ENH: Support R6 decrypting

[exiledkingcc]

Fixes #416

[codecov]

Codecov Report

Merging #1015 (dfaa735) into main (a40946c) will increase coverage by 0.09%.
The diff coverage is 87.64%.

@@            Coverage Diff             @@
##             main    #1015      +/-   ##
==========================================
+ Coverage   89.50%   89.60%   +0.09%     
==========================================
  Files          24       24              
  Lines        4432     4425       -7     
  Branches      919      914       -5     
==========================================
- Hits         3967     3965       -2     
+ Misses        318      314       -4     
+ Partials      147      146       -1     

Impacted Files	Coverage Δ
PyPDF2/_reader.py	91.74% <81.81%> (-0.40%)	⬇️
PyPDF2/_encryption.py	74.86% <89.23%> (+2.00%)	⬆️
PyPDF2/__init__.py	100.00% <100.00%> (ø)
PyPDF2/_merger.py	88.80% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a40946c...dfaa735. Read the comment docs.

[MartinThoma]

You're on fire, @exiledkingcc 👍 🚀

The tests pass - is this ready from your perspective, @exiledkingcc ?

[exiledkingcc]

thanks to qpdf, althoght it's comment shows the algorithm is NOT EXACTLY described in specifiction.
they say

the wording of the specification is very unclear...

anyway i think you can merge this, it will not make things worse, at least, we can decrypt PDFs encypted by qpdf.
then i will start to rewrite the encrypt part if there is time.

[MartinThoma]

I was just checking the PDF files. While the r2 / r3 / r4 files ask for passwords, the r5 and r6 files don't. I can directly see the content. Are you sure that they are encrypted?

[exiledkingcc]

yes, they are encrypted, but not password-protected.
for R5 and R6, both user password and owner password can be used to decrypt the file, if one is empty, pdf softwares will not ask for the password.
I'm confused too. the pdf softwares ask for one password to decrypt the PDF file, but there are two passwords used for encryption.

[exiledkingcc]

this is how qpdf do about passwords, maybe we should keep the same way:
https://qpdf.readthedocs.io/en/stable/encryption.html#user-and-owner-passwords
so do not merge this for now, i will make the decrypting process more clear and deal with the empty password.

[MartinThoma]

@exiledkingcc Do you think this is ready to be merged? If yes, I would review it again this evening :-) I'm excited about it :-)

[exiledkingcc]

i think yes. 😊

[MartinThoma]

Every attribute that does not start with an underscore is part of the public interface. That means we cannot change the behavior / name without deprecation warnings.

Is there a reason why a user would want to access the encryption attribute directly?

[MartinThoma]

Consistently with my question in _merger, I would prefer if this was the private attribute _encryption instead of the public attribute `encryption. Except, of course, if there is a reason why users would want to access it.

[MartinThoma]

Suggested change

	encryptEntry = cast(DictionaryObject, self.trailer[TK.ENCRYPT].get_object())
	self.encryption = Encryption.read(encryptEntry, id1_entry)
	encrypt_entry = cast(DictionaryObject, self.trailer[TK.ENCRYPT].get_object())
	self.encryption = Encryption.read(encrypt_entry, id1_entry)

[MartinThoma]

I guess verified means that the file was decrypted? Would is_decrypted be better?

[MartinThoma]

Also, I think this should rather be _verified if the user does not need it.

[MartinThoma]

I've tried to cross-check the decryption, but...

• https://www.adobe.com/de/acrobat/online/password-protect-pdf.html : Uses algV=4, algR=4, /AESV2, 128
• https://smallpdf.com/de/pdf-schuetzen : same as adobe
• https://www.ilovepdf.com/ and https://www.pdf2go.com/: Uses algV=2, algR=3

I guess we are head of our time 😄

[MartinThoma]

@exiledkingcc Overall, it looks good to me. Good work 👏 👍 🎉

There are a couple of things I want to be changed before I release it. I could do them myself after merging this PR or you could do them now - whatever you prefer. Just let me know :-)

I've also noticed that if either the user password or the owner password is set to the empty password, typical viewers will directly show the contents. For this reason I would add the following test PDF:

qpdf --encrypt "foo" "bar" 256 -- unencrypted.pdf r6-both-passwords.pdf

[exiledkingcc]

@MartinThoma all your review comments are great, i will do the update tonight.

[MartinThoma]

I just saw https://github.com/pdfminer/pdfminer.six/tree/master/samples and especially:

Files in the encryption folder have been generated with cpdf 1.7 [http://www.coherentpdf.com/]
from the base.pdf file generated with LibreOffice 4.1.1.2 as follows:

cpdf -encrypt 40bit foo baz base.pdf -o rc4-40.pdf
cpdf -encrypt 128bit foo baz base.pdf -o rc4-128.pdf
cpdf -encrypt AES foo baz base.pdf -o aes-128.pdf
cpdf -encrypt AES foo baz base.pdf -no-encrypt-metadata -o aes-128-m.pdf
cpdf -encrypt AES256 foo baz base.pdf -o aes-256.pdf
cpdf -encrypt AES256 foo baz base.pdf -no-encrypt-metadata -o aes-256-m.pdf

I think I'll run PyPDF2 over those examples some time today :-)

[exiledkingcc]

updated.
but keep PasswordType.USER_PASSWORD = 1, PasswordType.OWNER_PASSWORD == 2

[MartinThoma]

Why did you choose latin-1 as the default?

[exiledkingcc]

to be honest, i don't think too much about it, just copy it from previous code. 😀

[MartinThoma]

Hehe, ok. Thanks for the honesty ❤️

[MartinThoma]

@exiledkingcc Very nice work! Thank you 🤗 I'll release it today (just have to eat something now 😄 )