You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by Ad...@swmc.com on 2011/06/23 20:06:53 UTC
Fw: Why org.bouncycastle.* packages were specified as mandatory in the
manifest in the pdfbox-1.5.0.jar
Developers,
Miao has some good points (see below).
Obviously we don't want official releases to not be able to handle
encrypted documents, but could we mark it is optional in the manifest and
just make sure they are always included in the official releases?
I never was able to figure out how to use Maven and the manifest and all
that, so I just went around the Internet downloading jar files for all the
libs and manually including them in the project. So I'm not sure how the
above proposed change would affect others.
----
Thanks,
Adam
----- Forwarded by Adam Nichols/UR/CER/XLDynamics on 06/23/2011 10:52
-----
From:
Miao Fan <mi...@gmail.com>
To:
users@pdfbox.apache.org
Date:
06/23/2011 09:33
Subject:
Re: Why org.bouncycastle.* packages were specified as mandatory in the
manifest in the pdfbox-1.5.0.jar
Hi Tomas,
Thanks for the info.
Adam,
I agree the majority may be more interested in using the bc. But make it
optional in "manifest" still server your interest. You can still use it
without any issue. :) But for those such as us do not want it, it works
for
us too.
In addition, if bc to be considered as a mandatory plugs-ins, that's fine
too. But please modify http://pdfbox.apache.org/dependencies.html. On that
page, it says "Optional dependencies".
Thanks,
Miao
On Thu, Jun 23, 2011 at 12:07 PM, <Ad...@swmc.com> wrote:
> What would be the correct action if a user tries to decrypt a PDF
without
> the decryption libraries (bc)? Currently, it throws an exception, which
> seems like the most reasonable thing to do.
>
> Marking bc as optional and not including it by default seems like it
would
> not be in the best interest to the majority of users. As Thomas
> mentioned, encrypted PDFs are not rare, so not having the ability to
> decrypt them out of the box would be a major drawback. As a side note,
> many documents with no password and no apparent restrictions are still
> encrypted, just with a blank password. You'll still need the decryption
> libraries to deal with these documents.
>
> For those who are unwilling or unable to use bc, you can remove the
> library manually as long as you do not need to ever deal with any
> encrypted documents. On the other hand, if you need to deal with
> encryption and can't use bc, we would be happy to accept a patch which
> decrypts them without the library. Then if the bc libs aren't present,
it
> can fall back to your new implementation. This would make sure existing
> users don't have any regression bugs (as they'll still use bc), and
you'd
> be able to remove bc and still have working crypto capabilities. Once
the
> non-bc version is stable and can handle all RC4, and AES cases that bc
can
> handle, we can mark the bc libs as optional.
>
> ----
> Thanks,
> Adam
>
>
>
>
>
> From:
> Thomas Chojecki <in...@rayman2200.de>
> To:
> users@pdfbox.apache.org
> Date:
> 06/23/2011 05:53
> Subject:
> Re: Why org.bouncycastle.* packages were specified as mandatory in the
> manifest in the pdfbox-1.5.0.jar
>
>
>
> Zitat von Miao Fan <mi...@gmail.com>:
>
> > Hello,
> Hi Miao,
>
> > I downloaded pdfbox 1.4 and 1.5 recently, and found the manifest in
the
> > downloaded jars contains mandatory dependencies of org.bouncycastle.*
> > plugins which should not. I have to modify wrapper it by removing them
> from
> > manifest to use. I want to confirm if that's a bug and if yes, how to
> submit
> > a bug against it?
> Some functionality of the pdfbox need the BC. I would also prefer to
> remove this dependancy because BC is a heavy weight library and do not
> harmony with a small pdf library.
>
> > B.T.W, adding org.bouncycastle.* plugins is not option for us now
since
> it
> > needs to get legal approval etc to get them in.
> I found out that the PDF Encryption need the library. So only for
> encrypted pdf documents.
>
> Maybe someone can rewrite the code of the *.pdmodel.encryption.* and
> use only the java cryptography extension (JCE)
>
> > Thanks,
> >
> > Miao
>
> Best regards
> Thomas
>
>
>
>
>
>
>
> - FHA 203b; 203k; HECM; VA; USDA; Conventional
> - Warehouse Lines; FHA-Authorized Originators
> - Lending and Servicing in over 45 States
> www.swmc.com - www.simplehecmcalculator.com
> Visit www.swmc.com/resources for helpful links on Training, Webinars,
> Lender Alerts and Submitting Conditions
>
> This email and any content within or attached hereto from Sun West
Mortgage
> Company, Inc. is confidential and/or legally privileged. The information
is
> intended only for the use of the individual or entity named on this
email.
> If you are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution or taking any action in reliance on
the
> contents of this email information is strictly prohibited, and that the
> documents should be returned to this office immediately by email.
Receipt by
> anyone other than the intended recipient is not a waiver of any
privilege.
> Please do not include your social security number, account number, or
any
> other personal or financial information in the content of the email.
Should
> you have any questions, please call (800) 453 7884.
- FHA 203b; 203k; HECM; VA; USDA; Conventional
- Warehouse Lines; FHA-Authorized Originators
- Lending and Servicing in over 45 States
www.swmc.com - www.simplehecmcalculator.com Visit www.swmc.com/resources for helpful links on Training, Webinars, Lender Alerts and Submitting Conditions
This email and any content within or attached hereto from Sun West Mortgage Company, Inc. is confidential and/or legally privileged. The information is intended only for the use of the individual or entity named on this email. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this email information is strictly prohibited, and that the documents should be returned to this office immediately by email. Receipt by anyone other than the intended recipient is not a waiver of any privilege. Please do not include your social security number, account number, or any other personal or financial information in the content of the email. Should you have any questions, please call (800) 453 7884.
Re: Fw: Why org.bouncycastle.* packages were specified as mandatory
in the manifest in the pdfbox-1.5.0.jar
Posted by Andreas Lehmkühler <an...@lehmi.de>.
Hi,
Am 23.06.11 20:06, schrieb Adam@swmc.com:
> Developers,
>
> Miao has some good points (see below).
>
> Obviously we don't want official releases to not be able to handle
> encrypted documents,
I agree we can't remove the existing support.
> but could we mark it is optional in the manifest and
> just make sure they are always included in the official releases?
I had a quick look and it seems that it shouldn't be that complicated to
isolate the code whichs depends on bc.
But I like Thomas idea to use JCE instead of bc. Does anyone know if JCE
supports everything we need?
BR
Andreas Lehmkühler
>
> ----- Forwarded by Adam Nichols/UR/CER/XLDynamics on 06/23/2011 10:52
> -----
>
> From:
> Miao Fan<mi...@gmail.com>
> To:
> users@pdfbox.apache.org
> Date:
> 06/23/2011 09:33
> Subject:
> Re: Why org.bouncycastle.* packages were specified as mandatory in the
> manifest in the pdfbox-1.5.0.jar
>
>
>
> Hi Tomas,
>
> Thanks for the info.
>
>
> Adam,
>
> I agree the majority may be more interested in using the bc. But make it
> optional in "manifest" still server your interest. You can still use it
> without any issue. :) But for those such as us do not want it, it works
> for
> us too.
>
> In addition, if bc to be considered as a mandatory plugs-ins, that's fine
> too. But please modify http://pdfbox.apache.org/dependencies.html. On that
> page, it says "Optional dependencies".
>
>
> Thanks,
> Miao
>
> On Thu, Jun 23, 2011 at 12:07 PM,<Ad...@swmc.com> wrote:
>
>> What would be the correct action if a user tries to decrypt a PDF
> without
>> the decryption libraries (bc)? Currently, it throws an exception, which
>> seems like the most reasonable thing to do.
>>
>> Marking bc as optional and not including it by default seems like it
> would
>> not be in the best interest to the majority of users. As Thomas
>> mentioned, encrypted PDFs are not rare, so not having the ability to
>> decrypt them out of the box would be a major drawback. As a side note,
>> many documents with no password and no apparent restrictions are still
>> encrypted, just with a blank password. You'll still need the decryption
>> libraries to deal with these documents.
>>
>> For those who are unwilling or unable to use bc, you can remove the
>> library manually as long as you do not need to ever deal with any
>> encrypted documents. On the other hand, if you need to deal with
>> encryption and can't use bc, we would be happy to accept a patch which
>> decrypts them without the library. Then if the bc libs aren't present,
> it
>> can fall back to your new implementation. This would make sure existing
>> users don't have any regression bugs (as they'll still use bc), and
> you'd
>> be able to remove bc and still have working crypto capabilities. Once
> the
>> non-bc version is stable and can handle all RC4, and AES cases that bc
> can
>> handle, we can mark the bc libs as optional.
>>
>> ----
>> Thanks,
>> Adam
>>
>>
>>
>>
>>
>> From:
>> Thomas Chojecki<in...@rayman2200.de>
>> To:
>> users@pdfbox.apache.org
>> Date:
>> 06/23/2011 05:53
>> Subject:
>> Re: Why org.bouncycastle.* packages were specified as mandatory in the
>> manifest in the pdfbox-1.5.0.jar
>>
>>
>>
>> Zitat von Miao Fan<mi...@gmail.com>:
>>
>>> Hello,
>> Hi Miao,
>>
>>> I downloaded pdfbox 1.4 and 1.5 recently, and found the manifest in
> the
>>> downloaded jars contains mandatory dependencies of org.bouncycastle.*
>>> plugins which should not. I have to modify wrapper it by removing them
>> from
>>> manifest to use. I want to confirm if that's a bug and if yes, how to
>> submit
>>> a bug against it?
>> Some functionality of the pdfbox need the BC. I would also prefer to
>> remove this dependancy because BC is a heavy weight library and do not
>> harmony with a small pdf library.
>>
>>> B.T.W, adding org.bouncycastle.* plugins is not option for us now
> since
>> it
>>> needs to get legal approval etc to get them in.
>> I found out that the PDF Encryption need the library. So only for
>> encrypted pdf documents.
>>
>> Maybe someone can rewrite the code of the *.pdmodel.encryption.* and
>> use only the java cryptography extension (JCE)
>>
>>> Thanks,
>>>
>>> Miao
>>
>> Best regards
>> Thomas
>>
>>
>>
>>
>>
>>
>>
>> - FHA 203b; 203k; HECM; VA; USDA; Conventional
>> - Warehouse Lines; FHA-Authorized Originators
>> - Lending and Servicing in over 45 States
>> www.swmc.com - www.simplehecmcalculator.com
>> Visit www.swmc.com/resources for helpful links on Training, Webinars,
>> Lender Alerts and Submitting Conditions
>>
>> This email and any content within or attached hereto from Sun West
> Mortgage
>> Company, Inc. is confidential and/or legally privileged. The information
> is
>> intended only for the use of the individual or entity named on this
> email.
>> If you are not the intended recipient, you are hereby notified that any
>> disclosure, copying, distribution or taking any action in reliance on
> the
>> contents of this email information is strictly prohibited, and that the
>> documents should be returned to this office immediately by email.
> Receipt by
>> anyone other than the intended recipient is not a waiver of any
> privilege.
>> Please do not include your social security number, account number, or
> any
>> other personal or financial information in the content of the email.
> Should
>> you have any questions, please call (800) 453 7884.
>
>
> - FHA 203b; 203k; HECM; VA; USDA; Conventional
> - Warehouse Lines; FHA-Authorized Originators
> - Lending and Servicing in over 45 States
> www.swmc.com - www.simplehecmcalculator.com Visit www.swmc.com/resources for helpful links on Training, Webinars, Lender Alerts and Submitting Conditions
> This email and any content within or attached hereto from Sun West Mortgage Company, Inc. is confidential and/or legally privileged. The information is intended only for the use of the individual or entity named on this email. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this email information is strictly prohibited, and that the documents should be returned to this office immediately by email. Receipt by anyone other than the intended recipient is not a waiver of any privilege. Please do not include your social security number, account number, or any other personal or financial information in the content of the email. Should you have any questions, please call (800) 453 7884.