-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encryption and access privileges #820
Conversation
Thank you for this nice feature. |
I would prefer to use AES as well, and I think it is possible to dynamically set version. If there's no specific reason to stay in 1.3, I'll try to implement encryption for newer version. |
@alafr Hi, I removed RC4 and added AES-128 (PDF 1.7) and AES-256 (PDF 1.7 ExtensionLevel 3). By default AES-128 is used, but users can choose AES-256 by specifying some option. Please have a look! PS: I don't have access to the PDF 1.7 ExtensionLevel 8 or PDF 2.0 specification now, so I implemented encryptions defined in v1.7 spec. |
But pdfkit generate PDF file content in version 1.3. I think encryption should be used according to version which will be set in pdfkit to generate pdf file - RC4 for 1.3 and AES for 1.7. |
It may be useful to keep the RC4 option. |
@liborm85 If you mean the header in generated PDF file, this PR ensures that when encryption is enabled, a PDF 1.7 header is generated.
@alafr I removed this option because it is unsafe. Since we can set newer versions in the header, I didn't find it necessary to keep outdated and unsafe encryption methods. But I can add it back for the sake of completeness and compatibility. You mentioned let PDFKit choose generated PDF version based on encryption in previous comments. But how about allowing users to specify PDF version and let PDFKit choose the best encryption method? This also enables other PDFKit code to utilize this information and decides how it create contents. |
@alafr I added 40-bit RC4 and 128-bit RC4. Now, supported encryption methods are:
|
Nice! Look forward to this feature. |
Do we know when this might be merged into master? |
Looks like the ES6 PR is merged before this branch. |
I updated the MR with ES6! @blikblum In @devongovett Could you check this MR and let me know what you think? Thanks. |
This is AFAIK as it was in coffescript so no change here. It maybe a bug anyway Regarding the PR:
|
This is really a bug
Probably because of the stream Length fix. Although seems correct, better to do this change in a separated PR so we get sure that the encryption feature is not altering other files. I will try to setup a proper unit test so these issues can be easily detected |
The Length fix is necessary for encryption and decryption, otherwise applications cannot recognize encrypted streams. If you like, I can submit a separated PR for it, and it needs to be merged first. Besides this, this PR also has the following two changes which affected other test cases:
As long as tests check for the entire PDF file, this PR is likely to require modification of all snapshots.
This might require changes of the build process. And probably there are other components which we can also optimize. Should it be done in this PR? |
I see. Is not the ideal but since will be changing the pdfs anyway, is doable. Until there are proper unit tests we will have to live with that.
No, this is an important feature. IMO this should be merged with a note that is a experimental and API may change in future |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
docs/guide.pdf can be removed from the PR
I just added unit tests for references. It checks the Length property. Can you rebase and check if these tests passes with this PR? It you could write some unit tests to trailer changes would be great (in document.spec.js) |
New guide has documents about encryption. I see other features also
modifying this file. Is it okay to use old one?
…On Mon, Dec 17, 2018 at 10:19 Luiz Américo ***@***.***> wrote:
***@***.**** requested changes on this pull request.
docs/guide.pdf can be removed from the PR
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#820 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACpaLMFYoEtCz6w3jz9AAsTsgJdIYxERks5u5vEggaJpZM4UGAUy>
.
|
It should be updated on each new release. |
@blikblum Changed the following:
|
@devongovett this looks good to me. Any thoughts on this? It there's no objection will be merging in the next days The possible future interface changes can be discussed at #885 |
Based on foliojs/pdfkit#820 upstream Fixes diegomura#672
Based on foliojs/pdfkit#820 upstream Fixes diegomura#672
This pull request adds encryption and security features defined in PDF spec v1.3, v1.4, v1.6 and v1.7 ExtensionLevel 3. This PR fixes #16.
It adds an encryption dictionary for access privileges and the following encryption methods on content: