Package: pdftk
Version: 1.41+dfsg-9
Severity: serious
Tags: patch
The command
pdftk file.pdf output file-encrypted.pdf user_pw thePassword
sets not only a user password, but a random owner password.
Therefore the encryption pdf file is not usable for further usage by
pdftk or other pdf tools due to the fact that the owner password is
unknown.
The attached patch solve this by setting the owner password to the user
password in this case which means that no owner password is set
according to the PDF specification [1].
[1]: Section 3.5.2 of
http://partners.adobe.com/public/developer/en/pdf/PDFReference16.pdf
Description: Set 'no owner password' by setting the owner password to the user password.
This patch solves the issue of generating random owner passwords by the
setEncryption routine of itext if the supplied owner password has zero length.
According to the PDF specification, the meaning of 'no owner password' is archived
by setting the owner password equal to the user password.
Author: Johann Felix Soden <joh...@gmx.de>
--- a/pdftk/pdftk.cc
+++ b/pdftk/pdftk.cc
@@ -2193,6 +2193,10 @@
prompt_for_password( "user", "the output PDF", m_output_user_pw );
}
+ if( m_output_owner_pw.empty() && !m_output_user_pw.empty() ) {
+ m_output_owner_pw= m_output_user_pw;
+ }
+
jbyteArray output_owner_pw_p= JvNewByteArray( m_output_owner_pw.size() ); {
jbyte* pw_p= elements(output_owner_pw_p);
memcpy( pw_p, m_output_owner_pw.c_str(), m_output_owner_pw.size() );
