[
https://issues.apache.org/jira/browse/PDFBOX-1594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13889434#comment-13889434
]
Manuel Kasper edited comment on PDFBOX-1594 at 2/3/14 12:21 PM:
----------------------------------------------------------------
Here is a patch against PDFBox 1.8.4 that implements AES-256 encryption and
decryption. This is the PDF 1.7 AEL 8 / PDF 2.0 / ISO 32000-2 version
(V=5/R=6). To use it on the command line, simply specify {{-keyLength 256}}
when encrypting.
The JCE Unlimited Strength Jurisdiction Policy Files must be installed for
AES-256 to be available.
The patch also fixes a bug where PDFBox used a zero-length owner password if
only a user password was given during encryption (instead of using the same
string as the user and owner password), thereby rendering the encryption
practically useless.
Also, the order in which a given password is tested during decryption has been
changed to (owner, user) instead of (user, owner). This makes it possible to
decrypt files that only have a user password – otherwise this would fail as
PDFBox would treat the given password as the user password and not apply the
owner permissions.
Note: this patch is only for password-based, not public key based encryption.
Here is a quick reference of the encryption versions supported by PDFBox (no
guarantees for correctness):
||PDF version||Acrobat version||V||R||Enc. algo.||Key length||Password
hash||max. password length||Comments||Encrypt||Decrypt
|PDF 1.1-1.3|2-4|1|2/3|RC4|40|MD5|32| |Y|Y|
|PDF 1.4|5|2|3|RC4|128|MD5|32| |Y|Y|
|PDF 1.4|6|3|3|RC4|40-128|MD5|32|Shall not appear in a conforming PDF file.|N|?|
|PDF 1.5|6|4|4|RC4|128|MD5|32| |N|Y|
|PDF 1.6|7/8|4|4|AES|128|MD5|32| |N|Y|
|PDF 1.7 AEL3|9|5|5|AES|256|SHA-256|127|Shall not be used (deprecated Adobe
extension).|N|N|
|PDF 1.7 AEL8, PDF 2.0|X/XI|5|6|AES|256|SHA-256/SHA-384/SHA-512/AES|127| |P|P|
P = supported with patch
was (Author: neon1):
Here is a patch against PDFBox 1.8.4 that implements AES-256 encryption and
decryption. This is the PDF 1.7 AEL 8 / PDF 2.0 / ISO 32000-2 version
(V=5/R=6). To use it on the command line, simply specify {{-keyLength 256}}
when encrypting.
The JCE Unlimited Strength Jurisdiction Policy Files must be installed for
AES-256 to be available.
The patch also fixes a bug where PDFBox used a zero-length owner password if
only a user password was given during encryption (instead of using the same
string as the user and owner password), thereby rendering the encryption
practically useless.
Also, the order in which a given password is tested during decryption has been
changed to (owner, user) instead of (user, owner). This makes it possible to
decrypt files that only have a user password – otherwise this would fail as
PDFBox would treat the given password as the user password and not apply the
owner permissions.
Note: this patch is only for password-based, not public key based encryption.
> Add support for AES256 Encryption
> ----------------------------------
>
> Key: PDFBOX-1594
> URL: https://issues.apache.org/jira/browse/PDFBOX-1594
> Project: PDFBox
> Issue Type: Improvement
> Components: PDModel
> Reporter: Maruan Sahyoun
> Fix For: 2.0.0
>
> Attachments: pdfbox-1.8.4-aes256.diff
>
>
> Adobe 9 added support for AES 256 encryption. Further information is
> available at
> http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/pdfs/adobe_supplement_iso32000.pdf
> (specially 3.5.1) or ISO 32000-2.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
