-
1. Re: password encryption with 256 bit AES algorithm...???
Details of the encryption algorithms are found in ISO 32000-1:2008 as well
as the current drafts for ISO 32000-2.
-
2. Re: password encryption with 256 bit AES algorithm...???
Hiii leonard,
As according to the ISO 32000:1 document, Algorithm 3.2a Computing an encryption key, I am not able to understand its first step:
1. The password string is generated from Unicode input by processing the input string with the SASLprep
(IETF RFC 4013) profile of stringprep (IETF RFC 3454), and then converting to a UTF-8 representation.
In this i am not able to understand anything about SASLprep profile of stringprep. can you please explain me something about it.
Thanks,
DevSam
-
3. Re: password encryption with 256 bit AES algorithm...???
If you type that phrase "SASLprep profile of stringprep" into
Google/Bing/etc. you'll find lots of useful information.
-
4. Re: password encryption with 256 bit AES algorithm...???
Hi DevSam,
in my case I decide not to use SASLPrep. Before encrypting the PDF I have full control about the password,
so I could refuse a password which is not UTF-8. In case the user has to follow a specified password policy.
When develping AES256 encryption for PDF I was not shure if SASLPrep was absolut neccessary for a
working encryption. But in my case it was sufficient to assume that the password are UTF-8 password.
As you maybe read the answer of SnowAlbert in devcember 2010 SASLPrep is neccessary if you don't
know the complete environment where the password was entered.
I attached two links about SASLPrep. I hope they will help you.
Best regards
Rudy
-
5. Re: password encryption with 256 bit AES algorithm...???
hiii Rudy,
Thanks for ur reply but i have already gone through these links. but i didn't understand about SASLprep functionality in pdf password encryption algorithm. Can u give me any example of it, so that i can understand it properly.
Thanks,
DevSam
-
6. Re: password encryption with 256 bit AES algorithm...???
Hi DevSam,
as I wrote in my last reply I don't use SASLPrep. So I am no expert for this stuff.
But if you read RFC3454 you will see that you have to write a function to pre-check the entered password.
In this function first you have to do your mappings described in Section 3, possibly normalize the results of
step 1 (described in Section 4), check for prohibited characters and last check for bidirectional strings (arabic or hebraic)
described in Section 6.
# Input Output Comments - ----- ------ -------- 1 I<U+00AD>X IX SOFT HYPHEN mapped to nothing 2 user user no transformation 3 USER USER case preserved, will not match #2 4 <U+00AA> a output is NFKC, input in ISO 8859-1 5 <U+2168> IX output is NFKC, will match #1 6 <U+0007> Error - prohibited character 7 <U+0627><U+0031> Error - bidirectional check
Best regards
Rudy
-
7. Re: password encryption with 256 bit AES algorithm...???
Hii,
Thanks for ur help, I have already gone through these steps and written a code for this. I want to know that whatever output i have got from this function is correct or not. I am not able to check it out. Can u give me any example of this. So that i could check that am i on right way or not . Is there any software or online tool for this type of algorithm ??
Thanks
DevSam
-
8. Re: password encryption with 256 bit AES algorithm...???
Thanks for your response, let me tell you in brief that actually at which point I am getting the problem. I am giving you an example of a file. In this file:
Open(user) password: abc
Password algorithm: 256 bit AES
/R : 6
/U:F42EC3CF547F226A4D6FE84EB19F83E8E2B9416E603D8C5120E53F6A1A774BE285409545F6DB0FEA34606D1 1D0A012AF
/UE : 18D370D5942D6BB4A2E29EBCB447C904D45BED033F705C5CA9EB1B47E0817ABB95
/V : 5
Now my algorithm which I have to follow is:
To understand the algorithm below, it is necessary to treat the O and U strings in the Encrypt dictionary
as made up of three sections. The first 32 bytes are a hash value (explained below). The next 8 bytes are
called the Validation Salt. The final 8 bytes are called the Key Salt.
1. The password string is generated from Unicode input by processing the input string with the SASLprep
(IETF RFC 4013) profile of stringprep (IETF RFC 3454), and then converting to a UTF-8 representation.
2. Truncate the UTF-8 representation to 127 bytes if it is longer than 127 bytes.
3. Test the password against the user key by computing the SHA-256 hash of the UTF-8 password
concatenated with the 8 bytes of user Validation Salt. If the 32 byte result matches the first 32 bytes of
the U string, this is the user password.
Now what I am doing :
1. User password(Ascii value): 616263 (abc)
2. After processing it through SaslPrep output is same:
3. Concatenating user password with validaition salt the input String : 61626385409545F6DB0FEA
4. Now I computed SHA256 hash of the above string and output is: f1bd74e34fbacc88b60cb1bbcaf64f88cb6159b29ccc5e0f25602aae48358eb3
5. But this output does not match with first 32 bytes of U string as mentioned above.
I have followed steps as defined in algorithm.
Can you tell where I have done mistake?
-
9. Re: password encryption with 256 bit AES algorithm...???
Hi DevSam,
I think the problem is that SHA256 expects char* as argument and not hex. So you have to hash "abc" + UValidationSalt(as char*).
Best regards
Rudy
-
10. Re: password encryption with 256 bit AES algorithm...???
Hii Rudy,
Thanks for your reply, As you said, I have already checked the Char * (charcter values) in the SHA256 function but the problem is same. I think the problem is somewhere else.
Thanks,
-
11. Re: password encryption with 256 bit AES algorithm...???
Hi DevSam,
it's AcrobatX encryption with modified Revision 6 algorithm?
As far as i know this algorithm is not yet published.
Best regards
Dirk Carstensen
-
12. Re: password encryption with 256 bit AES algorithm...???
Hiii Dirk,
yes Dirk you are right, this file has revision 6. But same problem also occurs for revision 5. There is not so much difference in both cases. Can u suggest me something else.
Thanks
-
13. Re: password encryption with 256 bit AES algorithm...???
Hi DevSam,
with Revision 6 you have no chance to decrypt the PDF until the new fixed AES algorithm will be published by Adobe.
For Revision 5 there are published source codes like iText or Poppler/XPdf.
Best regards
Dirk Carstensen
-
14. Re: password encryption with 256 bit AES algorithm...???
The new algorithm has been part of draft revisions to ISO 32000-2 for over
a year now.
-
15. Re: password encryption with 256 bit AES algorithm...???
Hello,
As described in Acrobat specification for Encryption Algorithm for 256 Bit AES Encryption I have tried following steps on file having password "abc"
1.Prepare User Password string according to SASLPrep Algorithm.
2. Concatenate user password string with user validation salt and after cocatenating output is: 6162631A17BFC56DA9C388
3. Computed SHA256 hash of this string and ouput was : d78732fd8267a3604234994a8fff8653ece66565594a9430a57ae0818b14d07c
4. Now the step of authenticating user password is:
Test the password against the user key by computing the SHA-256 hash of the UTF-8 password
concatenated with the 8 bytes of owner Validation Salt, concatenated with the 48-byte U string. If the
32-byte result matches the first 32 bytes of the O string, this is the owner password.
According to this statement how user key is being used in authentication process.
" If the 32-byte result matches the first 32 bytes of the O string, this is the owner password."
I just compared result of SHA256 with 32 bytes of U String but it fails ,SO I Assume user key is playing some role in authenticating password.
Can anybody help me understanding this.
Waiting for soon reply as I am really struck and need to implement this .
Thanks
-
16. Re: password encryption with 256 bit AES algorithm...???
Hi,
I am looking for algorithm for Revision 6 PDF decryption. Can somebody please point me to that.