[
https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412704#comment-16412704
]
Marc Kaufman commented on PDFBOX-4155:
--------------------------------------
The attached PDF was encrypted with the Password: "SªSLprep"
[S<U+00AA>SL<U+00AD><U+00AD><U+00AD><U+00AD><U+00AD>prep]. If you use that
string to open the file in Reader, it opens. The SASLprep'd equivalent is
"SaSLprep" [<U+00AA> becomes 'a', <U+00AD> is removed], and that string will
also open the file.
There are more complicated examples involving joining forms in some languages,
and alternative representations of compound characters.
> Password Security with Unicode needs SASLprep
> ---------------------------------------------
>
> Key: PDFBOX-4155
> URL: https://issues.apache.org/jira/browse/PDFBOX-4155
> Project: PDFBox
> Issue Type: Bug
> Components: Crypto
> Affects Versions: 2.0.8
> Reporter: Marc Kaufman
> Priority: Minor
> Labels: security
> Attachments: SASLPrep example.pdf
>
>
> Standard Security handler for Version 6 (AES256) handles Unicode passwords.
> However the current handler is missing this part:
> "The UTF-8 password string shall be generated from Unicode input by
> processing the input string with the SASLprep (RFC 4013) profile of
> stringprep (RFC 3454) using the Normalize and BiDi options, and then
> converting to a UTF-8 representation."
> SASLprep is required to normalize equivalent codings for complex glyphs (such
> as those using umlauts, etc).
> pdmodel/encryption/StandardSecurityHandler.java
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
