-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ENH: Use cryptography
for encryption/decryption as a fallback for PyCryptodome
#2000
Conversation
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #2000 +/- ##
==========================================
+ Coverage 93.92% 94.06% +0.14%
==========================================
Files 33 38 +5
Lines 7011 7081 +70
Branches 1394 1394
==========================================
+ Hits 6585 6661 +76
+ Misses 272 269 -3
+ Partials 154 151 -3
☔ View full report in Codecov by Sentry. |
@exiledkingcc |
cryptography
for encryption/decryption as a fallback for PyCryptodome
Could you please also adjust https://github.com/py-pdf/pypdf/blob/main/docs/user/encryption-decryption.md (the comment about pycryptodome)? Comparison of the two libraries:
It seems to me that we should primarily use cryptography and only use pycryptodome as a fallback. What do you think @exiledkingcc ? |
your opinion sounds very reasonable,i agree with it. but should contain it in the commit? then how about |
It's ok for me if you leave it as it is. That is not a blocker. The change of the default (from pycryptodome to cryptography) should probably be done AFTER I merge this one. Just to keep this PR fairly stable. I want to merge it on Friday evening / early Saturday. |
## What's new ### New Features (ENH) - Accelerate image list keys generation (#2014) - Use `cryptography` for encryption/decryption as a fallback for PyCryptodome (#2000) - Extract LaTeX characters (#2016) - ASCIIHexDecode.decode now returns bytes instead of str (#1994) ### Bug Fixes (BUG) - Add RunLengthDecode filter (#2012) - Process /Separation ColorSpace (#2007) - Handle single element ColorSpace list (#2026) - Process lookup decoded as TextStringObjects (#2008) ### Robustness (ROB) - Cope with garbage collector during cloning (#1841) ### Maintenance (MAINT) - Cleanup of annotations (#1745) [Full Changelog](3.13.0...3.14.0)
@exiledkingcc @MartinThoma I can't understand, v3.14.0 release mentions this PR but Also, could you guys clarify if cryptography is a pure-python library and if it handles AES encryption? |
for now, cryptography is a fallback for PyCryptodome. it will change in the future, since cryptography seems more official.
cryptography is a wrapper of openssl, not pure-python. |
Does it mean for now we need
Does it handle AES encryption? |
for now,you can cryptography can handle AES, and many other algorithms. |
The latest There are still older versions, but I don't know if they are secure as they might have unfixed known bugs. That is a pretty strong reason for me to drop Python 3.6 support. |
Yes: https://github.com/py-pdf/pypdf/blob/main/pypdf/_crypt_providers/_cryptography.py#L31 Just like PyCryptodome: https://github.com/py-pdf/pypdf/blob/main/pypdf/_crypt_providers/_pycryptodome.py#L30C1-L30C1 |
Use the
cryptography
package (maintained by the Python Cryptographic Authority, pyca) as a fallback if PyCryptodome (maintained by Legrandin / Helder Eijs) is not installed.Closes #1998