pdf-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [pdf-devel] Streams: encryption filter

From: jemarch
Subject: Re: [pdf-devel] Streams: encryption filter
Date: Sun, 09 Sep 2007 20:30:04 +0200
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (Shijō) APEL/10.6 Emacs/22.1.50 (powerpc-unknown-linux-gnu) MULE/5.0 (SAKAKI) 
   I am sure that AES is already implemented and the source is
   avaliable but I don't know about the license.

We should find an specific implementation and see its distribution
terms. As long as i know there are not patents cumbering the AES
algorithm. 

   Here is the specification of AES:
   http://csrc.nist.gov/CryptoToolkit/aes/rijndael/
   and this is the coding in Java:
   http://www.progressive-coding.com/tutorial.php?id=0

Thanks for the links. I added that information to the development
notebook: http://www.gnu.org/software/pdf/DevFilters.html#sec11

   But this last must be change to not cipher
   blocks(http://www.progressive-coding.com/tutorial.php?id=3) and
   cipher as streams, to implement the filter, but stream cipher is
   more susceptible to attacks if it is not well implemented. I am
   going to test in C.

I was unable to find any distribution terms for the code in that
article. Note that in absent of distribution terms, that code is not
in the public domain, but "all rights reserved". If you think we
should use a direct rewrite of that code in C, then we would need to
write the author of the article asking him to release that code under
the public domain or a suitable GPLv3 compatible license.

   About RC4 i saw this mplementation and it is not recomended in new
   systems: http://en.wikipedia.org/wiki/RC4

It seems we can legally use the RC4 algorithm! According to the
wikipedia article there is only a trademark issue with "RC4": it is
not really a problem for us.

Regardless the security level offered by the algorithm we should to
support it in order to read PDF files encrypted with RC4 (there should
be many of them, the AES support is relatively new).

Do you know of any suitable implementation we could reuse for the RC4
support? 

Podofo is using an implemtnation from RSA with the following
distribution terms (see the PdfEncrypt.cpp file in the Podofo
distribution):

/*
 **********************************************************************
 ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
 **                                                                  **
 ** License to copy and use this software is granted provided that   **
 ** it is identified as the "RSA Data Security, Inc. MD5 Message     **
 ** Digest Algorithm" in all material mentioning or referencing this **
 ** software or this function.                                       **
 **                                                                  **
 ** License is also granted to make and use derivative works         **
 ** provided that such works are identified as "derived from the RSA **
 ** Data Security, Inc. MD5 Message Digest Algorithm" in all         **
 ** material mentioning or referencing the derived work.             **
 **                                                                  **
 ** RSA Data Security, Inc. makes no representations concerning      **
 ** either the merchantability of this software or the suitability   **
 ** of this software for any particular purpose.  It is provided "as **
 ** is" without express or implied warranty of any kind.             **
 **                                                                  **
 ** These notices must be retained in any copies of any part of this **
 ** documentation and/or software.                                   **
 **********************************************************************
 */
reply via email to
[Prev in Thread] Current Thread [Next in Thread]