Opening password-protected pdf file with iTextSharp

by

For certain operations on encrypted documents iText(Sharp) requires that the document not merely is opened with the user password but instead with the owner password. This corresponds to the definition of these passwords in the PDF specification:

Whether additional operations shall be allowed on a decrypted document depends on which password (if any) was supplied when the document was opened and on any access restrictions that were specified when the document was created:

  • Opening the document with the correct owner password should allow full (owner) access to the document. This unlimited access includes the ability to change the document’s passwords and access permissions.
  • Opening the document with the correct user password (or opening a document with the default password) should allow additional operations to be performed according to the user access permissions specified in the document’s encryption dictionary.

(section 7.6.3.1 in ISO 32000-1)

iText(Sharp) currently does not check in detail the user access permissions specified in the document’s encryption dictionary but instead always requires the owner password for operations requiring certain permissions, and copying whole pages from a document definitively is one of them.

This been said, the iText(Sharp) developers are very much aware (due to many such questions asked)

  • that iText(Sharp) users may be entitled to execute such operations even without the owner password on account of the before mentioned user access permissions specified in the document’s encryption dictionary,
  • that there are myriad PDFs to which their respective owners applied an owner password (to prevent misuse by others) and then forgot it (or by using a randomly generated one never knew it to start with), and
  • that iText(Sharp) (being open source) can easily be patched by anyone not to respect the differences between user and owner password.

To allow users to do what they are entitled to and to prevent the spreading of patched copies of the library, iText(Sharp) contains an override for this test in the PdfReader class:

/**
 * The iText developers are not responsible if you decide to change the
 * value of this static parameter.
 * @since 5.0.2
 */
public static bool unethicalreading = false;

Thus, by setting

PdfReader.unethicalreading = true;

you globally override this permission checking mechanism.

Please respect the rights of PDF authors and only use this override if you indeed are entitled to execute the operations in question.

More Related Contents:

  1. ITextSharp insert text to an existing pdf
  2. Can’t get Czech characters while generating a PDF
  3. ASP.NET Identity’s default Password Hasher – How does it work and is it secure?
  4. How to merge multiple pdf files (generated in run time)?
  5. Generate a PDF that automatically prints
  6. How to return PDF to browser in MVC?
  7. Is it secure to store passwords in cookies?
  8. PDF Compression with iTextSharp [closed]
  9. iTextSharp Creating a Footer Page # of #
  10. iText or iTextSharp rudimentary text edit
  11. RowSpan does not work in iTextSharp?
  12. How to return a PDF from a Web API application
  13. Sign PDF with iTextSharp 5.3.3 and USB token
  14. I want to sign a pdf document with ITextSharp and return ltv pdf enabled file
  15. External signing PDF with iText
  16. iTextSharp international text
  17. Search SQL by date ASP.NET
  18. The request was aborted: Could not create SSL/TLS secure channel
  19. Configure the authorization server endpoint
  20. How to get values of selected items in CheckBoxList with foreach in ASP.NET C#?
  21. How do you programmatically fill in a form and ‘POST’ a web page?
  22. How to Get IP Address?
  23. Declaration of Anonymous types List [duplicate]
  24. How to use custom Authorize attribute for roles as well as a specific user?
  25. How to Kill A Session or Session ID (ASP.NET/C#)
  26. How can I add an ampersand for a value in a ASP.net/C# app config file value
  27. GoogleWebAuthorizationBroker.AuthorizeAsync Hangs
  28. how can i get the same page with the click of back button of browser
  29. JavaScript: Alert.Show(message) From ASP.NET Code-behind
  30. How to get hold of Content that is already read

Leave a Comment