How do I use Hashed Passwords with SETAPDF's Password Protected PDFs?

0
votes

I am using an API called SET-PDF Stamper

Our passwords use a hash and I am trying to use the hashed passwords with the setasign PDF api. In the documentation I see they support encryption but I can't find anything on hashing. Is there any way to implement their password protection on the document verifying the password hash?

Our hash uses the following password_hash("password", CRYPT_BLOWFISH, $options); Normally you would use password verify in this situation but I don't see a way to implement it with the setasign api.

1
phpencryptionhashpassword-hashsetapdf
Is it impossible to get the input from user, hash it, and then use that hash as a password, both when creating the file and when opening?HoldOffHunger
Your question is a little hard to follow; so you have a PDF file that is encrypted, that you need to decrypt before your PHP can edit the file?Martin
Have you tried reading the SET-PDF manual?. It shows you exactly how to open an encrypted PDF, if you have the original password. If you do not have the original password, then you can't access the PDF for editing (stamping).Martin
@HoldOffHunger you are incorrect re the repetitive nature of hashes; what about salts. Each and every password hash uses salts, to avoid the repetition that you illustrate here. Therefore the same password will give numerous hashes because of the salts.Martin
@HoldOffHunger ; Thank you; I am well aware of salt and hash. A hash with PHP password_hash is generated with a password plaintext and a salt. This means the same plaintext creates many different hashes with this method. This means your earlier comment about hash repetition does not hold here.Martin

1 Answers

1
votes

The main issue is not related to SetaPDF but you are searching for a feature in the PDF format, which is simply not available. You want a securtiy handler, that hashes the input before it is used to calculate the encryption key. That's simply not part of standard PDF encryption.

The standard PDF encryption algorithms start with a plain text password.

There's nothing you can do about it but writing your own logic for a PDF viewer (e.g. pdf.js) to modify the input (hash it) before it is passed to the algorithm that calculates the encryption key.