diff options
author | Jay Berkenbilt <ejb@ql.org> | 2021-12-18 15:01:52 +0100 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2021-12-18 17:05:51 +0100 |
commit | 10fb619d3e0618528b7ac6c20cad6262020cf947 (patch) | |
tree | c893fedff351e809edead840376e8648f1cc28ff /manual/weak-crypto.rst | |
parent | f3d1138b8ab64c6a26e1dd5f77a644b19016a30d (diff) | |
download | qpdf-10fb619d3e0618528b7ac6c20cad6262020cf947.tar.zst |
Split documentation into multiple pages, change theme
Diffstat (limited to 'manual/weak-crypto.rst')
-rw-r--r-- | manual/weak-crypto.rst | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/manual/weak-crypto.rst b/manual/weak-crypto.rst new file mode 100644 index 00000000..8902f760 --- /dev/null +++ b/manual/weak-crypto.rst @@ -0,0 +1,33 @@ +.. _ref.weak-crypto: + +Weak Cryptography +================= + +Start with version 10.4, qpdf is taking steps to reduce the likelihood +of a user *accidentally* creating PDF files with insecure cryptography +but will continue to allow creation of such files indefinitely with +explicit acknowledgment. + +The PDF file format makes use of RC4, which is known to be a weak +cryptography algorithm, and MD5, which is a weak hashing algorithm. In +version 10.4, qpdf generates warnings for some (but not all) cases of +writing files with weak cryptography when invoked from the command-line. +These warnings can be suppressed using the +:samp:`--allow-weak-crypto` option. + +It is planned for qpdf version 11 to be stricter, making it an error to +write files with insecure cryptography from the command-line tool in +most cases without specifying the +:samp:`--allow-weak-crypto` flag and also to require +explicit steps when using the C++ library to enable use of insecure +cryptography. + +Note that qpdf must always retain support for weak cryptographic +algorithms since this is required for reading older PDF files that use +it. Additionally, qpdf will always retain the ability to create files +using weak cryptographic algorithms since, as a development tool, qpdf +explicitly supports creating older or deprecated types of PDF files +since these are sometimes needed to test or work with older versions of +software. Even if other cryptography libraries drop support for RC4 or +MD5, qpdf can always fall back to its internal implementations of those +algorithms, so they are not going to disappear from qpdf. |