This might be a rare case but obviously it happened to me. When a PDF file is marked as encrypted, all stream data is expected to be encrypted. But there is an exception, namely a Cross-Reference Stream, which is a regular object in contrast to the oldschool Cross-Reference Table. Until now, pdf-reader tried to decrypt the stream of that object like any other which led to an OpenSSL error, because it isn't encrypted by conforming writers.
I built the test file myself because the real-world example contained personal data of a client.
I have no idea whether there are more cases of streams that "shall not be encrypted" and therefore shouldn't be decrypted, so this list of conditions to omit decryption might not be exhaustive.
yob
commented
3 years ago
This might be a rare case but obviously it happened to me. When a PDF file is marked as encrypted, all stream data is expected to be encrypted. But there is an exception, namely a Cross-Reference Stream, which is a regular object in contrast to the oldschool Cross-Reference Table. Until now,
pdf-readertried to decrypt the stream of that object like any other which led to an OpenSSL error, because it isn't encrypted by conforming writers. I built the test file myself because the real-world example contained personal data of a client.I have no idea whether there are more cases of streams that "shall not be encrypted" and therefore shouldn't be decrypted, so this list of conditions to omit decryption might not be exhaustive.