pdf - PDFBOX security not working -
i using pdfbox - 1.8.13, seems pdf security not working expected. if owner password set , user password not, pdfbox allows decrypt pdf file if don't provide owner password . please doing wrong.
the code encrypting pdf file :
pddocument document = pddocument.load(new file("/home/dummy/dummy.pdf"),null); accesspermission perms = new accesspermission(); perms.setcanassembledocument(false);; perms.setcanextractcontent(false); perms.setcanmodify(false); perms.setcanmodifyannotations(false); perms.setcanextractforaccessibility(false); perms.setcanfillinform(false); perms.setcanprint(false); perms.setreadonly(); perms.setcanprintdegraded(false); perms.setcanextractforaccessibility(false); document.setallsecuritytoberemoved(false); standardprotectionpolicy policy = new standardprotectionpolicy("adminpasswordtest", "", perms); policy.setpermissions(perms); document.protect(policy); document.save("/home/dummy/dummy_secured.pdf"); document.close();
the code decrypting pdf
pddocument doc = pddocument.load("/home/dummy/dummy_secured.pdf", true); if (doc.isencrypted()) { //remove security before adding protections doc.decrypt(""); //this should not decrypted because owner password not provided doc.setallsecuritytoberemoved(true); //this user not provided permissions } doc.save("/home/dummy/dummy_decrypted.pdf"); doc.close();
it seems pdf security not working expected.
in case need adjust expectations. ;)
this how pdf password encryption works:
- the user password password used encryption , decryption.
- the owner password allows access (a pre-processed version of) user password in pdf can used decrypt document.
the empty user password "" used encryption, therefore, password needs decrypt pdf.
using owner password instead of user password allows decrypt pdf (see above, allows pdf processor retrieve user password continue , decrypt file) , additionally tells pdf processor owner of document and, therefore, shall not restricted of permissions not given in document @ hand.
pdf libraries either don't care permissions @ (afaik pdfbox doesn't) or have switch override restrictions due missing owner password (e.g. itext).
thus, encrypting pdf using empty user password (to restrict permissions while letting open file) obstacle easy overcome.
Comments
Post a Comment