How does one decrypt a PDF with an owner password, but no user password?

Although the PDF specification is available from Adobe, it's not exactly the simplest document to read through. PDF allows documents to be encrypted so that either a user password and/or an owner password is required to do various things with the document (display, print, etc). A common use is to lock a PDF so that end users can read it without entering any password, but a password is required to do anything else.

I'm trying to parse PDFs that are locked in this way (to get the same privileges as you would get opening them in any reader). Using an empty string as the user password doesn't work, but it seems (section 3.5.2 of the spec) that there has to be a user password to create the hash for the admin password.

What I would like is either an explanation of how to do this, or any code that I can read (ideally Python, C, or C++, but anything readable will do) that does this so that I can understand what I'm meant to be doing. Standalone code, rather than reading through (e.g.) the gsview source, would be best.


Asked by: Dexter345 | Posted: 01-10-2021






Answer 1

A plugin for GSview for viewing encrypted PDFs is here.

If this works for you, you may be able to look at the source.

Answered by: Daryl865 | Posted: 02-11-2021



Answer 2

If I remember correctly, there is a fixed padding string of 32 (?) bytes to apply to any password. All passwords need to be 32 bytes at the start of computing the encryption key, either by truncating or adding some of those padding bytes.

If no user password was set you simply have to pad with all 32 bytes of the string, i.e. use the 32 padding bytes as the starting point for computing the encryption key.

I have to admit it's been a while since I've done this, I do remember that the encryption part of the PDF is an absolute mess as it got changed significantly in nearly every revision, requiring you to cope with a lot of cases to handle all PDF's.

Good luck.

Answered by: Adelaide131 | Posted: 02-11-2021



Answer 3

xpdf is probably a good reference implementation for this sort of problem. I have successfully used them to open encrypted pdfs before.

Answered by: Lily525 | Posted: 02-11-2021



Similar questions

python - How to compare plain text password to hashed password using bcrypt?

I would like to use bcrypt to hash passwords and later verify if a supplied password is correct. Hashing passwords is easy: import bcrypt password = u'foobar' password_hashed = bcrypt.hashpw(password, bcrypt.gensalt()) # then store password_hashed in a database How can I compare a plain text password to the stored hash?


python - Not able to pass password for password prompt

I have the following code ,line "call("ectool --server=commander.company.com login username",shell=True)" prompts for a password,how do I pass the password to the shell? from subprocess import call def main(): list = ['741679','741477'] call("export COMMANDER_SERVER=commander.company.com" ,shell=True) call("ectool --server=commander.company.com login username",shell=True) #need to pass pass...


python - After hashing a password in Django, I cannot login as my password is unhashed

I am new to Django and so I would appreciate any help I can get. I have just created a form that can change the username, email and password. Currently, when I save a new password using that form, it gets hashed and stored which is the desired behaviour. However, when I login, because I use an unhashed password the authenticate() function fails to retrieve a user and I am unable to login. Note that if I login using...


python - Store old password hashes in Django, so Users can't reuse the same password

Is there a way to Store old password hashes in Django, so Users can't reuse the same password? When doing research on this, every time Django creates a password hash, the hash is different, even though the password is the same. For example, this will return two different hashes: from django.contrib.auth.hashers import make_password make_password('foo') make_password('foo') I can u...


Python Tkinter Password Box - How to make it similar to a bash password prompt where the length is hidden?

I've made a tkinter password Entry such as: passwordEntry = Entry(app, show="*") I'd like to do away with the asterisks and make it completely anonymous so others next to you can't even see the length of your password.


python - Fabric runs bash script that ask for sudo password - How to send this password

I want to use fabric to deploy some application on remote machines. For this, I use fabric to retrieve a bash script from a VCS (bitbucket or github) and execute it. However, the first step of my script is to add the current user to the sudoers, so I am requested for a password. Is it possible to send this password in the fabfile or within the fab command or.... ? A portion of code: bash


python - Hashed password becomes the real password

When I try to change user's fields in the django admin and then I save it, the hashed password ends up becoming the true password. So, If the password is hashed like this pbkdf2adhfkhadqeqerqfavghhfyb, and I change another field in the users model, this hashed password becomes my not hashed password. My code is like this. class UserCreationForm(forms.ModelForm): class Meta: model...


python - PyMySQL Access Denied "using password (no") but using password

Headscratcher here for me. I am attempting to connect to a database on my local MySQL 8.0.11.0 install from Python. Here's the code I'm using : conn = pymysql.connect(host='localhost', port=3306, user='root', password='placeholder', db='CustomerInfo') Python is returning the following : Traceback (most recent call last): File "D:\Python\F...


python - When click change password is blank page but password was changed django

I create login page. My problem is with "forgotten password". User enter a mail and django send a message with link. When click on it must change password. When complet click on "Change password" we should move on next page but it is blank. But password was changed. account/urls.py from django.urls import path, reverse_lazy from django.contrib.auth import views as auth_views from . import views ap...


python - Manual Password with hiding password field Django

I am using User in-built model of django. I want to create password for user like 'test@123' for everyone. without showing password field in template register.py @login_required def register(request): if request.method == 'POST': ur_form = UserRegisterForm(request.POST) pr_form = UserProfileForm(request.POST, request.FILES) if ur_form.is_valid() and pr_form.is_valid(): ...


python - Django 1.0, using default password reset

I'm trying to use the password reset setup that comes with Django, but the documentation is not very good for it. I'm using Django 1.0 and I keep getting this error: Caught an exception while rendering: Reverse for 'mysite.django.contrib.auth.views.password_reset_confirm' with arguments '()' and keyword arguments ... in my urlconf I have something like this: #django.contri...


python - Simple way to encode a string according to a password?

Does Python have a built-in, simple way of encoding/decoding strings using a password? Something like this: >>> encode('John Doe', password = 'mypass') 'sjkl28cn2sx0' >>> decode('sjkl28cn2sx0', password = 'mypass') 'John Doe' So the string "John Doe" gets encrypted as 'sjkl28cn2sx0'. To get the original string, I would "unlock" that string with the key 'mypass', w...


python - fabric and svn password

Assuming that I cannot run something like this with Fabric: run("svn update --password 'password' .") how's the proper way to pass to Fabric the password for the remote interactive command line? The problem is that the repo is checked out as svn+ssh and I don't have a http/https/svn option


How to test a regex password in Python?

Using a regex in Python, how can I verify that a user's password is: At least 8 characters Must be restricted to, though does not specifically require any of: uppercase letters: A-Z lowercase letters: a-z numbers: 0-9 any of the special characters: @#$%^&+= Note, all the letter/number/special chars are optional. I only want to verify...


python - Hide password when checking config file in git

This question already has answers here:


python - How to hide the password in fabric when the command is printed out?

Say I have a fabfile.py that looks like this: def setup(): pwd = getpass('mysql password: ') run('mysql -umoo -p%s something' % pwd) The output of this is: [host] run: mysql -umoo -pTheActualPassword Is there a way to make the output look like this? [host] run: mysql -umoo -p*******


django - Python md5 password value

I have this change password request form.In which the user enter their oldpasswords. this oldpassword is the md5 format. How to compare the md5 value from db to the oldpassword entered by user import md5 oldpasswd_byuser=str("tom") oldpasswd_db="sha1$c60da$1835a9c3ccb1cc436ccaa577679b5d0321234c6f" opw= md5.new(oldpasswd_byuser) #opw= md5.new(oldpasswd_byuser).hexdigest() if(op...


windows - Pass Password to runas from Python

This question already has answers here:


python - Use ssh key to encrypt and decrypt a password

My python-script (Python 2.6, on Debian Linux) asks the user for a password, wich is then saved in the users home directory. Because i don't want to safe the password as plain text, i want to encrypt it somehow. So i thought that maybe i could use the (private) ssh-key of the user to encrypt and decrypt the password thats saved in the file, so that only one with access to the private ssh key can decrypt the saved ...


Python: Execute scp, stdin for password not working

I'm trying the following from subprocess import Popen, PIPE Popen(["scp", "-B","user@url:file", "."], stdin=PIPE, shell=False).communicate(input="password") But I still get the password promt, and no password is sent. I know I can use scp with keys, but this is not what I need. Any help?






Still can't find your answer? Check out these communities...



PySlackers | Full Stack Python | NHS Python | Pythonist Cafe | Hacker Earth | Discord Python



top