PDF password protected file, only on Linux

Hi,

I’ve stumbled upon a weird issue. I had my friend send me a pdf file via file transfer to my Inbox. After downloading the file, I tried to open it…guess what? It was password protected. I asked my friend if she has the password, but she replied that she was never asked for a password to open the pdf. Why is that? Is it only on Linux that the file is password protected? How can that be?

Please advise, thank you!

I’ve never seen that on a non-password-protected file, and I open PDFs all
day from various sources. I have seen okular properly open
password-protected files that were known to be protected; the biggest
hangup for me with those is that the first prompt to me is from kwallet,
so I need to dismiss that and then enter the password to okular’s prompt
directly, and then it works very nicely.

Perhaps try just hitting [Enter] in case that is accepted. Also, perhaps
compare a checksum (md5sum/sha1sum/etc.) of the file to ensure it wasn’t
corrupted coming to you.


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

Thank you for your reply. I can confirm that the same file opens without any password prompt on Windows 8. However, along the title of the pdf file I can see that it reads SECURED. I don’t know why. So the only trouble is on Linux-es, as I have tried to open the pdf on Linux Petra 16 and the same password prompt appears. I have tried to hit Enter, but the file won’t open and I get an error. The file is definitely not corrupted. Please help, thank you!

What program is being used to open it? evince? okular? Adobe Reader?


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

I tried with both Evince and Okular. It did not work at all, I was still prompted with password. On the other hand, on Windows 8, I opened it with Adobe Reader and was not prompted with password.

Like ab, I have never experienced such an issue, (although I have experienced what he described with kwallet), however you might like to review some of the strategies for removing a password from PDF files outlined here

http://www.cyberciti.biz/faq/removing-password-from-pdf-on-linux/

In particular, the ghostscript command might work for you (as it doesn’t rely on knowing the password)

gs -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=unencrypted.pdf -c .setpdfwrite -f encrypted.pdf

This too:

http://www.lemonsoftware.eu/goodies/linux:remove_pdf_restrictions

On 2014-07-08 11:36, deano ferrari wrote:
>
> This too:
>
> http://www.lemonsoftware.eu/goodies/linux:remove_pdf_restrictions

Here it says:


pdftk input.pdf output output.pdf user_pw YOURPASSWORD-HERE

I was trying that a few days back, and failed: pdftk refuses if you
don’t have the owner password, because you don’t have permission to
modify the PDF, only to read/print it.

So what I do is “print” or convert to postscript, supplying the
password, and this postscript I convert back to pdf.

Of course, if the PDF contains indexes or links, they are lost.

I created a script for the task:

#!/bin/bash

… ~/keys/PDFPASSWORD

for FILES in ls ./origs/*pdf
do
NAME=basename $FILES
ENTRADA=./origs/$NAME
SALIDA=./dests/$NAME

if -f out.ps ]; then
rm out.ps
fi

if -f $SALIDA ]; then
echo “$SALIDA exists, skipping”
else
pdftops -upw $RECONTRA $ENTRADA out.ps
ps2pdf14 out.ps $SALIDA
echo
fi
done

I will have to investigate if the tools mentioned in your link could
work better:

pdftk (fails)
qpdf (unknown)
xpdf-utils → ps2pdf (works)

The claim that ghostscript can work without the password, surprises me a
lot:


gs -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite \
-sOutputFile=unencrypted.pdf -c .setpdfwrite -f encrypted.pdf

And in fact, it fails with my PDFs receipts:


cer@Telcontar:~/tmp> gs -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite
-sOutputFile=unencrypted.pdf -c .setpdfwrite -f encripted.pdf
**** This file requires a password for access.   <============
Error: /invalidfileaccess in pdf_process_Encrypt
Operand stack:

Execution stack:
%interp_exit   .runexec2   --nostringval--   --nostringval--
--nostringval--   2   %stopped_push   --nostringval--   --nostringval--
--nostringval--   false   1   %stopped_push   1900   1   3
%oparray_pop   1899   1   3   %oparray_pop   1883   1   3   %oparray_pop
--nostringval--   --nostringval--   --nostringval--   --nostringval--
false   1   %stopped_push
Dictionary stack:
--dict:1162/1684(ro)(G)--   --dict:1/20(G)--   --dict:82/200(L)--
--dict:82/200(L)--   --dict:109/127(ro)(G)--   --dict:292/300(ro)(G)--
--dict:22/32(L)--
Current allocation mode is local
GPL Ghostscript 9.07: Unrecoverable error, exit code 1
cer@Telcontar:~/tmp>

That would work, I assume, if the PDF has print permission, which would
be unforgivable error in an emailed PDF. Or if there was a bug somewhere.

Another comment suggest to use:


gs -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=unencrypted.pdf
-c .setpdfwrite -f encripted.pdf

which fails with “Error: /invalidfileaccess in pdf_process_Encrypt”.

Another comment (Denilson) duplicates my findings. I have to try ‘qpdf’.

Some one says that nothing would work, except “MuPDF”, with Wine.
Probably AES encryption.


mubusy clean -p YOURPASSWORD-HERE input.pdf
or
mutool clean -p YOUR-PASSWORD input.pdf

I write it here for future reference.


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

By the way pdftk works without the password on Debian but not on openSUSE, so this is a compilation matter. As these kind of passwords are artificial and not technical obstacles I think they give the original creator a false sense of security.

Thanks, I did that, here’s what I got:

**** This file uses an unknown standard security handler revision: 6
Error: /undefined in pdf_check_password
Operand stack:
   ()
Execution stack:
   %interp_exit   .runexec2   --nostringval--   --nostringval--   --nostringval--   2   %stopped_push   --nostringval--   --nostringval--   --nostringval--   false   1   %stopped_push   1900   1   3   %oparray_pop   1899   1   3   %oparray_pop   1883   1   3   %oparray_pop   --nostringval--   --nostringval--   --nostringval--   --nostringval--   false   1   %stopped_push   --nostringval--
Dictionary stack:
   --dict:1162/1684(ro)(G)--   --dict:1/20(G)--   --dict:82/200(L)--   --dict:82/200(L)--   --dict:109/127(ro)(G)--   --dict:292/300(ro)(G)--   --dict:22/32(L)--
Current allocation mode is local
GPL Ghostscript 9.07: Unrecoverable error, exit code 1

so…unrecoverable error :frowning:

From your result:

**** This file uses an unknown standard security handler revision: 6
Error: /undefined in pdf_check_password

This is fixed in ghostscript 9.15 - see http://www.ghostscript.com/doc/9.15/News.htm

On 2014-07-09 21:06, Nikos78 wrote:
>
> robin_listas;2652894 Wrote:

>> I was trying that a few days back, and failed: pdftk refuses if you
>> don’t have the owner password, because you don’t have permission to
>> modify the PDF, only to read/print it.
>>
>
> By the way pdftk works without the password on Debian but not on
> openSUSE, so this is a compilation matter. As these kind of passwords
> are artificial and not technical obstacles I think they give the
> original creator a false sense of security.

PDFs have two kind of protections: one is about what you can do with the
file, and software can follow the rules or not.

The other kind is encryption, and this one you can not bypass. You
really need the password to decipher the file.


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

Try opening it with LO Draw