[jira] [Comment Edited] (PDFBOX-4155) Password Security with Unicode needs SASLprep

2018-03-24 Thread Marc Kaufman (JIRA) 

[ 
https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16412704#comment-16412704
 ] 

Marc Kaufman edited comment on PDFBOX-4155 at 3/24/18 6:21 PM:
---

The attached PDF was encrypted with the Password: "SªSL­prep" 
[SSLprep]. If you use that 
string to open the file in Reader, it opens. The SASLprep'd equivalent is 
"SaSLprep" [ becomes 'a',  is removed], and that string will 
also open the file.

There are more complicated examples involving joining forms in some languages, 
and alternative representations of compound characters.

If you create a file in PDFBox, using the non-SASLprep string, you won't be 
able to open it in Acrobat. If you try to open the provided example file in 
PDFBox using the non-SASLprep string, it won't open.


was (Author: mkaufman):
The attached PDF was encrypted with the Password: "SªSL­prep" 
[SSLprep]. If you use that 
string to open the file in Reader, it opens. The SASLprep'd equivalent is 
"SaSLprep" [ becomes 'a',  is removed], and that string will 
also open the file.

There are more complicated examples involving joining forms in some languages, 
and alternative representations of compound characters.

If you create the file in PDFBox, using the non-SASLprep string, you won't be 
able to open it in Acrobat. If you try to open the example file using the 
non-SASLprep string, it won't open.

> Password Security with Unicode needs SASLprep
> -
>
> Key: PDFBOX-4155
> URL: https://issues.apache.org/jira/browse/PDFBOX-4155
> Project: PDFBox
>  Issue Type: Bug
>  Components: Crypto
>Affects Versions: 2.0.8
>Reporter: Marc Kaufman
>Priority: Minor
>  Labels: security
> Attachments: SASLPrep example.pdf
>
>
> Standard Security handler for Version 6 (AES256) handles Unicode passwords. 
> However the current handler is missing this part:
> "The UTF-8 password string shall be generated from Unicode input by 
> processing the input string with the SASLprep (RFC 4013) profile of 
> stringprep (RFC 3454) using the Normalize and BiDi options, and then 
> converting to a UTF-8 representation."
> SASLprep is required to normalize equivalent codings for complex glyphs (such 
> as those using umlauts, etc).
> pdmodel/encryption/StandardSecurityHandler.java



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org

[jira] [Comment Edited] (PDFBOX-4155) Password Security with Unicode needs SASLprep

2018-03-24 Thread Marc Kaufman (JIRA) 

[ 
https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16412704#comment-16412704
 ] 

Marc Kaufman edited comment on PDFBOX-4155 at 3/24/18 5:48 PM:
---

The attached PDF was encrypted with the Password: "SªSL­prep" 
[SSLprep]. If you use that 
string to open the file in Reader, it opens. The SASLprep'd equivalent is 
"SaSLprep" [ becomes 'a',  is removed], and that string will 
also open the file.

There are more complicated examples involving joining forms in some languages, 
and alternative representations of compound characters.

If you create the file in PDFBox, using the non-SASLprep string, you won't be 
able to open it in Acrobat. If you try to open the example file using the 
non-SASLprep string, it won't open.


was (Author: mkaufman):
The attached PDF was encrypted with the Password: "SªSL­prep" 
[SSLprep]. If you use that 
string to open the file in Reader, it opens. The SASLprep'd equivalent is 
"SaSLprep" [ becomes 'a',  is removed], and that string will 
also open the file.

There are more complicated examples involving joining forms in some languages, 
and alternative representations of compound characters.

> Password Security with Unicode needs SASLprep
> -
>
> Key: PDFBOX-4155
> URL: https://issues.apache.org/jira/browse/PDFBOX-4155
> Project: PDFBox
>  Issue Type: Bug
>  Components: Crypto
>Affects Versions: 2.0.8
>Reporter: Marc Kaufman
>Priority: Minor
>  Labels: security
> Attachments: SASLPrep example.pdf
>
>
> Standard Security handler for Version 6 (AES256) handles Unicode passwords. 
> However the current handler is missing this part:
> "The UTF-8 password string shall be generated from Unicode input by 
> processing the input string with the SASLprep (RFC 4013) profile of 
> stringprep (RFC 3454) using the Normalize and BiDi options, and then 
> converting to a UTF-8 representation."
> SASLprep is required to normalize equivalent codings for complex glyphs (such 
> as those using umlauts, etc).
> pdmodel/encryption/StandardSecurityHandler.java



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org

[jira] [Commented] (PDFBOX-4155) Password Security with Unicode needs SASLprep

2018-03-24 Thread Marc Kaufman (JIRA) 

[ 
https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16412704#comment-16412704
 ] 

Marc Kaufman commented on PDFBOX-4155:
--

The attached PDF was encrypted with the Password: "SªSL­prep" 
[SSLprep]. If you use that 
string to open the file in Reader, it opens. The SASLprep'd equivalent is 
"SaSLprep" [ becomes 'a',  is removed], and that string will 
also open the file.

There are more complicated examples involving joining forms in some languages, 
and alternative representations of compound characters.

> Password Security with Unicode needs SASLprep
> -
>
> Key: PDFBOX-4155
> URL: https://issues.apache.org/jira/browse/PDFBOX-4155
> Project: PDFBox
>  Issue Type: Bug
>  Components: Crypto
>Affects Versions: 2.0.8
>Reporter: Marc Kaufman
>Priority: Minor
>  Labels: security
> Attachments: SASLPrep example.pdf
>
>
> Standard Security handler for Version 6 (AES256) handles Unicode passwords. 
> However the current handler is missing this part:
> "The UTF-8 password string shall be generated from Unicode input by 
> processing the input string with the SASLprep (RFC 4013) profile of 
> stringprep (RFC 3454) using the Normalize and BiDi options, and then 
> converting to a UTF-8 representation."
> SASLprep is required to normalize equivalent codings for complex glyphs (such 
> as those using umlauts, etc).
> pdmodel/encryption/StandardSecurityHandler.java



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org

[jira] [Updated] (PDFBOX-4155) Password Security with Unicode needs SASLprep

2018-03-24 Thread Marc Kaufman (JIRA) 

 [ 
https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Marc Kaufman updated PDFBOX-4155:
-
Attachment: SASLPrep example.pdf

> Password Security with Unicode needs SASLprep
> -
>
> Key: PDFBOX-4155
> URL: https://issues.apache.org/jira/browse/PDFBOX-4155
> Project: PDFBox
>  Issue Type: Bug
>  Components: Crypto
>Affects Versions: 2.0.8
>Reporter: Marc Kaufman
>Priority: Minor
>  Labels: security
> Attachments: SASLPrep example.pdf
>
>
> Standard Security handler for Version 6 (AES256) handles Unicode passwords. 
> However the current handler is missing this part:
> "The UTF-8 password string shall be generated from Unicode input by 
> processing the input string with the SASLprep (RFC 4013) profile of 
> stringprep (RFC 3454) using the Normalize and BiDi options, and then 
> converting to a UTF-8 representation."
> SASLprep is required to normalize equivalent codings for complex glyphs (such 
> as those using umlauts, etc).
> pdmodel/encryption/StandardSecurityHandler.java



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org

[jira] [Commented] (PDFBOX-45) Support incremental save

2018-03-19 Thread Marc Kaufman (JIRA) 

[ 
https://issues.apache.org/jira/browse/PDFBOX-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16405044#comment-16405044
 ] 

Marc Kaufman commented on PDFBOX-45:


Incremental save is needed whenever a digitally signed document is modified. 
This is to protect the digital signature (which may be Reader Enablement or 
Certification or a User Signature). It does not matter what information is in 
the incremental save area (i.e. whether or not it is a signature). Acrobat will 
coelesce multiple incremental save blocks following a digital signature into a 
single incremental save block when applying a new digital signature, but that 
isn't a requirement. The saved file is typically a new file (SaveAs), but if 
doing a straight Save, write a new file then swap the file names. You need the 
bytes of the old file as the leading part of the new file.

Note that encryption must be applied that matches the original file encryption 
(all encryption must preceed any digital signatures), so that means the 
encryption information used to decrypt the file must be available at Save time 
and not applied as new (but that's a different JIRA bug).

> Support incremental save
> 
>
> Key: PDFBOX-45
> URL: https://issues.apache.org/jira/browse/PDFBOX-45
> Project: PDFBox
>  Issue Type: New Feature
>  Components: Writing
> Fix For: 3.0.0 PDFBox
>
>
> [imported from SourceForge]
> http://sourceforge.net/tracker/index.php?group_id=78314=552835=1157431
> Originally submitted by purplish_cat on 2005-03-05 12:28.
> After opening a PDF file and changing objects out of it, 
> allow to save the changes incrementally to the same file 
> instead of creating a completely new file.
> [comment on SourceForge]
> Originally sent by benlitchfield.
> Logged In: YES 
> user_id=601708
> See forum thread at
> https://sourceforge.net/forum/message.php?msg_id=3032112



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org

[jira] [Created] (PDFBOX-4155) Password Security with Unicode needs SASLprep

2018-03-17 Thread Marc Kaufman (JIRA) 
Marc Kaufman created PDFBOX-4155:


 Summary: Password Security with Unicode needs SASLprep
 Key: PDFBOX-4155
 URL: https://issues.apache.org/jira/browse/PDFBOX-4155
 Project: PDFBox
  Issue Type: Bug
  Components: Crypto
Affects Versions: 2.0.8
Reporter: Marc Kaufman
 Fix For: 2.0.9


Standard Security handler for Version 6 (AES256) handles Unicode passwords. 
However the current handler is missing this part:

"The UTF-8 password string shall be generated from Unicode input by processing 
the input string with the SASLprep (RFC 4013) profile of stringprep (RFC 3454) 
using the Normalize and BiDi options, and then converting to a UTF-8 
representation."

SASLprep is required to normalize equivalent codings for complex glyphs (such 
as those using umlauts, etc).

pdmodel/encryption/StandardSecurityHandler.java



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org