If you know the password, then there is no need to create a new PDF (at least 
in general, not sure of PoDoFo specifics here) – you can just sign the 
encrypted PDF directly (ensuring that all the new objects are properly 
encrypted as well).

Leonard

From: "F. E." <exler7...@gmail.com>
Date: Friday, August 4, 2017 at 9:57 AM
To: Leonard Rosenthol <lrose...@adobe.com>
Cc: "podofo-users@lists.sourceforge.net" <podofo-users@lists.sourceforge.net>
Subject: Re: [Podofo-users] Signing encrypted pdfs

>> would it work to append the pages of the encrypted pdf to an empty pdf
>>
> No, because you have to be able to decrypt the pages to combine them.
I should've make clear that I'm assuming I can decrypt it xD.

So yes, if I don't know the password, I can only add the encrypted pdf as an 
attachment to a new pdf and sign this.
If I know the password, i thought I could use podofo to load the encrypted pdf, 
append its pages to a new empty pdf and sign it afterwards.
Is this wishful thinking or could it work :) ?

2017-08-02 15:46 GMT+02:00 Leonard Rosenthol 
<lrose...@adobe.com<mailto:lrose...@adobe.com>>:
> would it work to append the pages of the encrypted pdf to an empty pdf
>
No, because you have to be able to decrypt the pages to combine them.

(in the FWIW/historical category – there are remnants of attempts to solve this 
still present in the PDF standard, in the form of Crypt Filters, but it turns 
out to just be a problem not worth solving in the long term)

Leonard

From: "F. E." <exler7...@gmail.com<mailto:exler7...@gmail.com>>
Date: Wednesday, August 2, 2017 at 5:53 AM
To: 
"podofo-users@lists.sourceforge.net<mailto:podofo-users@lists.sourceforge.net>" 
<podofo-users@lists.sourceforge.net<mailto:podofo-users@lists.sourceforge.net>>
Subject: Re: [Podofo-users] Signing encrypted pdfs

>        Hi,
>    load for update (and using WriteUpdate()) means that you keep the file
>    as is and only add your changes at the end. Having new values encrypted
>    and old values not, or using different encryption method, or even
>    trying to use old encryption on the new content, doesn't sound right to
>    me.

Ok, that explains my 1.) and the side note.

> It’s not technically possible to sign an encrypted PDF – because there is no 
> way to encrypt the new update section
> with the same key as the previous sections – unless you know what it is (and 
> then it’s a bit tricky still).
Convinced me ^^.

Some follow-up questions I'd like to ask:

  *   For my case 2.), signing an encrypted pdf with normal loading, I learned 
that the resulting pdf seems to have no password at all.
How does this happen? Does podofo remove the password encryption automatically 
when writing the signed file or is this some kind of error in the viewer?
  *   Instead of adding the encrypted pdf as attachment, which is a nice idea I 
didn't think about, would it work to append the pages of the encrypted pdf to 
an empty pdf and set encryption and signature then? I know there's an issue 
with embedded files when appending, but I could extract the files and delete 
them prior to appending and add them later again.
  *   I had a third question, but I don't know what it was about anymore :-/.



Regards,
F.E.



2017-08-02 0:45 GMT+02:00 Leonard Rosenthol via Podofo-users 
<podofo-users@lists.sourceforge.net<mailto:podofo-users@lists.sourceforge.net>>:
It’s not technically possible to sign an encrypted PDF – because there is no 
way to encrypt the new update section with the same key as the previous 
sections – unless you know what it is (and then it’s a bit tricky still).

Better to simply create a new PDF with the encrypted PDF as an attachment as 
part of a collection and then sign the new PDF.

Leonard

On 8/1/17, 11:27 AM, "zyx" <z...@litepdf.cz> wrote:

    On Tue, 2017-08-01 at 16:38 +0200, F. E. wrote:
    > As a side note, I noticed that I cannot use load-for-update in this
    > case, because the resulting pdf has an unknown password protection.
    > Neither my specified user nor owner password work for decryption.
    > That's odd and mighht be a bug, don't know ...

        Hi,
    load for update (and using WriteUpdate()) means that you keep the file
    as is and only add your changes at the end. Having new values encrypted
    and old values not, or using different encryption method, or even
    trying to use old encryption on the new content, doesn't sound right to
    me.

    Doing sign & encrypt at the same time sounds the way to go, as you
    figured out yourself.
        Bye,
        zyx

    --
    
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.litePDF.cz&data=02%7C01%7C%7C08f72d27a1eb4526088408d4d8f1c292%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636371980250993292&sdata=9YEy0XwyP2Aioj0EKQmb6J5xexlziVQRc3O3KnSU61U%3D&reserved=0
                                 i...@litepdf.cz

    
------------------------------------------------------------------------------
    Check out the vibrant tech community on one of the world's most
    engaging tech sites, Slashdot.org! 
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.link%2Fslashdot&data=02%7C01%7C%7C08f72d27a1eb4526088408d4d8f1c292%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636371980250993292&sdata=z%2B6nJU9jeBLfcT6Zf6fJwhOYw5JEZizBmLHvYCnsHdQ%3D&reserved=0
    _______________________________________________
    Podofo-users mailing list
    
Podofo-users@lists.sourceforge.net<mailto:Podofo-users@lists.sourceforge.net>
    
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpodofo-users&data=02%7C01%7C%7C08f72d27a1eb4526088408d4d8f1c292%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636371980250993292&sdata=sWzuGkB3yg7Z3U%2F23MWWWkQUl9U9Me8A8XsD8bXOm8w%3D&reserved=0


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! 
http://sdm.link/slashdot<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.link%2Fslashdot&data=02%7C01%7C%7Cf230bcc1f7cf494a5d9a08d4d98c4401%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636372643849400387&sdata=NWMCBIdwyViAjYRQ6h2cTDnNEcHDHSNdcLvDrnvorDU%3D&reserved=0>
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net<mailto:Podofo-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/podofo-users<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpodofo-users&data=02%7C01%7C%7Cf230bcc1f7cf494a5d9a08d4d98c4401%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636372643849400387&sdata=WxFglPKZCPWj3qflfPA6057gAl9vMlAjLT2fsYtJU%2FM%3D&reserved=0>


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users

Reply via email to