iText - General

ArrayIndexOutOfBoundsException while encrypting a PDF with AES 256 (IText pdf java)

Classic

List

Threaded

2 messages Options

Alex Miller

ArrayIndexOutOfBoundsException while encrypting a PDF with AES 256 (IText pdf java)

Hi,

When I try to encrypt a pdf using AES 256 it gives me the following error:

java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy(Native Method)
at
com.itextpdf.text.pdf.PdfEncryption.setupByEncryptionKey(PdfEncryption.java:527)
at
com.itextpdf.text.pdf.PdfEncryption.getEncryptionDictionary(PdfEncryption.java:633)
at com.itextpdf.text.pdf.PdfWriter.setEncryption(PdfWriter.java:2057)
at com.itextpdf.text.pdf.PdfStamper.setEncryption(PdfStamper.java:349)
....

This is the code that generates the error:

public static KeyPair generateKeyPair(String algorithm, int bitLength)
throws NoSuchAlgorithmException {
KeyPairGenerator kpGen = null;

try {
kpGen = KeyPairGenerator.getInstance(algorithm, "BC");
} catch (NoSuchProviderException ex) {
Logger.getLogger(Util.class.getName()).log(Level.SEVERE,
null, ex);
}
kpGen.initialize(bitLength, new SecureRandom());

return kpGen.generateKeyPair();
}

public static Certificate getCertificate(KeyPair pair) throws Exception {
X509v3CertificateBuilder builder = new
X509v3CertificateBuilder(new X500Name("CN=CA"),
BigInteger.valueOf(new Date().getTime()),
new Date(),
new Date(new Date().getTime() + 100000000L),
new X500Name("CN=Reader"),

SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded()));
ContentSigner signer = new
JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(pair.getPrivate());
X509CertificateHolder certHolder = builder.build(signer);
ByteArrayInputStream bIn = new
ByteArrayInputStream(certHolder.getEncoded());
return CertificateFactory.getInstance("X.509",
"BC").generateCertificate(bIn);
}

public static void encryptPdf(String src, String dest, Certificate
readCertificate)
throws IOException, DocumentException, CertificateException {
PdfReader reader = new PdfReader(src);
FileOutputStream fout = new FileOutputStream(dest);
PdfStamper stamper = new PdfStamper(reader, fout);
stamper.setEncryption(new Certificate[]{readCertificate}, //
This is the instruction that gives me the error!
new int[]{PdfWriter.ALLOW_PRINTING},
//
PdfWriter.ENCRYPTION_AES_256);
//
stamper.close();
fout.close();
}

public static final String ORIGINAL = "./X509.pdf";
public static final String ENCIPHERED = "./X509-crypt.pdf";
public static final String DECIPHERED = "./X509-decrypt.pdf";
public static final String SIGNED = "./X509-signed.pdf";

public static void main(String[] args) {
Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());

Certificate readerCert = null;
System.out.println(Cipher.getMaxAllowedKeyLength("AES")); // OK
KeyPair pair = generateKeyPair("RSA", 2048);
readerCert = getCertificate(pair);
System.out.println(readerCert);

KeyPair fakePair = generateKeyPair("RSA", 2048);
Certificate fakeCertificate = getCertificate(fakePair);
encryptPdf(ORIGINAL, ENCIPHERED, readerCert);
}

My configuration:
OS: Windows 7 x64 service pack 1
Jdk and Jre latest version 1.6.26
Itext latest version 5.11
IDE: netbeans 7.0

I've given a look at what happened inside Itext and i found that the
instruction that launch exception is:
"System.arraycopy(key, 0, mkey, 0, mkey.length);"
where key is a 20 bytes arrays and mkey.length is 32!

With the other algorithm (ARC4_40, ARC4_128, AES_128) i have no problem!

I attach the pdf that i want to encipher.

I thank you in advance
Alex Miller.

------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

X509.pdf (138K) Download Attachment

Paulo Soares-3

Re: ArrayIndexOutOfBoundsException while encrypting a PDF with AES 256 (IText pdf java)

Certificate encryption for AES 256 is not yet supported. It should be available in September.

Paulo

-----Original Message-----
From: Alex Miller [mailto:[hidden email]]
Sent: Wednesday, June 22, 2011 2:48 PM
To: [hidden email]
Subject: [iText-questions] ArrayIndexOutOfBoundsException while encrypting a PDF with AES 256 (IText pdf java)

Hi,

When I try to encrypt a pdf using AES 256 it gives me the following error:

java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy(Native Method)
at
com.itextpdf.text.pdf.PdfEncryption.setupByEncryptionKey(PdfEncryption.java:527)
at
com.itextpdf.text.pdf.PdfEncryption.getEncryptionDictionary(PdfEncryption.java:633)
at com.itextpdf.text.pdf.PdfWriter.setEncryption(PdfWriter.java:2057)
at com.itextpdf.text.pdf.PdfStamper.setEncryption(PdfStamper.java:349)
....

This is the code that generates the error:

public static KeyPair generateKeyPair(String algorithm, int bitLength)
throws NoSuchAlgorithmException {
KeyPairGenerator kpGen = null;

try {
kpGen = KeyPairGenerator.getInstance(algorithm, "BC");
} catch (NoSuchProviderException ex) {
Logger.getLogger(Util.class.getName()).log(Level.SEVERE,
null, ex);
}
kpGen.initialize(bitLength, new SecureRandom());

return kpGen.generateKeyPair();
}

public static Certificate getCertificate(KeyPair pair) throws Exception {
X509v3CertificateBuilder builder = new
X509v3CertificateBuilder(new X500Name("CN=CA"),
BigInteger.valueOf(new Date().getTime()),
new Date(),
new Date(new Date().getTime() + 100000000L),
new X500Name("CN=Reader"),

SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded()));
ContentSigner signer = new
JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(pair.getPrivate());
X509CertificateHolder certHolder = builder.build(signer);
ByteArrayInputStream bIn = new
ByteArrayInputStream(certHolder.getEncoded());
return CertificateFactory.getInstance("X.509",
"BC").generateCertificate(bIn);
}

public static void encryptPdf(String src, String dest, Certificate
readCertificate)
throws IOException, DocumentException, CertificateException {
PdfReader reader = new PdfReader(src);
FileOutputStream fout = new FileOutputStream(dest);
PdfStamper stamper = new PdfStamper(reader, fout);
stamper.setEncryption(new Certificate[]{readCertificate}, //
This is the instruction that gives me the error!
new int[]{PdfWriter.ALLOW_PRINTING},
//
PdfWriter.ENCRYPTION_AES_256);
//
stamper.close();
fout.close();
}

public static final String ORIGINAL = "./X509.pdf";
public static final String ENCIPHERED = "./X509-crypt.pdf";
public static final String DECIPHERED = "./X509-decrypt.pdf";
public static final String SIGNED = "./X509-signed.pdf";

public static void main(String[] args) {
Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());

Certificate readerCert = null;
System.out.println(Cipher.getMaxAllowedKeyLength("AES")); // OK
KeyPair pair = generateKeyPair("RSA", 2048);
readerCert = getCertificate(pair);
System.out.println(readerCert);

KeyPair fakePair = generateKeyPair("RSA", 2048);
Certificate fakeCertificate = getCertificate(fakePair);
encryptPdf(ORIGINAL, ENCIPHERED, readerCert);
}

My configuration:
OS: Windows 7 x64 service pack 1
Jdk and Jre latest version 1.6.26
Itext latest version 5.11
IDE: netbeans 7.0

I've given a look at what happened inside Itext and i found that the
instruction that launch exception is:
"System.arraycopy(key, 0, mkey, 0, mkey.length);"
where key is a 20 bytes arrays and mkey.length is 32!

With the other algorithm (ARC4_40, ARC4_128, AES_128) i have no problem!

I attach the pdf that i want to encipher.

I thank you in advance
Alex Miller.

Aviso Legal:
Esta mensagem é destinada exclusivamente ao destinatário. Pode conter informação confidencial ou legalmente protegida. A incorrecta transmissão desta mensagem não significa a perca de confidencialidade. Se esta mensagem for recebida por engano, por favor envie-a de volta para o remetente e apague-a do seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de usar, revelar ou distribuir qualquer parte desta mensagem.

Disclaimer:
This message is destined exclusively to the intended receiver. It may contain confidential or legally protected information. The incorrect transmission of this message does not mean the loss of its confidentiality. If this message is received by mistake, please send it back to the sender and delete it from your system immediately. It is forbidden to any person who is not the intended receiver to use, distribute or copy any part of this message.

------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php