You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@pdfbox.apache.org by "Martijn Brinkers (JIRA)" <ji...@apache.org> on 2010/11/26 14:27:13 UTC

[jira] Created: (PDFBOX-907) Encrypted Key not correctly calculated when the meta data is not encrypted

Encrypted Key not correctly calculated when the meta data is not encrypted
--------------------------------------------------------------------------

                 Key: PDFBOX-907
                 URL: https://issues.apache.org/jira/browse/PDFBOX-907
             Project: PDFBox
          Issue Type: Bug
          Components: Parsing
    Affects Versions: 1.3.1
            Reporter: Martijn Brinkers


Since rev 4, meta data can be unencrypted while the data is encrypted. If the metadata is not encrypted 0xFFFFFFFF should be added to the hash:

"Security handlers of revision 4 or greater) If document metadata is not being encrypted, pass 4 bytes with
the value 0xFFFFFFFF to the MD5 hash function."

(see see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008)

Whether or not the metadata is encrypted is store in the encryption dictionary. The default value is to encrypt the meta data.

I will attach a patch to detect whether the meta data is encrypted, and if not 0xFFFFFFFF will be added.

The document that I have tested with can be downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (PDFBOX-907) Encrypted Key not correctly calculated when the meta data is not encrypted

Posted by "Martijn Brinkers (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/PDFBOX-907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martijn Brinkers updated PDFBOX-907:
------------------------------------

    Attachment: MBTA_Review_2009.pdf

Test file downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf

The file was found using google so it should be a file that is allowed to be read by the public

> Encrypted Key not correctly calculated when the meta data is not encrypted
> --------------------------------------------------------------------------
>
>                 Key: PDFBOX-907
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-907
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Parsing
>    Affects Versions: 1.3.1
>            Reporter: Martijn Brinkers
>         Attachments: MBTA_Review_2009.pdf, PDFBOX-907.patch
>
>
> Since rev 4, meta data can be unencrypted while the data is encrypted. If the metadata is not encrypted 0xFFFFFFFF should be added to the hash:
> "Security handlers of revision 4 or greater) If document metadata is not being encrypted, pass 4 bytes with
> the value 0xFFFFFFFF to the MD5 hash function."
> (see see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008)
> Whether or not the metadata is encrypted is store in the encryption dictionary. The default value is to encrypt the meta data.
> I will attach a patch to detect whether the meta data is encrypted, and if not 0xFFFFFFFF will be added.
> The document that I have tested with can be downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (PDFBOX-907) Encrypted Key not correctly calculated when the meta data is not encrypted

Posted by "Martijn Brinkers (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/PDFBOX-907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martijn Brinkers updated PDFBOX-907:
------------------------------------

    Attachment: PDFBOX-907.patch

Patch that makes sure that the encryption key is correctly calculated if meta data is not encrypted. 

This patch will also add a patch to throw an IllegalArgumentException when trying to encrypt with AES. AES encryption is not yet supported (it requires a random IV and the Encryption Dictionary must be modified to contain the AES encryption)

> Encrypted Key not correctly calculated when the meta data is not encrypted
> --------------------------------------------------------------------------
>
>                 Key: PDFBOX-907
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-907
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Parsing
>    Affects Versions: 1.3.1
>            Reporter: Martijn Brinkers
>         Attachments: PDFBOX-907.patch
>
>
> Since rev 4, meta data can be unencrypted while the data is encrypted. If the metadata is not encrypted 0xFFFFFFFF should be added to the hash:
> "Security handlers of revision 4 or greater) If document metadata is not being encrypted, pass 4 bytes with
> the value 0xFFFFFFFF to the MD5 hash function."
> (see see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008)
> Whether or not the metadata is encrypted is store in the encryption dictionary. The default value is to encrypt the meta data.
> I will attach a patch to detect whether the meta data is encrypted, and if not 0xFFFFFFFF will be added.
> The document that I have tested with can be downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (PDFBOX-907) Encrypted Key not correctly calculated when the meta data is not encrypted

Posted by "Andreas Lehmkühler (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/PDFBOX-907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andreas Lehmkühler resolved PDFBOX-907.
---------------------------------------

       Resolution: Fixed
    Fix Version/s: 1.4.0
         Assignee: Andreas Lehmkühler

I added the patch in revision 1041553 as proposed.

Thanks for the contribution

> Encrypted Key not correctly calculated when the meta data is not encrypted
> --------------------------------------------------------------------------
>
>                 Key: PDFBOX-907
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-907
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Parsing
>    Affects Versions: 1.3.1
>            Reporter: Martijn Brinkers
>            Assignee: Andreas Lehmkühler
>             Fix For: 1.4.0
>
>         Attachments: MBTA_Review_2009.pdf, PDFBOX-907.patch
>
>
> Since rev 4, meta data can be unencrypted while the data is encrypted. If the metadata is not encrypted 0xFFFFFFFF should be added to the hash:
> "Security handlers of revision 4 or greater) If document metadata is not being encrypted, pass 4 bytes with
> the value 0xFFFFFFFF to the MD5 hash function."
> (see see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008)
> Whether or not the metadata is encrypted is store in the encryption dictionary. The default value is to encrypt the meta data.
> I will attach a patch to detect whether the meta data is encrypted, and if not 0xFFFFFFFF will be added.
> The document that I have tested with can be downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (PDFBOX-907) Encrypted Key not correctly calculated when the meta data is not encrypted

Posted by "Adam Nichols (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/PDFBOX-907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12964842#action_12964842 ] 

Adam Nichols commented on PDFBOX-907:
-------------------------------------

I think AES encryption support was added by PDFBOX-872.  If the IV is random, then it also has to be included in plaintext or it wouldn't be possible to decrypt the first block.  I think you might mean the salt (See 7.6.2, page 58, PDF 32000-1:2008).  If there's anything further which needs added for AES, please let me know.

> Encrypted Key not correctly calculated when the meta data is not encrypted
> --------------------------------------------------------------------------
>
>                 Key: PDFBOX-907
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-907
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Parsing
>    Affects Versions: 1.3.1
>            Reporter: Martijn Brinkers
>         Attachments: MBTA_Review_2009.pdf, PDFBOX-907.patch
>
>
> Since rev 4, meta data can be unencrypted while the data is encrypted. If the metadata is not encrypted 0xFFFFFFFF should be added to the hash:
> "Security handlers of revision 4 or greater) If document metadata is not being encrypted, pass 4 bytes with
> the value 0xFFFFFFFF to the MD5 hash function."
> (see see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008)
> Whether or not the metadata is encrypted is store in the encryption dictionary. The default value is to encrypt the meta data.
> I will attach a patch to detect whether the meta data is encrypted, and if not 0xFFFFFFFF will be added.
> The document that I have tested with can be downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (PDFBOX-907) Encrypted Key not correctly calculated when the meta data is not encrypted

Posted by "Martijn Brinkers (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/PDFBOX-907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12964846#action_12964846 ] 

Martijn Brinkers commented on PDFBOX-907:
-----------------------------------------

AES decryption was added by PDFBOX-872. This patch however adds support for PDFs where the metadata is NOT encrypted. 

For PDF encryption, extra steps must be taken. 

> Encrypted Key not correctly calculated when the meta data is not encrypted
> --------------------------------------------------------------------------
>
>                 Key: PDFBOX-907
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-907
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Parsing
>    Affects Versions: 1.3.1
>            Reporter: Martijn Brinkers
>         Attachments: MBTA_Review_2009.pdf, PDFBOX-907.patch
>
>
> Since rev 4, meta data can be unencrypted while the data is encrypted. If the metadata is not encrypted 0xFFFFFFFF should be added to the hash:
> "Security handlers of revision 4 or greater) If document metadata is not being encrypted, pass 4 bytes with
> the value 0xFFFFFFFF to the MD5 hash function."
> (see see 7.6.3.3 Algorithm 2 Step f of PDF 32000-1:2008)
> Whether or not the metadata is encrypted is store in the encryption dictionary. The default value is to encrypt the meta data.
> I will attach a patch to detect whether the meta data is encrypted, and if not 0xFFFFFFFF will be added.
> The document that I have tested with can be downloaded from http://www.mbtareview.com/MBTA_Review_2009.pdf

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.