[
https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412538#comment-16412538
]
Tilman Hausherr commented on PDFBOX-4155:
-----------------------------------------
Could you show an example that the current code is wrong, e.g. a string that is
passed to PDFBox but that can't be used when opening the same file with Adobe
Reader?
> Password Security with Unicode needs SASLprep
> ---------------------------------------------
>
> Key: PDFBOX-4155
> URL: https://issues.apache.org/jira/browse/PDFBOX-4155
> Project: PDFBox
> Issue Type: Bug
> Components: Crypto
> Affects Versions: 2.0.8
> Reporter: Marc Kaufman
> Priority: Minor
> Labels: security
>
> Standard Security handler for Version 6 (AES256) handles Unicode passwords.
> However the current handler is missing this part:
> "The UTF-8 password string shall be generated from Unicode input by
> processing the input string with the SASLprep (RFC 4013) profile of
> stringprep (RFC 3454) using the Normalize and BiDi options, and then
> converting to a UTF-8 representation."
> SASLprep is required to normalize equivalent codings for complex glyphs (such
> as those using umlauts, etc).
> pdmodel/encryption/StandardSecurityHandler.java
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
