[jira] [Commented] (PDFBOX-3149) Failure to decrypt empty strings (AES 128)

Wed, 02 Dec 2015 23:32:01 -0800 

    [ 
https://issues.apache.org/jira/browse/PDFBOX-3149?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15037429#comment-15037429
 ] 

Jesse Long commented on PDFBOX-3149:
------------------------------------

Tilman, sorry, but the one example I have is NDA protected, but please check my 
example above:

<</Name ()>>

(Be warned, I might use the wrong names for things here, long time since I read 
the PDF spec)

This is a dictionary. It has one key/value pair. The key is /Name, the value is 
what is between the (). In my example PDF, there are actually many key/value 
pairs, like:

<</Producer (encrypted bytes)/CreationDate (encrypted bytes)/ModDate (encrypted 
bytes)/Keywords ()>>

Now, when there is content, the first 16 bytes of the encrypted bytes is the IV 
for the AES cipher. PDFBox fails to decrypt the value if it cannot fully read 
the first 16 bytes as the IV. As you can see with the /Keywords entry above, 
there is an empty encrypted value. We fail to decrypt this because we cannot 
read the first 16 bytes of the empty value as IV.

What I am doing with this patch is saying, if the encrypted data is completely 
empty, then the decrypted data is also empty, it doesn't matter if we cannot 
read the IV, because there is no data after the IV which we need to decrypt.

If this explanation does not suffice, I will try create an example file for you.

Also, do you know why encrypt with AES 128 is not supported? I would like to 
add a patch for that...

> Failure to decrypt empty strings (AES 128)
> ------------------------------------------
>
>                 Key: PDFBOX-3149
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-3149
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Crypto, Parsing, PDModel
>    Affects Versions: 2.0.0
>            Reporter: Jesse Long
>            Assignee: Tilman Hausherr
>            Priority: Minor
>         Attachments: PDFBOX-3149.patch
>
>
> SecurityHandler fails to decrypt empty strings in a AES 128 encrypted PDF. 
> Strings like: <</Name ()>>
> This is because it tries to read the first 16 bytes as the AES IV, failing 
> which it throws IOException. Solution: if you cannot read any bytes from the 
> stream, it is empty and so there is nothing to decrypt.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to