pyHanko: ValueError("Invalid padding bytes.") when trying to decrypt Adobe.PubSec encrypted pdf file
Describe the bug
Crash when trying to decrypt Adobe.PubSec encrypted file
To Reproduce
I’m afraid this will be very hard to reproduce, since I can’t share the files used to reproduce this. This is the output:
(venv) $ pyhanko --verbose decrypt pkcs12 --force encrypted.pdf decrypted.pdf key.p12
2024-03-25 10:25:57,582 - root - DEBUG - Running with --verbose
2024-03-25 10:25:57,582 - root - DEBUG - There was no configuration to parse.
Key passphrase:
2024-03-25 10:26:03,349 - cli - ERROR - Generic processing error.
Traceback (most recent call last):
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 772, in _import_object
return reference_map[obj.reference]
KeyError: Reference(idnum=26, generation=0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 772, in _import_object
return reference_map[obj.reference]
KeyError: Reference(idnum=27, generation=0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 772, in _import_object
return reference_map[obj.reference]
KeyError: Reference(idnum=34, generation=0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 772, in _import_object
return reference_map[obj.reference]
KeyError: Reference(idnum=168, generation=0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 772, in _import_object
return reference_map[obj.reference]
KeyError: Reference(idnum=296, generation=0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 772, in _import_object
return reference_map[obj.reference]
KeyError: Reference(idnum=300, generation=0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/cli/runtime.py", line 50, in pyhanko_exception_manager
yield
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/cli/commands/crypt.py", line 187, in _decrypt_pubkey
w = copy_into_new_writer(r)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 1262, in copy_into_new_writer
new_root_dict = w._import_object(
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 793, in _import_object
raw_dict = {
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 794, in <dictcomp>
k: self._import_object(v, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 780, in _import_object
imported = self._import_object(refd, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 793, in _import_object
raw_dict = {
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 794, in <dictcomp>
k: self._import_object(v, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 780, in _import_object
imported = self._import_object(refd, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 793, in _import_object
raw_dict = {
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 794, in <dictcomp>
k: self._import_object(v, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 780, in _import_object
imported = self._import_object(refd, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 793, in _import_object
raw_dict = {
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 794, in <dictcomp>
k: self._import_object(v, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 835, in _import_object
return generic.ArrayObject(
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 836, in <genexpr>
self._import_object(v, reference_map, obj_stream) for v in obj
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 780, in _import_object
imported = self._import_object(refd, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 793, in _import_object
raw_dict = {
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 794, in <dictcomp>
k: self._import_object(v, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 835, in _import_object
return generic.ArrayObject(
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 836, in <genexpr>
self._import_object(v, reference_map, obj_stream) for v in obj
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 780, in _import_object
imported = self._import_object(refd, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 793, in _import_object
raw_dict = {
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 794, in <dictcomp>
k: self._import_object(v, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 780, in _import_object
imported = self._import_object(refd, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 793, in _import_object
raw_dict = {
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 794, in <dictcomp>
k: self._import_object(v, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 835, in _import_object
return generic.ArrayObject(
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 836, in <genexpr>
self._import_object(v, reference_map, obj_stream) for v in obj
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 793, in _import_object
raw_dict = {
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 794, in <dictcomp>
k: self._import_object(v, reference_map, obj_stream)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/writer.py", line 769, in _import_object
obj = obj.decrypted
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/generic.py", line 2067, in decrypted
decrypted = pdf_string(cf.decrypt(local_key, obj.original_bytes))
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/crypt/filter_mixins.py", line 134, in decrypt
return aes_cbc_decrypt(key, data, iv)
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/pyhanko/pdf_utils/crypt/_util.py", line 20, in aes_cbc_decrypt
return unpadder.update(plaintext) + unpadder.finalize()
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/cryptography/hazmat/primitives/padding.py", line 160, in finalize
result = _byte_unpadding_check(
File "/home/user/Documents/secure/venv/lib/python3.10/site-packages/cryptography/hazmat/primitives/padding.py", line 97, in _byte_unpadding_check
raise ValueError("Invalid padding bytes.")
ValueError: Invalid padding bytes.
Error: Generic processing error.
Expected behavior
The document decrypts.
Environment (please complete the following information):
- OS: Ubuntu 22.04
- Version;
$ pip3 freeze
asn1crypto==1.5.1
certifi==2024.2.2
cffi==1.16.0
charset-normalizer==3.3.2
click==8.1.7
cryptography==42.0.5
idna==3.6
oscrypto==1.3.0
pycparser==2.21
pyHanko==0.23.2
pyhanko-certvalidator==0.26.3
pypng==0.20220715.0
PyYAML==6.0.1
qrcode==7.4.2
requests==2.31.0
typing_extensions==4.10.0
tzlocal==5.2
uritools==4.0.2
urllib3==2.2.1
Python 3.10.12
Additional context
$ openssl pkcs12 -legacy -info -in key.p12 -noout
Enter Import Password:
MAC: sha1, Iteration 100000
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 50000
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 50000
Certificate bag
Certificate bag
I’ve had problems with the 40 bit RC2 in the past, so I upgraded the key by following https://www.docuseal.co/docs/convert-legacy-p12-pfx-files-to-support-openssl-3, but I still have the same problem.
$ openssl pkcs12 -legacy -info -in key_new.p12 -noout
Enter Import Password:
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
Certificate bag
Certificate bag
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
About this issue
- Original URL
- State: closed
- Created 3 months ago
- Comments: 15 (7 by maintainers)
Commits related to this issue
- Make object importer more resilient - Correctly copy references to the root object - Deal with deep object graphs in a more stack-safe manner (we now only recurse within top-level objects, those... — committed to MatthiasValvekens/pyHanko by MatthiasValvekens 3 months ago
- Tolerate unpadded empty plaintext See #412 — committed to MatthiasValvekens/pyHanko by MatthiasValvekens 3 months ago
- Deal with sigs in encrypted docs when copying See #412 — committed to MatthiasValvekens/pyHanko by MatthiasValvekens 3 months ago
Werkt perfect, bedankt om dit op te lossen!