Changeset 775

Timestamp:

12/14/06 12:47:48 (2 years ago)

Author:

mfenniak

Message:

Add support for encrypting PDF files. Poor support for different permission bits so far, but it works well.

Files:

• pypdf/trunk/pyPdf/generic.py (modified) (10 diffs)
• pypdf/trunk/pyPdf/pdf.py (modified) (9 diffs)

pypdf/trunk/pyPdf/generic.py

@@ -36 +36 @@
-
-import re
-
+, RC4_encrypt
-import filters
-
@@ -104 +104 @@
-        self.value = value
-
-
+, encryption_key
-        if self.value:
-            stream.write("true")
@@ -122 +122 @@
-
-class ArrayObject(list, PdfObject):
-
+, encryption_key
-        stream.write("[")
-        for data in self:
-            stream.write(" ")
-
+, encryption_key
-        stream.write(" ]")
-
@@ -173 +173 @@
-        return not self.__eq__(other)
-
-
+, encryption_key
-        stream.write("%s %s R" % (self.idnum, self.generation))
-
@@ -200 +200 @@
-
-class FloatObject(float, PdfObject):
-
+, encryption_key
-        stream.write(repr(self))
-
@@ -208 +208 @@
-        int.__init__(self, value)
-
-
+, encryption_key
-        stream.write(repr(self))
-
@@ -227 +227 @@
-
-class StringObject(str, PdfObject):
-
+
+
+
+
-        stream.write("(")
-elf
+tring
-            if not c.isalnum() and not c.isspace():
-                stream.write("\\%03o" % ord(c))
@@ -299 +302 @@
-        str.__init__(self, data)
-
-
+, encryption_key
-        stream.write(self)
-
@@ -319 +322 @@
-        pass
-
-
+, encryption_key
-        stream.write("<<\n")
-        for key, value in self.items():
-
+, encryption_key
-            stream.write(" ")
-
+, encryption_key
-            stream.write("\n")
-        stream.write(">>")
@@ -399 +402 @@
-        self.decodedSelf = None
-
-
+, encryption_key
-        self[NameObject("/Length")] = NumberObject(len(self._data))
-
+, encryption_key
-        del self["/Length"]
-        stream.write("\nstream\n")
-
+
+
+
+
-        stream.write("\nendstream")
-

pypdf/trunk/pyPdf/pdf.py

@@ -106 +106 @@
-
-    ##
+    # Encrypt this PDF file with the PDF Standard encryption handler.
+    # @param user_pwd The "user password", which allows for opening and reading
+    # the PDF file with the restrictions provided.
+    # @param owner_pwd The "owner password", which allows for opening the PDF
+    # files without any restrictions.  By default, the owner password is the
+    # same as the user password.
+    # @param use_128bit Boolean argument as to whether to use 128bit
+    # encryption.  When false, 40bit encryption will be used.  By default, this
+    # flag is on.
+    def encrypt(self, user_pwd, owner_pwd = None, use_128bit = True):
+        import md5, time, random
+        if owner_pwd == None:
+            owner_pwd = user_pwd
+        if use_128bit:
+            V = 2
+            rev = 3
+            keylen = 128 / 8
+        else:
+            V = 1
+            rev = 2
+            keylen = 40 / 8
+        # permit everything:
+        P = -1
+        O = StringObject(_alg33(owner_pwd, user_pwd, rev, keylen))
+        ID_1 = md5.new(repr(time.time())).digest()
+        ID_2 = md5.new(repr(random.random())).digest()
+        self._ID = ArrayObject((StringObject(ID_1), StringObject(ID_2)))
+        if rev == 2:
+            U, key = _alg34(user_pwd, O, P, ID_1)
+        else:
+            assert rev == 3
+            U, key = _alg35(user_pwd, rev, keylen, O, P, ID_1, False)
+        encrypt = DictionaryObject()
+        encrypt[NameObject("/Filter")] = NameObject("/Standard")
+        encrypt[NameObject("/V")] = NumberObject(V)
+        if V == 2:
+            encrypt[NameObject("/Length")] = NumberObject(keylen * 8)
+        encrypt[NameObject("/R")] = NumberObject(rev)
+        encrypt[NameObject("/O")] = StringObject(O)
+        encrypt[NameObject("/U")] = StringObject(U)
+        encrypt[NameObject("/P")] = NumberObject(P)
+        self._encrypt = self._addObject(encrypt)
+        self._encrypt_key = key
+
+    ##
-    # Writes the collection of pages added to this object out as a PDF file.
-    # <p>
@@ -112 +157 @@
-    # the write method, and the tell method, similar to a file object.
-    def write(self, stream):
+        import struct, md5
+
-        externalReferenceMap = {}
-        self.stack = []
@@ -121 +168 @@
-        stream.write(self._header + "\n")
-        for i in range(len(self._objects)):
+            idnum = (i + 1)
-            obj = self._objects[i]
-            object_positions.append(stream.tell())
-
-
+
+
+
+
+
+
+
+
+
+
-            stream.write("\nendobj\n")
-
@@ -143 +199 @@
-                NameObject("/Info"): self._info,
-                })
-
+
+
+
+
+
-        
-        # eof
@@ -540 +600 @@
-        return line
-
-    # ref: pdf1.8 spec section 3.5.2 algorithm 3.2
-    _encryption_padding = '\x28\xbf\x4e\x5e\x4e\x75\x8a\x41\x64\x00\x4e\x56' + \
-            '\xff\xfa\x01\x08\x2e\x2e\x00\xb6\xd0\x68\x3e\x80\x2f\x0c' + \
-            '\xa9\xfe\x64\x53\x69\x7a'
-
-    def _alg32(self, password, rev, keylen, metadata_encrypt=True):
-        import md5, struct
-        m = md5.new()
-        password = (password + self._encryption_padding)[:32]
-        m.update(password)
-        encrypt = self.safeGetObject(self.trailer['/Encrypt'])
-        owner_entry = self.safeGetObject(encrypt['/O'])
-        m.update(owner_entry)
-        p_entry = self.safeGetObject(encrypt['/P'])
-        p_entry = struct.pack('<i', p_entry)
-        m.update(p_entry)
-        id_entry = self.safeGetObject(self.trailer['/ID'])
-        id1_entry = self.safeGetObject(id_entry[0])
-        m.update(id1_entry)
-        if rev >= 3 and not metadata_encrypt:
-            m.update("\xff\xff\xff\xff")
-        md5_hash = m.digest()
-        if rev >= 3:
-            for i in range(50):
-                md5_hash = md5.new(md5_hash[:keylen]).digest()
-        return md5_hash[:keylen]
-
-    def _alg34(self, password):
-        key = self._alg32(password, 2, 5)
-        U = utils.RC4_encrypt(key, self._encryption_padding)
-        return U, key
-
-    def _alg33_1(self, password, rev, keylen):
-        import md5
-        m = md5.new()
-        password = (password + self._encryption_padding)[:32]
-        m.update(password)
-        md5_hash = m.digest()
-        if rev >= 3:
-            for i in range(50):
-                md5_hash = md5.new(md5_hash).digest()
-        key = md5_hash[:keylen]
-        return key
-
-    def _alg35(self, password, rev, keylen, metadata_encrypt):
-        import md5
-        m = md5.new()
-        m.update(self._encryption_padding)
-        id_entry = self.safeGetObject(self.trailer['/ID'])
-        id1_entry = self.safeGetObject(id_entry[0])
-        m.update(id1_entry)
-        md5_hash = m.digest()
-        key = self._alg32(password, rev, keylen)
-        val = utils.RC4_encrypt(key, md5_hash)
-        for i in range(1, 20):
-            new_key = ''
-            for l in range(len(key)):
-                new_key += chr(ord(key[l]) ^ i)
-            val = utils.RC4_encrypt(new_key, val)
-        return val + ('\x00' * 16), key
-
-    def _authenticateUserPassword(self, password):
-        encrypt = self.safeGetObject(self.trailer['/Encrypt'])
-        rev = self.safeGetObject(encrypt['/R'])
-        if rev == 2:
-            U, key = self._alg34(password)
-        elif rev >= 3:
-            U, key = self._alg35(password, rev, self.safeGetObject(encrypt["/Length"]) / 8,
-                    self.safeGetObject(encrypt.get("/EncryptMetadata", False)))
-        real_U = self.safeGetObject(encrypt['/U'])
-        return U == real_U, key
-
-    ##
-    # When using an encrypted / secured PDF file with the PDF Standard
@@ -622 +610 @@
-    # the correct decryption key that will allow the document to be used with
-    # this library.
+    # <p>
+    # Stability: Added in v1.8, will exist for all future v1.x releases.
-    #
-    # @return 0 if the password failed, 1 if the password matched the user
@@ -651 +641 @@
-            else:
-                keylen = self.safeGetObject(encrypt['/Length']) / 8
-self.
+
-            real_O = self.safeGetObject(encrypt["/O"])
-            if rev == 2:
@@ -668 +658 @@
-                return 2
-        return 0
+
+    def _authenticateUserPassword(self, password):
+        encrypt = self.safeGetObject(self.trailer['/Encrypt'])
+        rev = self.safeGetObject(encrypt['/R'])
+        owner_entry = self.safeGetObject(encrypt['/O'])
+        p_entry = self.safeGetObject(encrypt['/P'])
+        id_entry = self.safeGetObject(self.trailer['/ID'])
+        id1_entry = self.safeGetObject(id_entry[0])
+        if rev == 2:
+            U, key = _alg34(password, owner_entry, p_entry, id1_entry)
+        elif rev >= 3:
+            U, key = _alg35(password, rev,
+                    self.safeGetObject(encrypt["/Length"]) / 8, owner_entry,
+                    p_entry, id1_entry,
+                    self.safeGetObject(encrypt.get("/EncryptMetadata", False)))
+        real_U = self.safeGetObject(encrypt['/U'])
+        return U == real_U, key
-
-    def getIsEncrypted(self):
@@ -1067 +1074 @@
-        assert False
-
+# ref: pdf1.8 spec section 3.5.2 algorithm 3.2
+_encryption_padding = '\x28\xbf\x4e\x5e\x4e\x75\x8a\x41\x64\x00\x4e\x56' + \
+        '\xff\xfa\x01\x08\x2e\x2e\x00\xb6\xd0\x68\x3e\x80\x2f\x0c' + \
+        '\xa9\xfe\x64\x53\x69\x7a'
+
+def _alg32(password, rev, keylen, owner_entry, p_entry, id1_entry, metadata_encrypt=True):
+    import md5, struct
+    m = md5.new()
+    password = (password + _encryption_padding)[:32]
+    m.update(password)
+    m.update(owner_entry)
+    p_entry = struct.pack('<i', p_entry)
+    m.update(p_entry)
+    m.update(id1_entry)
+    if rev >= 3 and not metadata_encrypt:
+        m.update("\xff\xff\xff\xff")
+    md5_hash = m.digest()
+    if rev >= 3:
+        for i in range(50):
+            md5_hash = md5.new(md5_hash[:keylen]).digest()
+    return md5_hash[:keylen]
+
+def _alg33(owner_pwd, user_pwd, rev, keylen):
+    key = _alg33_1(owner_pwd, rev, keylen)
+    user_pwd = (user_pwd + _encryption_padding)[:32]
+    val = utils.RC4_encrypt(key, user_pwd)
+    if rev >= 3:
+        for i in range(1, 20):
+            new_key = ''
+            for l in range(len(key)):
+                new_key += chr(ord(key[l]) ^ i)
+            val = utils.RC4_encrypt(new_key, val)
+    return val
+
+def _alg33_1(password, rev, keylen):
+    import md5
+    m = md5.new()
+    password = (password + _encryption_padding)[:32]
+    m.update(password)
+    md5_hash = m.digest()
+    if rev >= 3:
+        for i in range(50):
+            md5_hash = md5.new(md5_hash).digest()
+    key = md5_hash[:keylen]
+    return key
+
+def _alg34(password, owner_entry, p_entry, id1_entry):
+    key = _alg32(password, 2, 5, owner_entry, p_entry, id1_entry)
+    U = utils.RC4_encrypt(key, _encryption_padding)
+    return U, key
+
+def _alg35(password, rev, keylen, owner_entry, p_entry, id1_entry, metadata_encrypt):
+    import md5
+    m = md5.new()
+    m.update(_encryption_padding)
+    m.update(id1_entry)
+    md5_hash = m.digest()
+    key = _alg32(password, rev, keylen, owner_entry, p_entry, id1_entry)
+    val = utils.RC4_encrypt(key, md5_hash)
+    for i in range(1, 20):
+        new_key = ''
+        for l in range(len(key)):
+            new_key += chr(ord(key[l]) ^ i)
+        val = utils.RC4_encrypt(new_key, val)
+    return val + ('\x00' * 16), key
-
-#if __name__ == "__main__":