[
https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16853778#comment-16853778
]
ASF subversion and git services commented on PDFBOX-4155:
---------------------------------------------------------
Commit 1860487 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1860487 ]
PDFBOX-4155: use SASLprep algorithm implementation by Tom Bentley for revision
6, as suggested by Marc Kaufman
> Password Security with Unicode needs SASLprep
> ---------------------------------------------
>
> Key: PDFBOX-4155
> URL: https://issues.apache.org/jira/browse/PDFBOX-4155
> Project: PDFBox
> Issue Type: Bug
> Components: Crypto
> Affects Versions: 2.0.8
> Reporter: Marc Kaufman
> Priority: Minor
> Labels: security
> Attachments: SASLPrep example.pdf
>
>
> Standard Security handler for Version 6 (AES256) handles Unicode passwords.
> However the current handler is missing this part:
> "The UTF-8 password string shall be generated from Unicode input by
> processing the input string with the SASLprep (RFC 4013) profile of
> stringprep (RFC 3454) using the Normalize and BiDi options, and then
> converting to a UTF-8 representation."
> SASLprep is required to normalize equivalent codings for complex glyphs (such
> as those using umlauts, etc).
> pdmodel/encryption/StandardSecurityHandler.java
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
