Marc Kaufman created PDFBOX-4155: ------------------------------------ Summary: Password Security with Unicode needs SASLprep Key: PDFBOX-4155 URL: https://issues.apache.org/jira/browse/PDFBOX-4155 Project: PDFBox Issue Type: Bug Components: Crypto Affects Versions: 2.0.8 Reporter: Marc Kaufman Fix For: 2.0.9
Standard Security handler for Version 6 (AES256) handles Unicode passwords. However the current handler is missing this part: "The UTF-8 password string shall be generated from Unicode input by processing the input string with the SASLprep (RFC 4013) profile of stringprep (RFC 3454) using the Normalize and BiDi options, and then converting to a UTF-8 representation." SASLprep is required to normalize equivalent codings for complex glyphs (such as those using umlauts, etc). pdmodel/encryption/StandardSecurityHandler.java -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org