: PDFBOX-907.patch
>
>
> Since rev 4, meta data can be unencrypted while the data is encrypted. If the metadata is not encrypted 0xFFFFFFFF should be added to the hash:
> "Security handlers of revision 4 or greater) If document metadata is not being encrypted, pass 4 bytes with
> the value 0xFFFFFFFF to the MD5 hash function."
> (see see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008)
> Whether or not the metadata is encrypted is store in the encryption dictionary. The default value is to encrypt the meta data.
> I will attach a patch to detect whether the meta data is encrypted, and if not 0xFFFFFFFF will be added.
> The document that I have tested with can be downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (PDFBOX-907) Encrypted Key not correctly
calculated when the meta data is not encrypted
Posted by "Andreas Lehmkühler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/PDFBOX-907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andreas Lehmkühler resolved PDFBOX-907.
---------------------------------------
Resolution: Fixed
Fix Version/s: 1.4.0
Assignee: Andreas Lehmkühler
I added the patch in revision 1041553 as proposed.
Thanks for the contribution
> Encrypted Key not correctly calculated when the meta data is not encrypted
> --------------------------------------------------------------------------
>
> Key: PDFBOX-907
> URL: https://issues.apache.org/jira/browse/PDFBOX-907
> Project: PDFBox
> Issue Type: Bug
> Components: Parsing
> Affects Versions: 1.3.1
> Reporter: Martijn Brinkers
> Assignee: Andreas Lehmkühler
> Fix For: 1.4.0
>
> Attachments: MBTA_Review_2009.pdf, PDFBOX-907.patch
>
>
> Since rev 4, meta data can be unencrypted while the data is encrypted. If the metadata is not encrypted 0xFFFFFFFF should be added to the hash:
> "Security handlers of revision 4 or greater) If document metadata is not being encrypted, pass 4 bytes with
> the value 0xFFFFFFFF to the MD5 hash function."
> (see see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008)
> Whether or not the metadata is encrypted is store in the encryption dictionary. The default value is to encrypt the meta data.
> I will attach a patch to detect whether the meta data is encrypted, and if not 0xFFFFFFFF will be added.
> The document that I have tested with can be downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (PDFBOX-907) Encrypted Key not correctly
calculated when the meta data is not encrypted
Posted by "Adam Nichols (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/PDFBOX-907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12964842#action_12964842 ]
Adam Nichols commented on PDFBOX-907:
-------------------------------------
I think AES encryption support was added by PDFBOX-872. If the IV is random, then it also has to be included in plaintext or it wouldn't be possible to decrypt the first block. I think you might mean the salt (See 7.6.2, page 58, PDF 32000-1:2008). If there's anything further which needs added for AES, please let me know.
> Encrypted Key not correctly calculated when the meta data is not encrypted
> --------------------------------------------------------------------------
>
> Key: PDFBOX-907
> URL: https://issues.apache.org/jira/browse/PDFBOX-907
> Project: PDFBox
> Issue Type: Bug
> Components: Parsing
> Affects Versions: 1.3.1
> Reporter: Martijn Brinkers
> Attachments: MBTA_Review_2009.pdf, PDFBOX-907.patch
>
>
> Since rev 4, meta data can be unencrypted while the data is encrypted. If the metadata is not encrypted 0xFFFFFFFF should be added to the hash:
> "Security handlers of revision 4 or greater) If document metadata is not being encrypted, pass 4 bytes with
> the value 0xFFFFFFFF to the MD5 hash function."
> (see see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008)
> Whether or not the metadata is encrypted is store in the encryption dictionary. The default value is to encrypt the meta data.
> I will attach a patch to detect whether the meta data is encrypted, and if not 0xFFFFFFFF will be added.
> The document that I have tested with can be downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (PDFBOX-907) Encrypted Key not correctly
calculated when the meta data is not encrypted
Posted by "Martijn Brinkers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/PDFBOX-907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12964846#action_12964846 ]
Martijn Brinkers commented on PDFBOX-907:
-----------------------------------------
AES decryption was added by PDFBOX-872. This patch however adds support for PDFs where the metadata is NOT encrypted.
For PDF encryption, extra steps must be taken.
> Encrypted Key not correctly calculated when the meta data is not encrypted
> --------------------------------------------------------------------------
>
> Key: PDFBOX-907
> URL: https://issues.apache.org/jira/browse/PDFBOX-907
> Project: PDFBox
> Issue Type: Bug
> Components: Parsing
> Affects Versions: 1.3.1
> Reporter: Martijn Brinkers
> Attachments: MBTA_Review_2009.pdf, PDFBOX-907.patch
>
>
> Since rev 4, meta data can be unencrypted while the data is encrypted. If the metadata is not encrypted 0xFFFFFFFF should be added to the hash:
> "Security handlers of revision 4 or greater) If document metadata is not being encrypted, pass 4 bytes with
> the value 0xFFFFFFFF to the MD5 hash function."
> (see see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008)
> Whether or not the metadata is encrypted is store in the encryption dictionary. The default value is to encrypt the meta data.
> I will attach a patch to detect whether the meta data is encrypted, and if not 0xFFFFFFFF will be added.
> The document that I have tested with can be downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.