Your message dated Thu, 24 Sep 2015 15:23:25 -0400
with message-id
<20150924152324.2232756468.qww314...@jberkenbilt-linux.appiancorp.com>
and subject line Re: Bug#799895: qpdf: Please make owner passwords optional
has caused the Debian Bug report #799895,
regarding qpdf: Please make owner passwords optional
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
799895: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799895
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: qpdf
Version: 5.1.2-2
Severity: wishlist
Dear Maintainer,
The "--encrypt" command must be followed by this sequence of options:
user-password owner-password key-length [restrictions] --
The owner-password is not for encryption, and only useful when
applying (the probably infrequent) use-case restrictions (which client
applications may optionally choose to enforce or disregard).
When unrestricted access to an encrypted document is needed, this
syntax encourages users to choose the same password for both the user
password and the owner password. If I understand the PDF spec
correctly, it actually compromises security to have an owner password
because it's visible to the client application. Well, I'm fuzzy on
that aspect. But in any case, key-length should not come after
owner-password, and owner password should be among the optional
restrictions and pre-emptable by a --, so that a document may be
encrypted without usage restrictions.
Also, it would be useful if the defaults for these options were
documated somewhere:
--print=print-opt
--modify=modify-opt
--use-aes
The defaults are not documented in 'man qpdf', 'qpdf --help', or in
/usr/share/doc/qpdf.
Thanks.
-- System Information:
Debian Release: 8.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages qpdf depends on:
ii libc6 2.19-18+deb8u1
ii libgcc1 1:4.9.2-10
ii libpcre3 2:8.35-3.3
ii libqpdf13 5.1.2-2
ii libstdc++6 4.9.2-10
ii zlib1g 1:1.2.8.dfsg-2+b1
qpdf recommends no packages.
qpdf suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Thanks for your report.
Jack Ryan <[email protected]> wrote:
> The "--encrypt" command must be followed by this sequence of options:
>
> user-password owner-password key-length [restrictions] --
>
> The owner-password is not for encryption, and only useful when
> applying (the probably infrequent) use-case restrictions (which client
> applications may optionally choose to enforce or disregard).
>
> When unrestricted access to an encrypted document is needed, this
> syntax encourages users to choose the same password for both the user
> password and the owner password. If I understand the PDF spec
> correctly, it actually compromises security to have an owner password
> because it's visible to the client application. Well, I'm fuzzy on
> that aspect. But in any case, key-length should not come after
> owner-password, and owner password should be among the optional
> restrictions and pre-emptable by a --, so that a document may be
> encrypted without usage restrictions.
This isn't quite accurate. For 128-bit and shorter keys, the owner
password is used to encrypt the user password, and the user password is
used for encryption. It is never possible to recover the owner password
(short of a brute-force attack), but if you have the owner password, you
can retrieve the user password.
For 256-bit keys, the user and the owner password each independently
encrypt a session key that is used for encryption. It is not possible to
recover either password.
The PDF specification does not provide a way to create encrypted files
with supplying both a user password and an owner password.
If you open a file in Adobe Acrobat with the owner password, the
document restrictions are not enforced. If you use the user password,
they are. If you use the same password for user and owner, Adobe Acrobat
will treat the file like you are the user. Other readers may behave
differently. qpdf does not honor document restrictions because honoring
them would be nonsensical for what qpdf does, so for qpdf, the user
password and the owner password are interchangeable.
> Also, it would be useful if the defaults for these options were
> documated somewhere:
>
> --print=print-opt
> --modify=modify-opt
> --use-aes
>
> The defaults are not documented in 'man qpdf', 'qpdf --help', or in
> /usr/share/doc/qpdf.
qpdf --help mentions: "The default for each permission option is to be
fully permissive."
--
Jay Berkenbilt <[email protected]>
--- End Message ---
