pdfbox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Lehmkühler <andr...@lehmi.de>
Subject Re: Fw: Why org.bouncycastle.* packages were specified as mandatory in the manifest in the pdfbox-1.5.0.jar
Date Thu, 07 Jul 2011 18:44:36 GMT
Hi,

Am 23.06.11 20:06, schrieb Adam@swmc.com:
> Developers,
>
> Miao has some good points (see below).
>
> Obviously we don't want official releases to not be able to handle
> encrypted documents,
I agree we can't remove the existing support.

> but could we mark it is optional in the manifest and
> just make sure they are always included in the official releases?
I had a quick look and it seems that it shouldn't be that complicated to 
isolate the code whichs depends on bc.

But I like Thomas idea to use JCE instead of bc. Does anyone know if JCE 
supports everything we need?

BR
Andreas Lehmkühler

>
> ----- Forwarded by Adam Nichols/UR/CER/XLDynamics on 06/23/2011 10:52
> -----
>
> From:
> Miao Fan<miao.fan@gmail.com>
> To:
> users@pdfbox.apache.org
> Date:
> 06/23/2011 09:33
> Subject:
> Re: Why org.bouncycastle.* packages were specified as mandatory in the
> manifest in the pdfbox-1.5.0.jar
>
>
>
> Hi Tomas,
>
> Thanks for the info.
>
>
> Adam,
>
> I agree the majority may be more interested in using the bc. But make it
> optional in "manifest" still server your interest. You can still use it
> without any issue. :) But for those such as us do not want it, it works
> for
> us too.
>
> In addition, if bc to be considered as a mandatory plugs-ins, that's fine
> too. But please modify http://pdfbox.apache.org/dependencies.html. On that
> page, it says "Optional dependencies".
>
>
> Thanks,
> Miao
>
> On Thu, Jun 23, 2011 at 12:07 PM,<Adam@swmc.com>  wrote:
>
>> What would be the correct action if a user tries to decrypt a PDF
> without
>> the decryption libraries (bc)?  Currently, it throws an exception, which
>> seems like the most reasonable thing to do.
>>
>> Marking bc as optional and not including it by default seems like it
> would
>> not be in the best interest to the majority of users.  As Thomas
>> mentioned, encrypted PDFs are not rare, so not having the ability to
>> decrypt them out of the box would be a major drawback.  As a side note,
>> many documents with no password and no apparent restrictions are still
>> encrypted, just with a blank password.  You'll still need the decryption
>> libraries to deal with these documents.
>>
>> For those who are unwilling or unable to use bc, you can remove the
>> library manually as long as you do not need to ever deal with any
>> encrypted documents.  On the other hand, if you need to deal with
>> encryption and can't use bc, we would be happy to accept a patch which
>> decrypts them without the library.  Then if the bc libs aren't present,
> it
>> can fall back to your new implementation.  This would make sure existing
>> users don't have any regression bugs (as they'll still use bc), and
> you'd
>> be able to remove bc and still have working crypto capabilities.  Once
> the
>> non-bc version is stable and can handle all RC4, and AES cases that bc
> can
>> handle, we can mark the bc libs as optional.
>>
>> ----
>> Thanks,
>> Adam
>>
>>
>>
>>
>>
>> From:
>> Thomas Chojecki<info@rayman2200.de>
>> To:
>> users@pdfbox.apache.org
>> Date:
>> 06/23/2011 05:53
>> Subject:
>> Re: Why org.bouncycastle.* packages were specified as mandatory in the
>> manifest in the pdfbox-1.5.0.jar
>>
>>
>>
>> Zitat von Miao Fan<miao.fan@gmail.com>:
>>
>>> Hello,
>> Hi Miao,
>>
>>> I downloaded pdfbox 1.4 and 1.5 recently, and found the manifest in
> the
>>> downloaded jars contains mandatory dependencies of org.bouncycastle.*
>>> plugins which should not. I have to modify wrapper it by removing them
>> from
>>> manifest to use. I want to confirm if that's a bug and if yes, how to
>> submit
>>> a bug against it?
>> Some functionality of the pdfbox need the BC. I would also prefer to
>> remove this dependancy because BC is a heavy weight library and do not
>> harmony with a small pdf library.
>>
>>> B.T.W, adding org.bouncycastle.* plugins is not option for us now
> since
>> it
>>> needs to get legal approval etc to get them in.
>> I found out that the PDF Encryption need the library. So only for
>> encrypted pdf documents.
>>
>> Maybe someone can rewrite the code of the *.pdmodel.encryption.* and
>> use only the java cryptography extension (JCE)
>>
>>> Thanks,
>>>
>>> Miao
>>
>> Best regards
>> Thomas
>>
>>
>>
>>
>>
>>
>>
>> - FHA 203b; 203k; HECM; VA; USDA; Conventional
>> - Warehouse Lines; FHA-Authorized Originators
>> - Lending and Servicing in over 45 States
>> www.swmc.com   -  www.simplehecmcalculator.com
>> Visit  www.swmc.com/resources   for helpful links on Training, Webinars,
>> Lender Alerts and Submitting Conditions
>>
>> This email and any content within or attached hereto from Sun West
> Mortgage
>> Company, Inc. is confidential and/or legally privileged. The information
> is
>> intended only for the use of the individual or entity named on this
> email.
>> If you are not the intended recipient, you are hereby notified that any
>> disclosure, copying, distribution or taking any action in reliance on
> the
>> contents of this email information is strictly prohibited, and that the
>> documents should be returned to this office immediately by email.
> Receipt by
>> anyone other than the intended recipient is not a waiver of any
> privilege.
>> Please do not include your social security number, account number, or
> any
>> other personal or financial information in the content of the email.
> Should
>> you have any questions, please call (800) 453 7884.
>
>
> - FHA 203b; 203k; HECM; VA; USDA; Conventional
> - Warehouse Lines; FHA-Authorized Originators
> - Lending and Servicing in over 45 States
> www.swmc.com   -  www.simplehecmcalculator.com   Visit  www.swmc.com/resources   for
helpful links on Training, Webinars, Lender Alerts and Submitting Conditions
> This email and any content within or attached hereto from Sun West Mortgage Company,
Inc. is confidential and/or legally privileged. The information is intended only for the use
of the individual or entity named on this email. If you are not the intended recipient, you
are hereby notified that any disclosure, copying, distribution or taking any action in reliance
on the contents of this email information is strictly prohibited, and that the documents should
be returned to this office immediately by email. Receipt by anyone other than the intended
recipient is not a waiver of any privilege. Please do not include your social security number,
account number, or any other personal or financial information in the content of the email.
Should you have any questions, please call (800) 453 7884.


Mime
View raw message