You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2019/06/01 17:49:00 UTC
[jira] [Commented] (PDFBOX-4155) Password Security with Unicode
needs SASLprep
[ https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16853777#comment-16853777 ]
ASF subversion and git services commented on PDFBOX-4155:
---------------------------------------------------------
Commit 1860486 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1860486 ]
PDFBOX-4155: use SASLprep algorithm implementation by Tom Bentley for revision 6, as suggested by Marc Kaufman
> Password Security with Unicode needs SASLprep
> ---------------------------------------------
>
> Key: PDFBOX-4155
> URL: https://issues.apache.org/jira/browse/PDFBOX-4155
> Project: PDFBox
> Issue Type: Bug
> Components: Crypto
> Affects Versions: 2.0.8
> Reporter: Marc Kaufman
> Priority: Minor
> Labels: security
> Attachments: SASLPrep example.pdf
>
>
> Standard Security handler for Version 6 (AES256) handles Unicode passwords. However the current handler is missing this part:
> "The UTF-8 password string shall be generated from Unicode input by processing the input string with the SASLprep (RFC 4013) profile of stringprep (RFC 3454) using the Normalize and BiDi options, and then converting to a UTF-8 representation."
> SASLprep is required to normalize equivalent codings for complex glyphs (such as those using umlauts, etc).
> pdmodel/encryption/StandardSecurityHandler.java
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org