[jira] [Commented] (PDFBOX-4784) Possibility to provide the SecureRandom to SecurityHandler

Mon, 02 Mar 2020 10:38:47 -0800 


    [ 
https://issues.apache.org/jira/browse/PDFBOX-4784?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17049543#comment-17049543
 ] 

Andreas Lehmkühler commented on PDFBOX-4784:
--------------------------------------------

As I'm not an encryption expert I'm not sure if I got the point. What exactly 
is the goal? 

* use the very same instance of SecureRandom for a SecurityHandler
* use a custom instance of SecureRandom which is passed to the SecurityHandler 
during initialization

The first could be achieved but adding a getter always returning the same 
SecureRandom instance for an instance of SecurityHandler. 
The second one could be achieved by extending the first solution with a setter 
which overrides the default instance of SecureRandom.

Or do you have a totally different solution in your mind?

> Possibility to provide the SecureRandom to SecurityHandler
> ----------------------------------------------------------
>
>                 Key: PDFBOX-4784
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-4784
>             Project: PDFBox
>          Issue Type: Improvement
>            Reporter: Pierrick Vandenbroucke
>            Priority: Major
>
> In DSS, we build electronic signatures with two stateless operations 
> (computation of the data to be signed and incorporation of the signature 
> value). Currently, the signature creation fails with encrypted documents 
> (AES) due to the Initialization Vector generations which produce different 
> values at each call.
> We would need a way to "stabilize" this part. We discussed about that on our 
> [issue tracker|https://ec.europa.eu/cefdigital/tracker/browse/DSS-1962] and 
> the idea would be to provide a custom instance of the SecureRandom to the 
> [SecurityHandler|https://github.com/apache/pdfbox/blob/2.0.19/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java#L381].



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to