Comments (5)
Hi hero100era, thanks for reaching out.
The code formatting in your post is a little jumbled, so I'm not 100% if I'm on the right track, but if I understand your use case correctly, setting the user password to the empty string (i.e. not None
) should do the trick. Passing in None
for the user password will make pyHanko set both passwords to the same value, which is not what you want.
Note that the distinction between user passwords and owner passwords is not cryptographically enforceable, though. The key to decrypt the file can be obtained from either, and as such, a knowledgeable adversary can still do whatever he / she wants with the document. In particular, removing encryption from a document with an empty user password is trivial if you know what you're doing.
Realistically, this kind of protection will only prevent non-technical users from doing things that aren't allowed. If that's sufficient for your use case: go ahead, but be aware of the limitations :)
from pyhanko.
Dear MatthiasValvekens, I'm trying to use your recommendation to use "" as user password and bellow is my code:
def generate_certificate(self):
from pyhanko.sign import signers
from pyhanko.pdf_utils.reader import PdfFileReader
from mysite.lib.pdf import copy_into_new_writer
password = current_app.config['PDF_PASSWORD']
path = self.file_uploaded_path()
certificate_url = url_for('web.validate_certificate', id=self.id, utn=self.utn, _external=True)
if not self.draft:
raise NotFound('certicate draft for certificat line {} not found.'.format(self.id))
buffer = io.BytesIO()
filename = os.path.join(path, self.draft)
with open(filename, 'rb') as fp:
b_in = io.BytesIO(fp.read())
input = PdfFileReader(b_in)
w = copy_into_new_writer(input)
w.encrypt(password, '')
out_filename = os.path.join(path, self.filename)
cms_signer = signers.SimpleSigner.load('test.key', 'test.pem', key_passphrase=b'wswa2011')
out = signers.PdfSigner(signers.PdfSignatureMetadata(field_name='Signature1'),signer=cms_signer,).sign_pdf(w)
with open(out_filename, 'wb+') as fp:
fp.write(out.getvalue())
However, I got bellow error message:
File "d:\Application\PortableGit\mysite\mysite\models\certificate.py", line 243, in generate_certificate
w.encrypt(password, '')
File "C:\Users\adm\venv\lib\site-packages\pyhanko\pdf_utils\writer.py", line 904, in encrypt
sh = StandardSecurityHandler.build_from_pw(owner_pass, user_pass)
File "C:\Users\adm\venv\lib\site-packages\pyhanko\pdf_utils\crypt.py", line 1477, in build_from_pw
if desired_user_pass is not None
File "C:\Users\adm\venv\lib\site-packages\pyhanko\pdf_utils\crypt.py", line 170, in _r6_normalise_pw
password = saslprep(password).encode('utf-8')
File "C:\Users\adm\venv\lib\site-packages\pyhanko\pdf_utils_saslprep.py", line 75, in saslprep
if in_table_d1(data[0]):
IndexError: string index out of range
from pyhanko.
My apologies, apparently the implementation of SASLprep that I'm using here doesn't deal with the empty string correctly. I pushed a commit with a fix & a regression test. That'll be in the next release (unless you're already running the development version, that is).
In the meantime, as a temporary workaround, you can pass in an empty bytestring (i.e. b''
instead of ''
) as the user password. That will short-circuit the SASLprep step, so you won't encounter this particular bug.
from pyhanko.
Great! now it all worked as exepected, after change the empty string to b'', thanks a lot for your kindly help.
This is a great software and solve my bigest headache for quite some time.
from pyhanko.
Good to hear! I'll close the issue, then :)
from pyhanko.
Related Issues (20)
- [pyhanko-certvalidator] PEM certificate not getting extracted due to incorrect Content-Type header HOT 3
- [pyhanko-certvalidator] Ability to skip nonce validation in OCSP response HOT 3
- Expose encryption dictionary in PdfFileReader as instance variable HOT 9
- The Coordinates Not Set Properly HOT 3
- LICENSE.PyPDF2 missing from wheel distributions HOT 3
- Add digital signature is broken for PDF file larger than 100 000 000 bytes HOT 3
- Xrefs disable
- Support of 64bit PKCS#11 libraries (drivers) HOT 4
- Support of non-English aplphabet (e.g. UTF-8) in stamp-text HOT 1
- libcrypto.so.3: undefined symbol: C_GetFunctionList' HOT 2
- PKCS11: identifiying signing key HOT 4
- hardware token pkcs11.exceptions.NoSuchKey after upgrading to 0.23.0 HOT 3
- CLI: Signing produces name from certificate without international characters HOT 1
- PDF signing breaks if no fields object in Acroform HOT 2
- ValueError: invalid literal for int() with base 10: '' while signing file
- ValueError("Invalid padding bytes.") when trying to decrypt Adobe.PubSec encrypted pdf file HOT 15
- Signature invisible in Adobe Reader but visible in other viewers HOT 7
- Certvalidator report crl as good with one trust root, but invalid with two roots HOT 2
- Support for PQC algs HOT 4
- How to get custom text in sign HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pyhanko.