Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-5312

Decryption for V4 fails when no Length entry is set in Encryption Dictionary

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.24
    • 2.0.25, 3.0.0 PDFBox
    • Crypto
    • None

    Description

      The PDF standard defines the "Length" entry in the encryption dictionary to only have an effect in V2 or V3.

      However, PDFBox relies on that value for V4 as well and fails to decrypt files that do not define this length entry. It does not consider the length entry in the crypt filter dictionary instead that could be used to get information about the length:
      <</StdCF
      <</CFM
      /AESV2/Length
      16>>>>

      It should be noted that Adobe Acrobat generates files with the required "Length" entry in the encryption dictionary even when V4 is used. Therefore PDFBox correctly processes output from Adobe Acrobat. It would however be desirable for PDFBox to also handle other output that conforms to the PDF-Standard.

      I attached a file that is encrypted with an empty password and fails to be decrypted by pdfbox. However, you can open it with SumatraPDF, Acrobat Reader, Okular etc. (ignore the text on the actual page of the pdf-file ... our application read an RC4 file and wrote the output as AES 128Bit)

      Attachments

        1. ausdat.pdf
          23 kB
          Moritz Flöter

        Issue Links

          Activity

            People

              tilman Tilman Hausherr
              moritzf Moritz Flöter
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: