In json mode, reveal recovered user password when otherwise unavailable

2024-12-22 02:49:00 +00:00 · 2022-05-30 10:55:07 -04:00 · 2022-05-30 10:55:07 -04:00 · b7bbf12e85
commit b7bbf12e85
parent f049a77c59
31 changed files with 51 additions and 2 deletions
--- a/5
+++ b/5
@ -1,5 +1,10 @@
 2022-05-30  Jay Berkenbilt  <ejb@ql.org>

+        * When showing encryption data in json output, when the user
+        password was recovered with by the owner password and the
+        specified password does not match the user password, reveal the
+        user password. This is not possible with 256-bit keys.
+
        * Include additional information in --list-attachments --verbose
        and in --json --json-key=attachments.

--- a/2
+++ b/2
@ -70,8 +70,6 @@ Remaining work:

  * --show-xref: add

-  * --encryption: show recovered user password when available
-
 * Consider having --check, --show-encryption, etc., just select the
  right keys when in json mode. I don't think I want check on by
  default, so that might be different.
--- a/libqpdf/QPDFJob.cc
+++ b/libqpdf/QPDFJob.cc
@ -1382,6 +1382,15 @@ QPDFJob::doJSONEncrypt(Pipeline* p, bool& first, QPDF& pdf)
    j_encrypt.addDictionaryMember(
        "ownerpasswordmatched",
        JSON::makeBool(is_encrypted && pdf.ownerPasswordMatched()));
+    if (is_encrypted && (V < 5) && pdf.ownerPasswordMatched() &&
+        (!pdf.userPasswordMatched())) {
+        std::string user_password = pdf.getTrimmedUserPassword();
+        j_encrypt.addDictionaryMember(
+            "recovereduserpassword", JSON::makeString(user_password));
+    } else {
+        j_encrypt.addDictionaryMember(
+            "recovereduserpassword", JSON::makeNull());
+    }
    JSON j_capabilities =
        j_encrypt.addDictionaryMember("capabilities", JSON::makeDictionary());
    j_capabilities.addDictionaryMember(
@ -1669,6 +1678,7 @@ QPDFJob::json_schema(int json_version, std::set<std::string>* keys)
  },
  "encrypted": "whether the document is encrypted",
  "ownerpasswordmatched": "whether supplied password matched owner password; always false for non-encrypted files",
+  "recovereduserpassword": "If the owner password was used to recover the user password, reveal user password; otherwise null",
  "parameters": {
    "P": "P value from Encrypt dictionary",
    "R": "R value from Encrypt dictionary",
--- a/manual/release-notes.rst
+++ b/manual/release-notes.rst
@ -103,6 +103,12 @@ For a detailed list of changes, please see the file
      attachments is also included in the ``attachments`` json key
      with ``--json``.

+    - For encrypted files, ``qpdf --json`` reveals the user password
+      when the specified password did not match the user password and
+      the owner password was used to recover the user password. The
+      user password is not recoverable from the owner password when
+      256-bit keys are in use.
+
  - Library Enhancements

    - New methods ``insertItemAndGet``, ``appendItemAndGet``,
--- a/qpdf/qtest/encryption.test
+++ b/qpdf/qtest/encryption.test
@ -219,6 +219,7 @@ foreach my $d (@encrypted_files)
        "      \"streammethod\": \"---method---\",\n" .
        "      \"stringmethod\": \"---method---\"\n" .
        "    },\n" .
+        "    \"recovereduserpassword\": ---rup---,\n" .
        "    \"userpasswordmatched\": ---upm---\n" .
        "  }\n" .
        "}\n";
@ -267,6 +268,8 @@ foreach my $d (@encrypted_files)
        my $method = $bits == 256 ? "AESv3" : "RC4";
        my $opm = ($pass eq $opass ? "true" : "false");
        my $upm = ($pass eq $upass ? "true" : "false");
+        my $rup = (($pass eq $opass) && ($pass ne $upass) && ($V < 5))
+            ? "\"$upass\"" : "null";
        $enc_json =~ s/---R---/$R/;
        $enc_json =~ s/---P---/$P/;
        $enc_json =~ s/---V---/$V/;
@ -274,6 +277,7 @@ foreach my $d (@encrypted_files)
        $enc_json =~ s/---method---/$method/g;
        $enc_json =~ s/---opm---/$opm/;
        $enc_json =~ s/---upm---/$upm/;
+        $enc_json =~ s/---rup---/$rup/;

        my $eflags = "--allow-weak-crypto" .
            " -encrypt \"$upass\" \"$opass\" $bits $xeflags --";
--- a/qpdf/qtest/qpdf/json-V4-aes-encrypt---show-encryption-key-v1.out
+++ b/qpdf/qtest/qpdf/json-V4-aes-encrypt---show-encryption-key-v1.out
@ -28,6 +28,7 @@
      "streammethod": "AESv2",
      "stringmethod": "AESv2"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": true
  }
 }
--- a/qpdf/qtest/qpdf/json-V4-aes-encrypt---show-encryption-key-v2.out
+++ b/qpdf/qtest/qpdf/json-V4-aes-encrypt---show-encryption-key-v2.out
@ -28,6 +28,7 @@
      "streammethod": "AESv2",
      "stringmethod": "AESv2"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": true
  }
 }
--- a/qpdf/qtest/qpdf/json-V4-aes-encrypt-v1.out
+++ b/qpdf/qtest/qpdf/json-V4-aes-encrypt-v1.out
@ -28,6 +28,7 @@
      "streammethod": "AESv2",
      "stringmethod": "AESv2"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": true
  }
 }
--- a/qpdf/qtest/qpdf/json-V4-aes-encrypt-v2.out
+++ b/qpdf/qtest/qpdf/json-V4-aes-encrypt-v2.out
@ -28,6 +28,7 @@
      "streammethod": "AESv2",
      "stringmethod": "AESv2"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": true
  }
 }
--- a/qpdf/qtest/qpdf/json-attachment-fields-v1.out
+++ b/qpdf/qtest/qpdf/json-attachment-fields-v1.out
@ -96,6 +96,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-attachment-fields-v2.out
+++ b/qpdf/qtest/qpdf/json-attachment-fields-v2.out
@ -96,6 +96,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-field-types---show-encryption-key-v1.out
+++ b/qpdf/qtest/qpdf/json-field-types---show-encryption-key-v1.out
@ -428,6 +428,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-field-types---show-encryption-key-v2.out
+++ b/qpdf/qtest/qpdf/json-field-types---show-encryption-key-v2.out
@ -428,6 +428,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-field-types-v1.out
+++ b/qpdf/qtest/qpdf/json-field-types-v1.out
@ -428,6 +428,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-field-types-v2.out
+++ b/qpdf/qtest/qpdf/json-field-types-v2.out
@ -428,6 +428,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-image-streams-all-v1.out
+++ b/qpdf/qtest/qpdf/json-image-streams-all-v1.out
@ -271,6 +271,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-image-streams-all-v2.out
+++ b/qpdf/qtest/qpdf/json-image-streams-all-v2.out
@ -271,6 +271,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-image-streams-small-v1.out
+++ b/qpdf/qtest/qpdf/json-image-streams-small-v1.out
@ -271,6 +271,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-image-streams-small-v2.out
+++ b/qpdf/qtest/qpdf/json-image-streams-small-v2.out
@ -271,6 +271,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-image-streams-specialized-v1.out
+++ b/qpdf/qtest/qpdf/json-image-streams-specialized-v1.out
@ -271,6 +271,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-image-streams-specialized-v2.out
+++ b/qpdf/qtest/qpdf/json-image-streams-specialized-v2.out
@ -271,6 +271,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-image-streams-v1.out
+++ b/qpdf/qtest/qpdf/json-image-streams-v1.out
@ -271,6 +271,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-image-streams-v2.out
+++ b/qpdf/qtest/qpdf/json-image-streams-v2.out
@ -271,6 +271,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-outlines-with-actions-v1.out
+++ b/qpdf/qtest/qpdf/json-outlines-with-actions-v1.out
@ -462,6 +462,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [
--- a/qpdf/qtest/qpdf/json-outlines-with-actions-v2.out
+++ b/qpdf/qtest/qpdf/json-outlines-with-actions-v2.out
@ -462,6 +462,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [
--- a/qpdf/qtest/qpdf/json-outlines-with-old-root-dests-v1.out
+++ b/qpdf/qtest/qpdf/json-outlines-with-old-root-dests-v1.out
@ -567,6 +567,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [
--- a/qpdf/qtest/qpdf/json-outlines-with-old-root-dests-v2.out
+++ b/qpdf/qtest/qpdf/json-outlines-with-old-root-dests-v2.out
@ -567,6 +567,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [
--- a/qpdf/qtest/qpdf/json-page-labels-and-outlines-v1.out
+++ b/qpdf/qtest/qpdf/json-page-labels-and-outlines-v1.out
@ -637,6 +637,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [
--- a/qpdf/qtest/qpdf/json-page-labels-and-outlines-v2.out
+++ b/qpdf/qtest/qpdf/json-page-labels-and-outlines-v2.out
@ -637,6 +637,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [
--- a/qpdf/qtest/qpdf/json-page-labels-num-tree-v1.out
+++ b/qpdf/qtest/qpdf/json-page-labels-num-tree-v1.out
@ -534,6 +534,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],
--- a/qpdf/qtest/qpdf/json-page-labels-num-tree-v2.out
+++ b/qpdf/qtest/qpdf/json-page-labels-num-tree-v2.out
@ -534,6 +534,7 @@
      "streammethod": "none",
      "stringmethod": "none"
    },
+    "recovereduserpassword": null,
    "userpasswordmatched": false
  },
  "outlines": [],