pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Miao Fan <miao....@gmail.com>
Subject Re: Why org.bouncycastle.* packages were specified as mandatory in the manifest in the pdfbox-1.5.0.jar
Date Thu, 23 Jun 2011 16:33:09 GMT
Hi Tomas,

Thanks for the info.


I agree the majority may be more interested in using the bc. But make it
optional in "manifest" still server your interest. You can still use it
without any issue. :) But for those such as us do not want it, it works for
us too.

In addition, if bc to be considered as a mandatory plugs-ins, that's fine
too. But please modify http://pdfbox.apache.org/dependencies.html. On that
page, it says "Optional dependencies".


On Thu, Jun 23, 2011 at 12:07 PM, <Adam@swmc.com> wrote:

> What would be the correct action if a user tries to decrypt a PDF without
> the decryption libraries (bc)?  Currently, it throws an exception, which
> seems like the most reasonable thing to do.
> Marking bc as optional and not including it by default seems like it would
> not be in the best interest to the majority of users.  As Thomas
> mentioned, encrypted PDFs are not rare, so not having the ability to
> decrypt them out of the box would be a major drawback.  As a side note,
> many documents with no password and no apparent restrictions are still
> encrypted, just with a blank password.  You'll still need the decryption
> libraries to deal with these documents.
> For those who are unwilling or unable to use bc, you can remove the
> library manually as long as you do not need to ever deal with any
> encrypted documents.  On the other hand, if you need to deal with
> encryption and can't use bc, we would be happy to accept a patch which
> decrypts them without the library.  Then if the bc libs aren't present, it
> can fall back to your new implementation.  This would make sure existing
> users don't have any regression bugs (as they'll still use bc), and you'd
> be able to remove bc and still have working crypto capabilities.  Once the
> non-bc version is stable and can handle all RC4, and AES cases that bc can
> handle, we can mark the bc libs as optional.
> ----
> Thanks,
> Adam
> From:
> Thomas Chojecki <info@rayman2200.de>
> To:
> users@pdfbox.apache.org
> Date:
> 06/23/2011 05:53
> Subject:
> Re: Why org.bouncycastle.* packages were specified as mandatory in the
> manifest in the pdfbox-1.5.0.jar
> Zitat von Miao Fan <miao.fan@gmail.com>:
> > Hello,
> Hi Miao,
> > I downloaded pdfbox 1.4 and 1.5 recently, and found the manifest in the
> > downloaded jars contains mandatory dependencies of org.bouncycastle.*
> > plugins which should not. I have to modify wrapper it by removing them
> from
> > manifest to use. I want to confirm if that's a bug and if yes, how to
> submit
> > a bug against it?
> Some functionality of the pdfbox need the BC. I would also prefer to
> remove this dependancy because BC is a heavy weight library and do not
> harmony with a small pdf library.
> > B.T.W, adding org.bouncycastle.* plugins is not option for us now since
> it
> > needs to get legal approval etc to get them in.
> I found out that the PDF Encryption need the library. So only for
> encrypted pdf documents.
> Maybe someone can rewrite the code of the *.pdmodel.encryption.* and
> use only the java cryptography extension (JCE)
> > Thanks,
> >
> > Miao
> Best regards
> Thomas
> - FHA 203b; 203k; HECM; VA; USDA; Conventional
> - Warehouse Lines; FHA-Authorized Originators
> - Lending and Servicing in over 45 States
> www.swmc.com   -  www.simplehecmcalculator.com
> Visit  www.swmc.com/resources   for helpful links on Training, Webinars,
> Lender Alerts and Submitting Conditions
> This email and any content within or attached hereto from Sun West Mortgage
> Company, Inc. is confidential and/or legally privileged. The information is
> intended only for the use of the individual or entity named on this email.
> If you are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution or taking any action in reliance on the
> contents of this email information is strictly prohibited, and that the
> documents should be returned to this office immediately by email. Receipt by
> anyone other than the intended recipient is not a waiver of any privilege.
> Please do not include your social security number, account number, or any
> other personal or financial information in the content of the email. Should
> you have any questions, please call (800) 453 7884.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message