pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From A...@swmc.com
Subject Re: Why org.bouncycastle.* packages were specified as mandatory in the manifest in the pdfbox-1.5.0.jar
Date Thu, 23 Jun 2011 16:07:40 GMT
What would be the correct action if a user tries to decrypt a PDF without 
the decryption libraries (bc)?  Currently, it throws an exception, which 
seems like the most reasonable thing to do.

Marking bc as optional and not including it by default seems like it would 
not be in the best interest to the majority of users.  As Thomas 
mentioned, encrypted PDFs are not rare, so not having the ability to 
decrypt them out of the box would be a major drawback.  As a side note, 
many documents with no password and no apparent restrictions are still 
encrypted, just with a blank password.  You'll still need the decryption 
libraries to deal with these documents.

For those who are unwilling or unable to use bc, you can remove the 
library manually as long as you do not need to ever deal with any 
encrypted documents.  On the other hand, if you need to deal with 
encryption and can't use bc, we would be happy to accept a patch which 
decrypts them without the library.  Then if the bc libs aren't present, it 
can fall back to your new implementation.  This would make sure existing 
users don't have any regression bugs (as they'll still use bc), and you'd 
be able to remove bc and still have working crypto capabilities.  Once the 
non-bc version is stable and can handle all RC4, and AES cases that bc can 
handle, we can mark the bc libs as optional.


Thomas Chojecki <info@rayman2200.de>
06/23/2011 05:53
Re: Why org.bouncycastle.* packages were specified as mandatory in the 
manifest in the pdfbox-1.5.0.jar

Zitat von Miao Fan <miao.fan@gmail.com>:

> Hello,
Hi Miao,

> I downloaded pdfbox 1.4 and 1.5 recently, and found the manifest in the
> downloaded jars contains mandatory dependencies of org.bouncycastle.*
> plugins which should not. I have to modify wrapper it by removing them 
> manifest to use. I want to confirm if that's a bug and if yes, how to 
> a bug against it?
Some functionality of the pdfbox need the BC. I would also prefer to 
remove this dependancy because BC is a heavy weight library and do not 
harmony with a small pdf library.

> B.T.W, adding org.bouncycastle.* plugins is not option for us now since 
> needs to get legal approval etc to get them in.
I found out that the PDF Encryption need the library. So only for 
encrypted pdf documents.

Maybe someone can rewrite the code of the *.pdmodel.encryption.* and 
use only the java cryptography extension (JCE)

> Thanks,
> Miao

Best regards

- FHA 203b; 203k; HECM; VA; USDA; Conventional 
- Warehouse Lines; FHA-Authorized Originators 
- Lending and Servicing in over 45 States 
www.swmc.com   -  www.simplehecmcalculator.com   
Visit  www.swmc.com/resources   for helpful links on Training, Webinars, Lender Alerts and
Submitting Conditions  

This email and any content within or attached hereto from Sun West Mortgage Company, Inc.
is confidential and/or legally privileged. The information is intended only for the use of
the individual or entity named on this email. If you are not the intended recipient, you are
hereby notified that any disclosure, copying, distribution or taking any action in reliance
on the contents of this email information is strictly prohibited, and that the documents should
be returned to this office immediately by email. Receipt by anyone other than the intended
recipient is not a waiver of any privilege. Please do not include your social security number,
account number, or any other personal or financial information in the content of the email.
Should you have any questions, please call (800) 453 7884.  
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message