Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-4155

Password Security with Unicode needs SASLprep

    XMLWordPrintableJSON

    Details

      Description

      Standard Security handler for Version 6 (AES256) handles Unicode passwords. However the current handler is missing this part:

      "The UTF-8 password string shall be generated from Unicode input by processing the input string with the SASLprep (RFC 4013) profile of stringprep (RFC 3454) using the Normalize and BiDi options, and then converting to a UTF-8 representation."

      SASLprep is required to normalize equivalent codings for complex glyphs (such as those using umlauts, etc).

      pdmodel/encryption/StandardSecurityHandler.java

        Attachments

        1. SASLPrep example.pdf
          7 kB
          Marc Kaufman

          Issue Links

            Activity

              People

              • Assignee:
                tilman Tilman Hausherr
                Reporter:
                MKaufman Marc Kaufman
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: