Hi Tomas, Thanks for the info.
Adam, I agree the majority may be more interested in using the bc. But make it optional in "manifest" still server your interest. You can still use it without any issue. :) But for those such as us do not want it, it works for us too. In addition, if bc to be considered as a mandatory plugs-ins, that's fine too. But please modify http://pdfbox.apache.org/dependencies.html. On that page, it says "Optional dependencies". Thanks, Miao On Thu, Jun 23, 2011 at 12:07 PM, <[email protected]> wrote: > What would be the correct action if a user tries to decrypt a PDF without > the decryption libraries (bc)? Currently, it throws an exception, which > seems like the most reasonable thing to do. > > Marking bc as optional and not including it by default seems like it would > not be in the best interest to the majority of users. As Thomas > mentioned, encrypted PDFs are not rare, so not having the ability to > decrypt them out of the box would be a major drawback. As a side note, > many documents with no password and no apparent restrictions are still > encrypted, just with a blank password. You'll still need the decryption > libraries to deal with these documents. > > For those who are unwilling or unable to use bc, you can remove the > library manually as long as you do not need to ever deal with any > encrypted documents. On the other hand, if you need to deal with > encryption and can't use bc, we would be happy to accept a patch which > decrypts them without the library. Then if the bc libs aren't present, it > can fall back to your new implementation. This would make sure existing > users don't have any regression bugs (as they'll still use bc), and you'd > be able to remove bc and still have working crypto capabilities. Once the > non-bc version is stable and can handle all RC4, and AES cases that bc can > handle, we can mark the bc libs as optional. > > ---- > Thanks, > Adam > > > > > > From: > Thomas Chojecki <[email protected]> > To: > [email protected] > Date: > 06/23/2011 05:53 > Subject: > Re: Why org.bouncycastle.* packages were specified as mandatory in the > manifest in the pdfbox-1.5.0.jar > > > > Zitat von Miao Fan <[email protected]>: > > > Hello, > Hi Miao, > > > I downloaded pdfbox 1.4 and 1.5 recently, and found the manifest in the > > downloaded jars contains mandatory dependencies of org.bouncycastle.* > > plugins which should not. I have to modify wrapper it by removing them > from > > manifest to use. I want to confirm if that's a bug and if yes, how to > submit > > a bug against it? > Some functionality of the pdfbox need the BC. I would also prefer to > remove this dependancy because BC is a heavy weight library and do not > harmony with a small pdf library. > > > B.T.W, adding org.bouncycastle.* plugins is not option for us now since > it > > needs to get legal approval etc to get them in. > I found out that the PDF Encryption need the library. So only for > encrypted pdf documents. > > Maybe someone can rewrite the code of the *.pdmodel.encryption.* and > use only the java cryptography extension (JCE) > > > Thanks, > > > > Miao > > Best regards > Thomas > > > > > > > > - FHA 203b; 203k; HECM; VA; USDA; Conventional > - Warehouse Lines; FHA-Authorized Originators > - Lending and Servicing in over 45 States > www.swmc.com - www.simplehecmcalculator.com > Visit www.swmc.com/resources for helpful links on Training, Webinars, > Lender Alerts and Submitting Conditions > > This email and any content within or attached hereto from Sun West Mortgage > Company, Inc. is confidential and/or legally privileged. The information is > intended only for the use of the individual or entity named on this email. > If you are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution or taking any action in reliance on the > contents of this email information is strictly prohibited, and that the > documents should be returned to this office immediately by email. Receipt by > anyone other than the intended recipient is not a waiver of any privilege. > Please do not include your social security number, account number, or any > other personal or financial information in the content of the email. Should > you have any questions, please call (800) 453 7884.
