Skip Menu |

This queue is for tickets about the CAM-PDF CPAN distribution.

Report information
The Basics
Id: 34180
Status: open
Priority: 0/
Queue: CAM-PDF
People
Owner: Nobody in particular
Requestors: waba [...] waba.be
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 1.12
Fixed in: (no value)

History Show all quoted text
  Tue Mar 18 03:33:06 2008 waba [...] waba.be - Ticket created
Subject: Opening encrypted PDFs
CAM::PDF should not require both owner and user passwords for opening encrypted PDFs. The logic in CAM::PDF::Decrypt should rather look like this: If the owner password alone is given, use it to recover the user password from the O entry. If the user password has been specified or recovered, check it against the U entry and then use it to decrypt the document. If no password has been given, try an empty user password (pretty common to specify permissions on a public document). If this doesn't work, give up. Note that as far as opening documents is concerned, accepting just one password and trying it first as owner and then user would work fine. It would also be more intuitive as this how most other PDF programs work. On a related topic, I have doubts on how the O and U values are computed: Adobe's specs mention hashing and/or encrypting the passwords 20 times, but I can't find that in the code. Please refer to the "Adobe Portable Document Format v1.7" specification pages 115-128 for more information. Thank you for your great package.
  Thu Jul 31 04:13:32 2008 chris+rt [...] chrisdolan.net - Status changed from 'new' to 'open'
  Thu Jul 31 04:15:15 2008 chris+rt [...] chrisdolan.net - Correspondence added
You're absolutely right. I finally read the specification closely enough to understand this. I think my implementation is still wrong for writing encrypted PDFs, but the latest version should work better for reading encrypted PDFs. If it would be convenient for you to test, I'd appreciate any feedback. Chris On Tue Mar 18 03:33:06 2008, waba@waba.be wrote: Show quoted text
> CAM::PDF should not require both owner and user passwords for opening > encrypted PDFs. > > The logic in CAM::PDF::Decrypt should rather look like this: > > If the owner password alone is given, use it to recover the user > password from the O entry. > > If the user password has been specified or recovered, check it against > the U entry and then use it to decrypt the document. > > If no password has been given, try an empty user password (pretty common > to specify permissions on a public document). If this doesn't work,
give up. Show quoted text
> > Note that as far as opening documents is concerned, accepting just one > password and trying it first as owner and then user would work fine. It > would also be more intuitive as this how most other PDF programs work. > > On a related topic, I have doubts on how the O and U values are > computed: Adobe's specs mention hashing and/or encrypting the passwords > 20 times, but I can't find that in the code. > > Please refer to the "Adobe Portable Document Format v1.7" specification > pages 115-128 for more information. > > Thank you for your great package.