[
https://issues.apache.org/jira/browse/PDFBOX-5955?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17927295#comment-17927295
]
Ross Johnson commented on PDFBOX-5955:
--------------------------------------
Thank you for taking a look.
Based on my testing, Adobe is using the expected & documented algorithms for
verifying the user password and generating a 40-bit key, but then is doing an
undocumented extra key-lengthening step before actually encrypting / decrypting
data. Without this extra key-lengthening step, I would expect the decrypted
streams & strings to be random junk.
I forgot to mention, but as part of the apparent key lengthening that Acrobat
is doing, `n` needs to be updated from 5 to 16 bytes when performing the steps
of "Algorithm 1...".
For what it's worth, I do have these sample docs decrypting properly with a
different PDF lib that I modified for testing. I can successfully read the
/Pages value (obj 13 0) from ObjStm obj 4 0.
If I have some time next week, I can attempt to make the necessary changes to
PDFBox code to decrypt these docs.
> Support rare RC4 encryption where R=4, key length < 128 bits
> ------------------------------------------------------------
>
> Key: PDFBOX-5955
> URL: https://issues.apache.org/jira/browse/PDFBOX-5955
> Project: PDFBox
> Issue Type: Improvement
> Components: Crypto
> Reporter: Ross Johnson
> Priority: Major
> Attachments: R=4, V=4, 40-bit RC4.pdf, R=4, V=4, 48-bit RC4.pdf
>
>
> I've come across some PDFs that open fine in Acrobat, but seemingly no other
> viewer / parser. Upon further inspection, it seems these PDFs use a rare RC4
> encryption scheme where R=4 & V=4, but the key length is given as 40 bits / 5
> bytes instead of the normally expected 128 bits / 16 bytes.
> I can't find this behavior explicitly described in the PDF specs, but it
> seems that Acrobat extends the shorter key to 16 bytes (appending 0x00 bytes)
> in this situation before the steps described in "Algorithm 1: Encryption of
> data using the RC4 or AES algorithms".
> I've been able to generate a sample file that demonstrates the issue and uses
> a 40-bit key. I also made a similar file with a 48-bit key. Note that these
> files have an empty / blank user password, and Acrobat opens them without a
> password prompt.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
