Bug 4600 – PDF reader wrongly claims that specific PDF file is password protected

Bug 4600 - (int-120605) PDF reader wrongly claims that specific PDF file is password protected

(int-120605)
Summary:	PDF reader wrongly claims that specific PDF file is password protected

Status:	RESOLVED FIXED

Product:	Utilities
Component:	PDF reader
Version:	5.0/(3.2010.02-8)
Platform:	All Maemo

Importance:	Low normal with 1 vote (vote)
Target Milestone:	Harmattan
Assigned To:	unassigned
QA Contact:	pdf-reader-bugs

URL:	http://www.gipsstandards.org/news/rel...
Keywords:

Depends on:
Blocks:
	Show dependency tree

Reported:	2009-05-29 21:20 UTC by Joel B
Modified:	2010-10-25 22:53 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description Joel B (reporter) 2009-05-29 21:20:05 UTC

SOFTWARE VERSION:
(Control Panel > General > About product)
Maemo 4.1.3 (5.2008.43-7). Hardware is n810.

STEPS TO REPRODUCE THE PROBLEM:
1. Go to this site:
http://www.gipsstandards.org/news/releases/2009/gips_2010_exposure_draft_open_for_public_comment.html
2. Click either one of the two PDF links ("Track Changes Version of the GIPS
2010 Exposure Draft" or "Unmarked Version of the GIPS 2010 Exposure Draft")
3. Open the PDF.

EXPECTED OUTCOME:
PDF reader will simply open the PDF with no prompts or error messages. This is
what happens on my Windows machine using my Firefox Adobe Acrobat Plug-in (in
the browser) or Fox Reader 3.0 (after downloading). On my n810, I can
successfully open this file using either ePDFView or Evince.

ACTUAL OUTCOME:
PDF reader opens, gives the message "Document encrypted. Enter user password."
and pops up a "Password needed" dialog. When I hit OK with or without trying to
enter a password, it says "Incorrect password." I don't believe the PDF is
really password-protected.

REPRODUCIBILITY:
always

EXTRA SOFTWARE INSTALLED:
N/A ?

OTHER COMMENTS:

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10)
Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)

Comment 1 Andre Klapper maemo.org

2009-05-30 12:09:56 UTC

Thanks for taking the time to report this.
I can confirm this.
I can open the PDF file by using Evince 2.21.1 on the N810 without problems.
Maybe worth noticing that it is a PDF-1.6 file according to Evince's file info.

Comment 2 Lucas Maneos 2009-05-30 13:36:04 UTC

The document is encrypted:

$ pdfinfo gips_2010_exposure_draft_unmarked.pdf 
Title:          INVITATION TO COMMENT:
Author:         csk
Creator:        Microsoft® Office Word 2007
Producer:       Microsoft® Office Word 2007
CreationDate:   Fri Jan 23 15:24:59 2009
ModDate:        Fri Jan 23 15:26:12 2009
Tagged:         yes
Pages:          39
Encrypted:      yes (print:yes copy:no change:no addNotes:no)
Page size:      612 x 792 pts (letter)
File size:      918484 bytes
Optimized:      yes
PDF version:    1.6

but can be opened without a password in other viewers (evince, xpdf, adobe
reader).  Adobe reader explicitly states "Document Open Password: no" in the
document security dialog.

Both owner and user passwords are set in the document:

/Encrypt 1280 0 R
[...]
1280 0 obj
<</CF<</StdCF<</AuthEvent/DocOpen/CFM/AESV2/Length
16>>>>/Filter/Standard/Length 128/O(<binary owner password>)/P -1340/R
4/StmF/StdCF/StrF/StdCF/U(<binary user password>)/V 4>>
endobj

and osso_pdfviewer may be assuming this requires a password prompt.

According to the current PDF reference (1.7.3,
<http://www.adobe.com/devnet/acrobat/pdfs/PDF32000_2008.pdf>):
> If a user attempts to open an encrypted document that has a user password, 
> the conforming reader shall first try to authenticate the encrypted document
> using the padding string defined in 7.6.3.3, "Encryption Key Algorithm" 
> (default user password):
> -    If this authentication attempt is successful, the conforming reader may
>      open, decrypt and display the document on the screen.
> -    If this authentication attempt fails, the application should prompt for
>      a password. Correctly supplying either password (owner or user password)
>      should enable the user to open the document, decrypt it, and display it
>      on the screen.

However on 1.6 (<http://www.adobe.com/devnet/pdf/pdfs/PDFReference16.pdf>):
> If a user attempts to open an encrypted document that has a user password,
> the application should prompt for a password.

It is not clear what PDF versions osso_pdfviewer supports, and arguably this
particular document may be considered malformed (since it claims to be 1.6) but
it would be useful to be able to read documents encrypted with the
default password.

Comment 3 Joel B (reporter) 2009-06-03 20:28:38 UTC

I would add as my two cents' worth: "Particularly since Adobe Reader reads the
file, despite their PDF specifications." (Although, I'm sure it would be nice
if they published specifications that they actually followed in practice!)

BTW, I have passed this analysis along to the web site I quoted above, although
I'm not sure that they will do anything about it.

Comment 4 Andre Klapper maemo.org

2009-06-15 19:23:28 UTC

Fixing this will require changes to the current PDF engine, but the PDF engine
will not be changed for Fremantle according to information provided by Nokia.
Hence this unfortunately is a WONTFIX for Diablo and Fremantle.

Leaving this valid bug open and setting the Target Milestone to Harmattan.

Comment 5 CraigL 2010-01-20 23:23:01 UTC

I started having the same issue when Scientific American switched from using
128-bit RC4 encryption (which opens fine) to 128-bit AES encryption (which does
not)....

Comment 6 Andre Klapper maemo.org

2010-10-25 22:53:34 UTC

According to Nokia this is a WONTFIX for Maemo 5.
It is definitely fixed for Harmattan (the software version after Maemo 5).