[
https://issues.apache.org/jira/browse/PDFBOX-5955?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17930977#comment-17930977
]
ASF subversion and git services commented on PDFBOX-5955:
---------------------------------------------------------
Commit 1924073 from Tilman Hausherr in branch 'pdfbox/branches/3.0'
[ https://svn.apache.org/r1924073 ]
PDFBOX-5955: pad encryption key as suggested by Ross Johnson; add test
> Support rare RC4 encryption where R=4, key length < 128 bits
> ------------------------------------------------------------
>
> Key: PDFBOX-5955
> URL: https://issues.apache.org/jira/browse/PDFBOX-5955
> Project: PDFBox
> Issue Type: Improvement
> Components: Crypto
> Reporter: Ross Johnson
> Priority: Major
> Attachments: R=4, V=4, 40-bit RC4.pdf, R=4, V=4, 48-bit RC4.pdf
>
>
> I've come across some PDFs that open fine in Acrobat, but seemingly no other
> viewer / parser. Upon further inspection, it seems these PDFs use a rare RC4
> encryption scheme where R=4 & V=4, but the key length is given as 40 bits / 5
> bytes instead of the normally expected 128 bits / 16 bytes.
> I can't find this behavior explicitly described in the PDF specs, but it
> seems that Acrobat extends the shorter key to 16 bytes (appending 0x00 bytes)
> in this situation before the steps described in "Algorithm 1: Encryption of
> data using the RC4 or AES algorithms".
> I've been able to generate a sample file that demonstrates the issue and uses
> a 40-bit key. I also made a similar file with a 48-bit key. Note that these
> files have an empty / blank user password, and Acrobat opens them without a
> password prompt.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
