[PDFBOX-4155] Password Security with Unicode needs SASLprep - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.0.8
Fix Version/s: 2.0.16, 3.0.0 PDFBox
Component/s: Crypto
Labels:
- security

Description

Standard Security handler for Version 6 (AES256) handles Unicode passwords. However the current handler is missing this part:

"The UTF-8 password string shall be generated from Unicode input by processing the input string with the SASLprep (RFC 4013) profile of stringprep (RFC 3454) using the Normalize and BiDi options, and then converting to a UTF-8 representation."

SASLprep is required to normalize equivalent codings for complex glyphs (such as those using umlauts, etc).

pdmodel/encryption/StandardSecurityHandler.java

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SASLPrep example.pdf
24/Mar/18 17:44
7 kB
Marc Kaufman

Issue Links

is related to

PDFBOX-4660 Can't decrypt PDF when password contains special national characters

Open

relates to

KAFKA-6272 SASL PLAIN and SCRAM do not apply SASLPrep

Open

PDFBOX-4587 SASLPrep declares that u2070E is private use

Closed

TIKA-2858 JAXRS server: allow passwords with special chars (MIME encoded words)

Open

DIRAPI-256 We need to implement the SASLPrep RFC (RFC 4013)

Open

links to

Implementation of the SASLPrep algorithm by Tom Bentley

(1 links to)

Activity

People

Assignee:: Tilman Hausherr

Reporter:: Marc Kaufman

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 18/Mar/18 00:02

Updated:: 27/Sep/19 08:28

Resolved:: 01/Jun/19 17:57