pdf encrypted by owner password and keep user password empty if not set. about pyhanko HOT 5 CLOSED

Hi hero100era, thanks for reaching out.

The code formatting in your post is a little jumbled, so I'm not 100% if I'm on the right track, but if I understand your use case correctly, setting the user password to the empty string (i.e. not None) should do the trick. Passing in None for the user password will make pyHanko set both passwords to the same value, which is not what you want.

Note that the distinction between user passwords and owner passwords is not cryptographically enforceable, though. The key to decrypt the file can be obtained from either, and as such, a knowledgeable adversary can still do whatever he / she wants with the document. In particular, removing encryption from a document with an empty user password is trivial if you know what you're doing.

Realistically, this kind of protection will only prevent non-technical users from doing things that aren't allowed. If that's sufficient for your use case: go ahead, but be aware of the limitations :)

from pyhanko.

Dear MatthiasValvekens, I'm trying to use your recommendation to use "" as user password and bellow is my code:

def generate_certificate(self):
from pyhanko.sign import signers
from pyhanko.pdf_utils.reader import PdfFileReader
from mysite.lib.pdf import copy_into_new_writer
password = current_app.config['PDF_PASSWORD']
path = self.file_uploaded_path()
certificate_url = url_for('web.validate_certificate', id=self.id, utn=self.utn, _external=True)
if not self.draft:
raise NotFound('certicate draft for certificat line {} not found.'.format(self.id))
buffer = io.BytesIO()
filename = os.path.join(path, self.draft)
with open(filename, 'rb') as fp:
b_in = io.BytesIO(fp.read())
input = PdfFileReader(b_in)
w = copy_into_new_writer(input)
w.encrypt(password, '')
out_filename = os.path.join(path, self.filename)
cms_signer = signers.SimpleSigner.load('test.key', 'test.pem', key_passphrase=b'wswa2011')
out = signers.PdfSigner(signers.PdfSignatureMetadata(field_name='Signature1'),signer=cms_signer,).sign_pdf(w)
with open(out_filename, 'wb+') as fp:
fp.write(out.getvalue())

However, I got bellow error message:

File "d:\Application\PortableGit\mysite\mysite\models\certificate.py", line 243, in generate_certificate
w.encrypt(password, '')
File "C:\Users\adm\venv\lib\site-packages\pyhanko\pdf_utils\writer.py", line 904, in encrypt
sh = StandardSecurityHandler.build_from_pw(owner_pass, user_pass)
File "C:\Users\adm\venv\lib\site-packages\pyhanko\pdf_utils\crypt.py", line 1477, in build_from_pw
if desired_user_pass is not None
File "C:\Users\adm\venv\lib\site-packages\pyhanko\pdf_utils\crypt.py", line 170, in _r6_normalise_pw
password = saslprep(password).encode('utf-8')
File "C:\Users\adm\venv\lib\site-packages\pyhanko\pdf_utils_saslprep.py", line 75, in saslprep
if in_table_d1(data[0]):
IndexError: string index out of range

from pyhanko.

My apologies, apparently the implementation of SASLprep that I'm using here doesn't deal with the empty string correctly. I pushed a commit with a fix & a regression test. That'll be in the next release (unless you're already running the development version, that is).

In the meantime, as a temporary workaround, you can pass in an empty bytestring (i.e. b'' instead of '') as the user password. That will short-circuit the SASLprep step, so you won't encounter this particular bug.

from pyhanko.

Great! now it all worked as exepected, after change the empty string to b'', thanks a lot for your kindly help.
This is a great software and solve my bigest headache for quite some time.

from pyhanko.

Good to hear! I'll close the issue, then :)

from pyhanko.