[
https://issues.apache.org/jira/browse/PDFBOX-2456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14205031#comment-14205031
]
Tilman Hausherr commented on PDFBOX-2456:
-----------------------------------------
Hello [~leonardr]... in the 1.7 spec, there is this in 7.6.3.4:
{quote}
c)(Security handlers of revision 3 or greater) Do the following 50 times: Take
the output from the previous MD5 hash and pass it as input into a new MD5 hash.
{quote}
at another place (7.6.3.3), it says
{quote}
(Security handlers of revision 3 or greater) Do the following 50 times: Take
the output from the previous MD5 hash and pass the first n bytes of the output
as input into a new MD5 hash, where n is the number of bytes of the encryption
key as defined by the value of the encryption dictionary’s Length entry.
{quote}
Could you look whether this been changed in the upcoming 2.0 version? I'd
suspect that the short version is wrong. I'm having trouble with PDF files with
40bit encryption, i.e. PDFBox claims that the owner password doesn't match
although it should. When changing one line in our code so that the key length
is considered in the MD5 hash, it works.
> create TestSymmetricKeyEncryption.java
> --------------------------------------
>
> Key: PDFBOX-2456
> URL: https://issues.apache.org/jira/browse/PDFBOX-2456
> Project: PDFBox
> Issue Type: Improvement
> Components: Utilities
> Affects Versions: 2.0.0
> Environment: java7 debian7
> Reporter: Ralf Hauser
> Labels: AES256
> Fix For: 2.0.0
>
> Attachments: AES256.diff, TestSymmetricKeyEncryption.java,
> enc128bit_20141025_115145.pdf, enc256bit_20141025_105451.pdf,
> preEnc_20141025_105451.pdf, preEnc_20141025_115145.pdf
>
>
> similarly to org.apache.pdfbox.encryption.TestPublicKeyEncryption, also test
> password based encryption
> 1) 128bit
> 2) 256bit AES PDFBOX-1594
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
