[
https://issues.apache.org/jira/browse/PDFBOX-5955?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tilman Hausherr resolved PDFBOX-5955.
-------------------------------------
Assignee: Tilman Hausherr
Resolution: Fixed
Thanks for the report and the solution!
> Support rare RC4 encryption where R=4, key length < 128 bits
> ------------------------------------------------------------
>
> Key: PDFBOX-5955
> URL: https://issues.apache.org/jira/browse/PDFBOX-5955
> Project: PDFBox
> Issue Type: Improvement
> Components: Crypto
> Affects Versions: 2.0.33, 3.0.4 PDFBox
> Reporter: Ross Johnson
> Assignee: Tilman Hausherr
> Priority: Major
> Fix For: 2.0.34, 3.0.5 PDFBox, 4.0.0
>
> Attachments: R=4, V=4, 40-bit RC4.pdf, R=4, V=4, 48-bit RC4.pdf
>
>
> I've come across some PDFs that open fine in Acrobat, but seemingly no other
> viewer / parser. Upon further inspection, it seems these PDFs use a rare RC4
> encryption scheme where R=4 & V=4, but the key length is given as 40 bits / 5
> bytes instead of the normally expected 128 bits / 16 bytes.
> I can't find this behavior explicitly described in the PDF specs, but it
> seems that Acrobat extends the shorter key to 16 bytes (appending 0x00 bytes)
> in this situation before the steps described in "Algorithm 1: Encryption of
> data using the RC4 or AES algorithms".
> I've been able to generate a sample file that demonstrates the issue and uses
> a 40-bit key. I also made a similar file with a 48-bit key. Note that these
> files have an empty / blank user password, and Acrobat opens them without a
> password prompt.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
