Skip to content

Retain permission bits for deriving decryption key #413

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Retain permission bits for deriving decryption key #413

wants to merge 1 commit into from

Conversation

soyccan
Copy link

@soyccan soyccan commented Apr 15, 2025

Permission bits are used to derive the decryption key for the file. Hence, the permission bits need to be retained instead of having unused bits discarded.

@soyccan
Retain permission bits for deriving decryption key
d3eca35 
Permission bits are used to derive the decryption key for the file.
Hence, the permission bits need to be retained instead of having
unused bits discarded.
@StephanvanSchaik
Copy link
Contributor

StephanvanSchaik commented Apr 20, 2025
edited
Loading

Do you have a file for which this is currently a problem?

Your pull request is breaking compliance with the PDF specification, because those bits are not unused, but rather they are reserved and must be set to ones (which is what the p_value() method does). If this is actually necessary for some non-compliant PDF file, then this should ideally be solved by adding a Mode enum with Strict and Relaxed as variants instead of breaking compliance (to opt out of the stricter mode for PDF files that may not fully follow the specification).

I haven't had the time to look into why the tests fail, but that also needs to be addressed.

@soyccan
Copy link
Author

soyccan commented Apr 20, 2025
edited
Loading

I have got some, said, "non-compliant" PDF files but they contain sensitive data and therefore not appropriate to share here. I have successfully decrypt those files using mainstream PDF viewers (e.g. macOS Preview, Google Chrome) and other PDF libraries (e.g. PyPDF2).

I propose we encrypt some PDF file with non-compliant permission bits (say 0xffc, which by spec should be 0xfffffffc), and decrypt it using mainstream PDF viewers to confirm that such tolerance for non-compliant files is needed.

@StephanvanSchaik
Copy link
Contributor

I mean if you actually need to handle such files we can add support for that, but I think the right way to do this is to add a way to toggle the strictness because it makes sense that we reject non-complaint files by default and have a way for users to opt out of certain compliance checks instead (because obviously there are going to be a ton of non-compliant files in the wild) in general.

I am saying in general, because I think that your pull request makes sense as a base, but that we need to add the optional conformance check and fix the failing tests.

If you have some example files, even if artificially produced, that render in (most) main PDF viewers, that would be extremely helpful. I should be able to create them too given the information, but it is always great to have some example file ready to quickly test the implementation.

@StephanvanSchaik StephanvanSchaik mentioned this pull request Apr 20, 2025
Merged
@StephanvanSchaik
Copy link
Contributor

OK, the tests were failing because there are still instances of Permissions::p_value() that had to be replaced with Permissions::bits(). I think this should be fully fixed by PR #416.

@J-F-Liu J-F-Liu closed this May 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@soyccan @StephanvanSchaik @J-F-Liu