You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Tilman Hausherr (JIRA)" <ji...@apache.org> on 2019/05/17 16:15:00 UTC
[jira] [Commented] (PDFBOX-4155) Password Security with Unicode
needs SASLprep
[ https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16842298#comment-16842298 ]
Tilman Hausherr commented on PDFBOX-4155:
-----------------------------------------
Our options:
1) change the documentation to mention that SASLPrep is to be used.
2) use the code. It requires a small change in prepareForDecryption() and in prepareDocumentForEncryption().
3) do both, i.e. improve documentation for 2.0.\*, and include the code in 3.0.\*.
[~lehmi] would we need a CLI for the code from Tom Bentley?
> Password Security with Unicode needs SASLprep
> ---------------------------------------------
>
> Key: PDFBOX-4155
> URL: https://issues.apache.org/jira/browse/PDFBOX-4155
> Project: PDFBox
> Issue Type: Bug
> Components: Crypto
> Affects Versions: 2.0.8
> Reporter: Marc Kaufman
> Priority: Minor
> Labels: security
> Attachments: SASLPrep example.pdf
>
>
> Standard Security handler for Version 6 (AES256) handles Unicode passwords. However the current handler is missing this part:
> "The UTF-8 password string shall be generated from Unicode input by processing the input string with the SASLprep (RFC 4013) profile of stringprep (RFC 3454) using the Normalize and BiDi options, and then converting to a UTF-8 representation."
> SASLprep is required to normalize equivalent codings for complex glyphs (such as those using umlauts, etc).
> pdmodel/encryption/StandardSecurityHandler.java
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org