[opensuse] Decrypting password protected PDF files
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm trying to use "pdftk" to decrypt pdfs on the command line, like this: +++·································· cer@Telcontar:~> pdftk INPUT.pdf output unsecured.pdf do_ask The password you supplied for the input PDF: INPUT.pdf did not work. This PDF is encrypted, and you must supply the owner password to open it. If it has no owner password, then enter the user password, instead. To quit, enter a blank password at the next prompt. Please enter the open password to use on the input PDF: INPUT.pdf. It can be empty, or have a maximum of 32 characters: PASSWORD The password you supplied for the input PDF: INPUT.pdf did not work. This PDF is encrypted, and you must supply the owner password to open it. If it has no owner password, then enter the user password, instead. To quit, enter a blank password at the next prompt. Please enter the open password to use on the input PDF: INPUT.pdf. It can be empty, or have a maximum of 32 characters: ^C cer@Telcontar:~> ··································++- However, the same password, /pasted/ into evince, works. My password has non alphabetic chars. Is pdftk supposed to work, or is it buggy? Is my command line syntax wrong? I'm using openSUSE 13.1, CLI, and "pdftk 1.45". - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlOtxpUACgkQtTMYHG2NR9WLKgCglj7zEHphLlirYY1NB26FiJUI 86QAniERV5CkConzVW2XgVaZw4e+p3NZ =1KzM -----END PGP SIGNATURE-----
"Carlos E. R." írta:
Hi,
I'm trying to use "pdftk" to decrypt pdfs on the command line, like this:
+++·································· cer@Telcontar:~> pdftk INPUT.pdf output unsecured.pdf do_ask The password you supplied for the input PDF: INPUT.pdf did not work. This PDF is encrypted, and you must supply the owner password to open it. If it has no owner password, then enter the user password, instead. To quit, enter a blank password at the next prompt. Please enter the open password to use on the input PDF: INPUT.pdf. It can be empty, or have a maximum of 32 characters: PASSWORD The password you supplied for the input PDF: INPUT.pdf did not work. This PDF is encrypted, and you must supply the owner password to open it. If it has no owner password, then enter the user password, instead. To quit, enter a blank password at the next prompt. Please enter the open password to use on the input PDF: INPUT.pdf. It can be empty, or have a maximum of 32 characters: ^C cer@Telcontar:~> ··································++-
However, the same password, /pasted/ into evince, works. My password has non alphabetic chars.
Is pdftk supposed to work, or is it buggy? Is my command line syntax wrong?
I'm using openSUSE 13.1, CLI, and "pdftk 1.45".
Hello: I have tried it and it worked for me, using pdftk 1.44 in openSUSE 12.2. I tried theses syntaxes, both worked:
pdftk input.pdf output out.pdf do_ask
pdftk input.pdf input_pw <password> output out.pdf
The password I used was "asdfg **" (without quotation marks and one space before **). I can think of two reasons it does not work for you: 1. You are using the viewing (open) password instead of owner (permission) password. 2. The password has some specific characters that should be escaped. Istvan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Sat, 28 Jun 2014, Istvan Gabor wrote:
"Carlos E. R." írta:
I'm trying to use "pdftk" to decrypt pdfs on the command line, like this: [..] However, the same password, /pasted/ into evince, works. My password has non alphabetic chars.
Is pdftk supposed to work, or is it buggy? Is my command line syntax wrong?
I can think of two reasons it does not work for you:
1. You are using the viewing (open) password instead of owner (permission) password.
2. The password has some specific characters that should be escaped.
3. it could be an encoding issue (e.g. UTF-8 vs. ISO-8859-*). BTW: I have pdftk-2.02 on my 12.1, Build Date : Wed 09 Apr 2014 04:13:00 PM CEST from the Publishing repo. Could be worth a try if it's an encoding issue. From the changelog: * 2.02 - July 24, 2013 [..] o Fixed a password bug where some 'upper-ASCII' characters weren't being mapped to the correct code points. o Fixed a 40-bit decryption bug introduced in version 2.00 [..] o Added a test to ensure that encryption passwords use permitted characters only. (Decryption attempts still allow a larger set of input characters.) [..] * 2.01 - June 5, 2013 [..] * 2.00 - May 22, 2013 o Added AES decryption of input PDFs. The 'owner' password is still required when decrypting any PDF. [..] * 1.45 - December 6, 2012 So, it could be 4. a by now fixed bug in the password/decryption handling of pdftk. I just checked: Upstream is still at 2.02, see http://www.pdflabs.com/docs/install-pdftk-on-redhat-or-centos/ So, (if 13.1 is your oS version), zypper ar http://download.opensuse.org/repositories/Publishing/openSUSE_13.1/Publishin... zypper ref zypper up pdftk might solve your problem. HTH, -dnh -- G'Kar: "All of life can be broken down into moments of transition or moments of revelation. This had the feeling of both." Babylon 5 - 3x22 - Z'Ha'Dum -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2014-06-28 at 00:39 +0200, Istvan Gabor wrote:
Hello:
I have tried it and it worked for me, using pdftk 1.44 in openSUSE 12.2.
I tried theses syntaxes, both worked:
pdftk input.pdf output out.pdf do_ask
pdftk input.pdf input_pw <password> output out.pdf
The password I used was "asdfg **" (without quotation marks and one space before **).
I can think of two reasons it does not work for you:
1. You are using the viewing (open) password instead of owner (permission) password.
2. The password has some specific characters that should be escaped.
Well, as the the first method prompts for the password, escaping it is not necesary. Then I don't know if it is the owner password or the open password, I do not generate nor control those documents. Let me see... ah, acrobat does say that the document has "Password security" as security method, "document open password", and "permission password", using 40-bit RCA. pdftk INPUT.pdf input_pw ***\&*** output out.pdf Error: Failed to open PDF file: INPUT.pdf.pdf OWNER PASSWORD REQUIRED, but not given (or incorrect) Errors encountered. No output created. Done. Input errors, so no output created. cer@Telcontar:~ > As you see, I have to escape a "&" in the password, or bash does not allow it. But it does not work, the password is not accepted. It should be the owner password. I use the only one I know, and it works when used in evince or acrobat. If I try:
pdftk INPUT.pdf owner_pw ***\&*** output out.pdf Error: Unexpected command-line data: owner_pw where we were expecting an input PDF filename, operation (e.g. "cat") or "input_pw". Exiting. Errors encountered. No output created. Done. Input errors, so no output created.
but the manual does give "owner_pw" as a valid option, and "pdftk --help" confirms it. Same thing with "user_pw". On the examples section of the manual, it uses a different ordering: pdftk INPUT.pdf output out.pdf owner_pw *** Error: Failed to open PDF file: INPUT.pdf.pdf OWNER PASSWORD REQUIRED, but not given (or incorrect) Errors encountered. No output created. Done. Input errors, so no output created. So it seems that it simply does not accept my password. I'll try upgrading the program, as David suggests. Otherwise... is there some other scriptable tool to decrypt pdfs generating decrypted copies? - -- Cheers, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlOuNA8ACgkQtTMYHG2NR9X20ACfblqqZqGhx9Lw3bJWdQ0nT3si G34An0KlOu8AZ6TLX7aYnRRRRWQoeA7W =xgII -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-28 05:18, Carlos E. R. wrote:
On Saturday, 2014-06-28 at 00:39 +0200, Istvan Gabor wrote:
I'll try upgrading the program, as David suggests.
Nay, not good. I now have "pdftk 2.02", and it still can not open these PDFs. :-(
Otherwise... is there some other scriptable tool to decrypt pdfs generating decrypted copies?
I need some other tool... I have to decrypt hundreds of files, generating clear pdfs, or alternatively, call a viewer with the password given on the command line, somehow. My problem is that I get these pdfs on email, and all viewers are unable to remember the password, as they have different file names. It is a real nuisance to browse a hundred pdfs looking for something and having to type a difficult password for every single file :-( [...] I have a trick of sorts, though. I symlink the pdf I want to view to a name, and use evince to open it, and remember the password for the session. I close it, change the link to the next file, and again use evince... it works. But if I tell evince to save a copy, the copy is encrypted. And it is tedious, anyway, to click your way on a hundred files... -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
"Carlos E. R." <robin.listas@telefonica.net> írta:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Saturday, 2014-06-28 at 00:39 +0200, Istvan Gabor wrote:
Hello:
I have tried it and it worked for me, using pdftk 1.44 in openSUSE 12.2.
I tried theses syntaxes, both worked:
pdftk input.pdf output out.pdf do_ask
pdftk input.pdf input_pw <password> output out.pdf
The password I used was "asdfg **" (without quotation marks and one space before **).
I can think of two reasons it does not work for you:
1. You are using the viewing (open) password instead of owner (permission) password.
2. The password has some specific characters that should be escaped.
Well, as the the first method prompts for the password, escaping it is not necesary. Then I don't know if it is the owner password or the open password, I do not generate nor control those documents.
Let me see... ah, acrobat does say that the document has "Password security" as security method, "document open password", and "permission password", using 40-bit RCA.
pdftk INPUT.pdf input_pw ***\&*** output out.pdf Error: Failed to open PDF file: INPUT.pdf.pdf OWNER PASSWORD REQUIRED, but not given (or incorrect) Errors encountered. No output created. Done. Input errors, so no output created. cer@Telcontar:~ >
I still think that the password you provide is not the owner password, but it is the user password. pdftk requires the owner password for this.
As you see, I have to escape a "&" in the password, or bash does not allow it. But it does not work, the password is not accepted. It should be the owner password. I use the only one I know, and it works when used in evince or acrobat.
These programs open the file independent of which password (owner or user) is provided.
If I try:
pdftk INPUT.pdf owner_pw ***\&*** output out.pdf Error: Unexpected command-line data: owner_pw where we were expecting an input PDF filename, operation (e.g. "cat") or "input_pw". Exiting. Errors encountered. No output created. Done. Input errors, so no output created.
but the manual does give "owner_pw" as a valid option, and "pdftk --help" confirms it.
Same thing with "user_pw".
On the examples section of the manual, it uses a different ordering:
pdftk INPUT.pdf output out.pdf owner_pw *** Error: Failed to open PDF file: INPUT.pdf.pdf OWNER PASSWORD REQUIRED, but not given (or incorrect) Errors encountered. No output created. Done. Input errors, so no output created.
In my understanding owner_pw and user_pw apply only if you encrypt a pdf file, that is they are the passwords for the created output file. You can experiment with it making encrypted pdfs in libreoffice using pdf export and you will see pdftk opens the file only if the input password is the owner password. I think the reason for this is that with the open password you are not allowed to change the document while with the owner password you are. Converting the pdf by pdftk chnges the document, that is the owner password is required. Istvan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-06-28 13:43, Istvan Gabor wrote:
"Carlos E. R." <> írta:
pdftk INPUT.pdf input_pw ***\&*** output out.pdf Error: Failed to open PDF file: INPUT.pdf.pdf OWNER PASSWORD REQUIRED, but not given (or incorrect) Errors encountered. No output created. Done. Input errors, so no output created. cer@Telcontar:~ >
I still think that the password you provide is not the owner password, but it is the user password. pdftk requires the owner password for this.
It is the only password that exists. They are bank letters, sent as encrypted PDFs via email. There is no reason for the bank to add a different password of their own.
As you see, I have to escape a "&" in the password, or bash does not allow it. But it does not work, the password is not accepted. It should be the owner password. I use the only one I know, and it works when used in evince or acrobat.
These programs open the file independent of which password (owner or user) is provided.
I see.
pdftk INPUT.pdf output out.pdf owner_pw *** Error: Failed to open PDF file: INPUT.pdf.pdf OWNER PASSWORD REQUIRED, but not given (or incorrect) Errors encountered. No output created. Done. Input errors, so no output created.
In my understanding owner_pw and user_pw apply only if you encrypt a pdf file, that is they are the passwords for the created output file.
Well, then the error message is not sufficiently clear.
You can experiment with it making encrypted pdfs in libreoffice using pdf export and you will see pdftk opens the file only if the input password is the owner password.
I think the reason for this is that with the open password you are not allowed to change the document while with the owner password you are. Converting the pdf by pdftk chnges the document, that is the owner password is required.
AHHH! I understand... kind of. :-} (the error message could say just that, by the way) I could then perhaps print the file to postscript, which would not be password protected. This I could again convert to PDF myself. I don't see an option in pdftk for printing. What could I use to print, to file preferably, but to cups is also acceptable (I would use cups-pdf), an encrypted PDF file? Maybe pdftops. [...] YES! It works. pdftops -upw *** input.pdf out.ps ps2pdf14 out.ps out.pdf The original has 46K, the result has 43. Of course, creation date changes. Not crucial. I could also consider "pdfedit", the insufficient man page mentions scripting. Doesn't look easy to find out how to do, even if possible though (I do not want to click my way, I need mass conversion of files). Dunno about "podofo". Installing... podofobox(1), podofocolor(1), podofocountpages(1), podofocrop(1), podofogc(1), podofoimg2pdf(1), podofoimgextract(1), podofoincrementalupdates(1), podofoimpose(1), podofomerge(1), podofopages(1), podofopdfinfo(1), podofotxt2pdf(1), podofotxtextract(1), podofouncompress(1), podofoxmp(1) Sigh... I do not see a decrypt option, only one to encrypt. Ok then, pdftops it is. Now to script it! Thankyou! - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlOuxCgACgkQtTMYHG2NR9XEDQCfR1gACRaadjz4UxOEslYG5nj5 rz8An2v83Z9jd+9fDdKjqfCRl9PLuUca =PW+g -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Carlos E. R. -
Carlos E. R. -
David Haller -
Istvan Gabor