[jira] [Updated] (PDFBOX-4155) Password Security with Unicode needs SASLprep
[ https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tilman Hausherr updated PDFBOX-4155: Fix Version/s: (was: 2.0.9) > Password Security with Unicode needs SASLprep > - > > Key: PDFBOX-4155 > URL: https://issues.apache.org/jira/browse/PDFBOX-4155 > Project: PDFBox > Issue Type: Bug > Components: Crypto >Affects Versions: 2.0.8 >Reporter: Marc Kaufman >Priority: Minor > Labels: security > > Standard Security handler for Version 6 (AES256) handles Unicode passwords. > However the current handler is missing this part: > "The UTF-8 password string shall be generated from Unicode input by > processing the input string with the SASLprep (RFC 4013) profile of > stringprep (RFC 3454) using the Normalize and BiDi options, and then > converting to a UTF-8 representation." > SASLprep is required to normalize equivalent codings for complex glyphs (such > as those using umlauts, etc). > pdmodel/encryption/StandardSecurityHandler.java -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Updated] (PDFBOX-4155) Password Security with Unicode needs SASLprep
[ https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marc Kaufman updated PDFBOX-4155: - Attachment: SASLPrep example.pdf > Password Security with Unicode needs SASLprep > - > > Key: PDFBOX-4155 > URL: https://issues.apache.org/jira/browse/PDFBOX-4155 > Project: PDFBox > Issue Type: Bug > Components: Crypto >Affects Versions: 2.0.8 >Reporter: Marc Kaufman >Priority: Minor > Labels: security > Attachments: SASLPrep example.pdf > > > Standard Security handler for Version 6 (AES256) handles Unicode passwords. > However the current handler is missing this part: > "The UTF-8 password string shall be generated from Unicode input by > processing the input string with the SASLprep (RFC 4013) profile of > stringprep (RFC 3454) using the Normalize and BiDi options, and then > converting to a UTF-8 representation." > SASLprep is required to normalize equivalent codings for complex glyphs (such > as those using umlauts, etc). > pdmodel/encryption/StandardSecurityHandler.java -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org