pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tilman Hausherr <THaush...@t-online.de>
Subject Re: pdf encryption with aes
Date Sat, 20 Feb 2016 09:42:27 GMT
Am 20.02.2016 um 08:06 schrieb M. Niedermair:
>
>>> On this occasion I would like to see if you used as Owner password
>>> null (new StandardProtectionPolicy(null, null, ap)), a PW is randomly
>>> generated (as it does for example iText).
>>
>> Sorry, I don't understand you. AES256 does have a random component but
>> this is a salt.
>
> i use:
>       final AccessPermission ap = new AccessPermission();
>       ap.setCanPrint(true);
>       ap.setCanPrintDegraded(true);
>       ap.setCanModify(false);
>       ap.setCanAssembleDocument(false);
>       ap.setCanExtractContent(false);
>       ap.setCanFillInForm(false);
>       ap.setCanExtractForAccessibility(false);
>       ap.setCanModifyAnnotations(false);
>
> final StandardProtectionPolicy spp = new 
> StandardProtectionPolicy(null, null, ap);
>       spp.setEncryptionKeyLength(256);
>       document.protect(spp);
>
> output:
> pdfbox     : 2.0.0-RC3
> Version    : 1.5
> encrypted  : true
> enc_accesspermission        : true
> enc_extractcontent          : true
> enc_extractforaccessibility : true
> enc_fillinform              : true
> enc_modify                  : true
> enc_modifyannotations       : true
> enc_print                   : true
> enc_printdegraded           : true
> enc_length      : 256
> enc_sh_length   : 40
> enc_sh_name     : AES
>
> The rights are not set correctly when I use a null pw.

This is correct because you entered the owner password (which is null).

>
> Use the following code it works.
>
>
>       final MessageDigest md5 = MessageDigest.getInstance("MD5");
>       String ownerpw = null;
>       if (ownerpw == null) {
>          ownerpw = new String(md5.digest((System.nanoTime() + " x " + 
> Runtime.getRuntime().freeMemory()).getBytes()));
>       }
>
>       final StandardProtectionPolicy spp = new 
> StandardProtectionPolicy(ownerpw, null, ap);
>       spp.setEncryptionKeyLength(256);
>       document.protect(spp);
>
> Output:
> pdfbox     : 2.0.0-RC3
> Version    : 1.5
> encrypted  : true
> enc_accesspermission        : false
> enc_extractcontent          : false
> enc_extractforaccessibility : false
> enc_fillinform              : false
> enc_modify                  : false
> enc_modifyannotations       : false
> enc_print                   : true
> enc_printdegraded           : true
> enc_length      : 256
> enc_sh_length   : 40
>
> Therefore, my suggestion is to generate a pw, if it is not set.


Yes, itext does this:
http://developers.itextpdf.com/reference/com.itextpdf.text.pdf.PdfStamper#6pjfi6ejm84
"Sets the encryption options for this document. The userPassword and the 
ownerPassword can be null or have zero length. In this case the 
ownerPassword is replaced by a random string."

Our API doesn't have such a concept. I don't see why this should be 
done. If you want a random password, then set it yourself.

Tilman

>
> By
> Michael
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: users-help@pdfbox.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org


Mime
View raw message