Lets wait if there are other reactions, I'd prefer to just change it to
SHA256. Files will be 64 bytes longer, no need to expand the API.
Be aware that md5 is also used elsewhere, e.g. when encrypting or
decrypting PDFs, it's part of the algorithm.
Tilman
On 08.04.2025 09:24, SRUJITH PULIPAKA wrote:
Hi Apache PDFBox Team,
I hope you're doing well.
We are currently using Apache PDFBox in our software stack and have
encountered an issue when deploying it in environments that enforce *FIPS
140-3 compliance.*
Specifically, in the *COSWriter class*, PDFBox uses the
*MessageDigest.getInstance("MD5")* call to generate document IDs. Under a
FIPS-enabled JVM, MD5 is not allowed as it is not a FIPS-approved
algorithm, leading to a `NoSuchAlgorithmException` during PDF generation.
Is there any workaround or configuration to avoid MD5 in such environments?
Alternatively, would the PDFBox team consider supporting a configurable or
FIPS-compatible digest algorithm (like SHA-256) for the document ID
generation?
We’d greatly appreciate any guidance or future roadmap considerations in
this regard. Thanks again for maintaining this excellent open-source
library.
Best regards,
Srujith
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: users-h...@pdfbox.apache.org
