From 750aca5b94351f730fa768b07caa3fc26c8d27c0 Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Wed, 10 Nov 2021 17:57:12 -0500 Subject: First increment of improving handling of weak crypto (fixes #358) --- include/qpdf/QPDFCryptoImpl.hh | 3 +++ include/qpdf/QPDFWriter.hh | 21 ++++++++++++++++----- 2 files changed, 19 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/qpdf/QPDFCryptoImpl.hh b/include/qpdf/QPDFCryptoImpl.hh index ff25d594..ee37b233 100644 --- a/include/qpdf/QPDFCryptoImpl.hh +++ b/include/qpdf/QPDFCryptoImpl.hh @@ -69,6 +69,9 @@ class QPDF_DLL_CLASS QPDFCryptoImpl // Encryption/Decryption + // QPDF must support RC4 to be able to work with older PDF files + // and readers. Search for RC4 in README.md + // key_len of -1 means treat key_data as a null-terminated string QPDF_DLL virtual void RC4_init(unsigned char const* key_data, int key_len = -1) = 0; diff --git a/include/qpdf/QPDFWriter.hh b/include/qpdf/QPDFWriter.hh index 819198cc..8044d054 100644 --- a/include/qpdf/QPDFWriter.hh +++ b/include/qpdf/QPDFWriter.hh @@ -359,6 +359,16 @@ class QPDFWriter // this from your own application, QUtil contains many transcoding // functions that could be useful to you, most notably // utf8_to_pdf_doc. + + // R3 uses RC4, which is a weak cryptographic algorithm. Don't use + // it unless you have to. + QPDF_DLL + void setR2EncryptionParameters( + char const* user_password, char const* owner_password, + bool allow_print, bool allow_modify, + bool allow_extract, bool allow_annotate); + // R3 uses RC4, which is a weak cryptographic algorithm. Don't use + // it unless you have to. QPDF_DLL void setR3EncryptionParameters( char const* user_password, char const* owner_password, @@ -366,6 +376,8 @@ class QPDFWriter bool allow_assemble, bool allow_annotate_and_form, bool allow_form_filling, bool allow_modify_other, qpdf_r3_print_e print); + // R4 uses RC4, which is a weak cryptographic algorithm, when + // use_aes=false. Don't use it unless you have to. QPDF_DLL void setR4EncryptionParameters( char const* user_password, char const* owner_password, @@ -392,28 +404,27 @@ class QPDFWriter qpdf_r3_print_e print, bool encrypt_metadata_aes); // Pre qpdf 8.4.0 API - QPDF_DLL - void setR2EncryptionParameters( - char const* user_password, char const* owner_password, - bool allow_print, bool allow_modify, - bool allow_extract, bool allow_annotate); + [[deprecated("see newer API above")]] QPDF_DLL void setR3EncryptionParameters( char const* user_password, char const* owner_password, bool allow_accessibility, bool allow_extract, qpdf_r3_print_e print, qpdf_r3_modify_e modify); + [[deprecated("see newer API above")]] QPDF_DLL void setR4EncryptionParameters( char const* user_password, char const* owner_password, bool allow_accessibility, bool allow_extract, qpdf_r3_print_e print, qpdf_r3_modify_e modify, bool encrypt_metadata, bool use_aes); + [[deprecated("see newer API above")]] QPDF_DLL void setR5EncryptionParameters( char const* user_password, char const* owner_password, bool allow_accessibility, bool allow_extract, qpdf_r3_print_e print, qpdf_r3_modify_e modify, bool encrypt_metadata); + [[deprecated("see newer API above")]] QPDF_DLL void setR6EncryptionParameters( char const* user_password, char const* owner_password, -- cgit v1.2.3-54-g00ecf