pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tilman Hausherr <THaush...@t-online.de>
Subject Re: pdf encryption with aes
Date Fri, 19 Feb 2016 07:36:54 GMT
Am 19.02.2016 um 00:22 schrieb Roberto Nibali:
> Hi Tilman
>
> On Thu, Feb 18, 2016 at 5:24 PM, Tilman Hausherr <THausherr@t-online.de>
> wrote:
>
>> It isn't supported.
>>
>> There are two alternatives if you use 2.0:
>>
>> 1) use keylength 256 => AES256 will be used
>> or
>> 2) change the source code. In  StandardSecurityHandler.java there is a line
>>
>> //TODO return 4 if keyLength is 128 to enable AES128 functionality
>>
>> replace it with this:
>>
>> else if (keyLength == 128)
>>      return 4;
>>
>> and your files can be encrypted with AES128 if you use keylen 128.
>>
>> There is no "official" way to enable AES128 encryption with a setter. The
>> AES128 encryption/decryption was implemented very recently by me (as part
>> of an issue that dealt with signing encrypted documents - PDFBOX-2729), I
>> didn't want to make too much changes before the 2.0 release because it
>> wouldn't have been tested enough.
>
> Took a quick comparison look at
> https://github.com/itext/itextpdf/blob/2aca066ea38a96a26ed9213655f667b2091f9bab/itext/src/main/java/com/itextpdf/text/pdf/PdfEncryption.java
> and
> pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java,
> and regarding the TODO you have mentioned above, I would have two questions:
>
>     1. In the version and revision number handling, you have prepared
>     everything already for AES-128, so why did you not enable the "return 4"
>     for keyLength == 128 in computeVersionNumber()?

As I said, I didn't want to make too many new features at that time, I 
think it was shortly before RC3. Currently, the AES128 is available only 
in a covert way, for people who sign encrypted files. I don't consider 
this very important, nobody ever missed AES128 before, and those who do 
can use AES256. IMHO it should be done for 2.1, and then with the option 
to turn AES on or off.

>     2. The PDF reference 1.7 on page 119 in Algorithm 3.1 step 2 at the
>     second paragraph mentions the backwards compatible salt composed of the
>     byte sequence 0x73, 0x41, 0x6C, 0x54. I cannot find it in the
>     StandardSecurityHandler.java in pdfxbox. Is this missing or am I shooting
>     blanks here?

It is in the base class SecurityHandler.java and is used by calcFinalKey 
which is called by encryptData.

Tilman

>
> Cheers
>
> Roberto
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org


Mime
View raw message