[jira] [Comment Edited] (PDFBOX-4155) Password Security with Unicode needs SASLprep
[ https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16412704#comment-16412704 ] Marc Kaufman edited comment on PDFBOX-4155 at 3/24/18 6:21 PM: --- The attached PDF was encrypted with the Password: "SªSLprep" [SSLprep]. If you use that string to open the file in Reader, it opens. The SASLprep'd equivalent is "SaSLprep" [ becomes 'a', is removed], and that string will also open the file. There are more complicated examples involving joining forms in some languages, and alternative representations of compound characters. If you create a file in PDFBox, using the non-SASLprep string, you won't be able to open it in Acrobat. If you try to open the provided example file in PDFBox using the non-SASLprep string, it won't open. was (Author: mkaufman): The attached PDF was encrypted with the Password: "SªSLprep" [SSLprep]. If you use that string to open the file in Reader, it opens. The SASLprep'd equivalent is "SaSLprep" [ becomes 'a', is removed], and that string will also open the file. There are more complicated examples involving joining forms in some languages, and alternative representations of compound characters. If you create the file in PDFBox, using the non-SASLprep string, you won't be able to open it in Acrobat. If you try to open the example file using the non-SASLprep string, it won't open. > Password Security with Unicode needs SASLprep > - > > Key: PDFBOX-4155 > URL: https://issues.apache.org/jira/browse/PDFBOX-4155 > Project: PDFBox > Issue Type: Bug > Components: Crypto >Affects Versions: 2.0.8 >Reporter: Marc Kaufman >Priority: Minor > Labels: security > Attachments: SASLPrep example.pdf > > > Standard Security handler for Version 6 (AES256) handles Unicode passwords. > However the current handler is missing this part: > "The UTF-8 password string shall be generated from Unicode input by > processing the input string with the SASLprep (RFC 4013) profile of > stringprep (RFC 3454) using the Normalize and BiDi options, and then > converting to a UTF-8 representation." > SASLprep is required to normalize equivalent codings for complex glyphs (such > as those using umlauts, etc). > pdmodel/encryption/StandardSecurityHandler.java -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Comment Edited] (PDFBOX-4155) Password Security with Unicode needs SASLprep
[ https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16412704#comment-16412704 ] Marc Kaufman edited comment on PDFBOX-4155 at 3/24/18 5:48 PM: --- The attached PDF was encrypted with the Password: "SªSLprep" [SSLprep]. If you use that string to open the file in Reader, it opens. The SASLprep'd equivalent is "SaSLprep" [ becomes 'a', is removed], and that string will also open the file. There are more complicated examples involving joining forms in some languages, and alternative representations of compound characters. If you create the file in PDFBox, using the non-SASLprep string, you won't be able to open it in Acrobat. If you try to open the example file using the non-SASLprep string, it won't open. was (Author: mkaufman): The attached PDF was encrypted with the Password: "SªSLprep" [SSLprep]. If you use that string to open the file in Reader, it opens. The SASLprep'd equivalent is "SaSLprep" [ becomes 'a', is removed], and that string will also open the file. There are more complicated examples involving joining forms in some languages, and alternative representations of compound characters. > Password Security with Unicode needs SASLprep > - > > Key: PDFBOX-4155 > URL: https://issues.apache.org/jira/browse/PDFBOX-4155 > Project: PDFBox > Issue Type: Bug > Components: Crypto >Affects Versions: 2.0.8 >Reporter: Marc Kaufman >Priority: Minor > Labels: security > Attachments: SASLPrep example.pdf > > > Standard Security handler for Version 6 (AES256) handles Unicode passwords. > However the current handler is missing this part: > "The UTF-8 password string shall be generated from Unicode input by > processing the input string with the SASLprep (RFC 4013) profile of > stringprep (RFC 3454) using the Normalize and BiDi options, and then > converting to a UTF-8 representation." > SASLprep is required to normalize equivalent codings for complex glyphs (such > as those using umlauts, etc). > pdmodel/encryption/StandardSecurityHandler.java -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-4155) Password Security with Unicode needs SASLprep
[ https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16412704#comment-16412704 ] Marc Kaufman commented on PDFBOX-4155: -- The attached PDF was encrypted with the Password: "SªSLprep" [SSLprep]. If you use that string to open the file in Reader, it opens. The SASLprep'd equivalent is "SaSLprep" [ becomes 'a', is removed], and that string will also open the file. There are more complicated examples involving joining forms in some languages, and alternative representations of compound characters. > Password Security with Unicode needs SASLprep > - > > Key: PDFBOX-4155 > URL: https://issues.apache.org/jira/browse/PDFBOX-4155 > Project: PDFBox > Issue Type: Bug > Components: Crypto >Affects Versions: 2.0.8 >Reporter: Marc Kaufman >Priority: Minor > Labels: security > Attachments: SASLPrep example.pdf > > > Standard Security handler for Version 6 (AES256) handles Unicode passwords. > However the current handler is missing this part: > "The UTF-8 password string shall be generated from Unicode input by > processing the input string with the SASLprep (RFC 4013) profile of > stringprep (RFC 3454) using the Normalize and BiDi options, and then > converting to a UTF-8 representation." > SASLprep is required to normalize equivalent codings for complex glyphs (such > as those using umlauts, etc). > pdmodel/encryption/StandardSecurityHandler.java -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Updated] (PDFBOX-4155) Password Security with Unicode needs SASLprep
[ https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Kaufman updated PDFBOX-4155: - Attachment: SASLPrep example.pdf > Password Security with Unicode needs SASLprep > - > > Key: PDFBOX-4155 > URL: https://issues.apache.org/jira/browse/PDFBOX-4155 > Project: PDFBox > Issue Type: Bug > Components: Crypto >Affects Versions: 2.0.8 >Reporter: Marc Kaufman >Priority: Minor > Labels: security > Attachments: SASLPrep example.pdf > > > Standard Security handler for Version 6 (AES256) handles Unicode passwords. > However the current handler is missing this part: > "The UTF-8 password string shall be generated from Unicode input by > processing the input string with the SASLprep (RFC 4013) profile of > stringprep (RFC 3454) using the Normalize and BiDi options, and then > converting to a UTF-8 representation." > SASLprep is required to normalize equivalent codings for complex glyphs (such > as those using umlauts, etc). > pdmodel/encryption/StandardSecurityHandler.java -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-45) Support incremental save
[ https://issues.apache.org/jira/browse/PDFBOX-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16405044#comment-16405044 ] Marc Kaufman commented on PDFBOX-45: Incremental save is needed whenever a digitally signed document is modified. This is to protect the digital signature (which may be Reader Enablement or Certification or a User Signature). It does not matter what information is in the incremental save area (i.e. whether or not it is a signature). Acrobat will coelesce multiple incremental save blocks following a digital signature into a single incremental save block when applying a new digital signature, but that isn't a requirement. The saved file is typically a new file (SaveAs), but if doing a straight Save, write a new file then swap the file names. You need the bytes of the old file as the leading part of the new file. Note that encryption must be applied that matches the original file encryption (all encryption must preceed any digital signatures), so that means the encryption information used to decrypt the file must be available at Save time and not applied as new (but that's a different JIRA bug). > Support incremental save > > > Key: PDFBOX-45 > URL: https://issues.apache.org/jira/browse/PDFBOX-45 > Project: PDFBox > Issue Type: New Feature > Components: Writing > Fix For: 3.0.0 PDFBox > > > [imported from SourceForge] > http://sourceforge.net/tracker/index.php?group_id=78314=552835=1157431 > Originally submitted by purplish_cat on 2005-03-05 12:28. > After opening a PDF file and changing objects out of it, > allow to save the changes incrementally to the same file > instead of creating a completely new file. > [comment on SourceForge] > Originally sent by benlitchfield. > Logged In: YES > user_id=601708 > See forum thread at > https://sourceforge.net/forum/message.php?msg_id=3032112 -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Created] (PDFBOX-4155) Password Security with Unicode needs SASLprep
Marc Kaufman created PDFBOX-4155: Summary: Password Security with Unicode needs SASLprep Key: PDFBOX-4155 URL: https://issues.apache.org/jira/browse/PDFBOX-4155 Project: PDFBox Issue Type: Bug Components: Crypto Affects Versions: 2.0.8 Reporter: Marc Kaufman Fix For: 2.0.9 Standard Security handler for Version 6 (AES256) handles Unicode passwords. However the current handler is missing this part: "The UTF-8 password string shall be generated from Unicode input by processing the input string with the SASLprep (RFC 4013) profile of stringprep (RFC 3454) using the Normalize and BiDi options, and then converting to a UTF-8 representation." SASLprep is required to normalize equivalent codings for complex glyphs (such as those using umlauts, etc). pdmodel/encryption/StandardSecurityHandler.java -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org