From e5ec4f238411ebd57574e7d7b6ed4ee59dadf4fe Mon Sep 17 00:00:00 2001 From: Martin Thoma Date: Sun, 2 Jul 2023 23:26:40 +0200 Subject: [PATCH] DOC: Update notes on cryptography (#1938) Closes #1754 --- docs/user/encryption-decryption.md | 14 ++++++++++---- pyproject.toml | 1 - 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/user/encryption-decryption.md b/docs/user/encryption-decryption.md index ff211320c..a872306da 100644 --- a/docs/user/encryption-decryption.md +++ b/docs/user/encryption-decryption.md @@ -5,10 +5,10 @@ ## Encrypt -> ⚠️ WARNING ⚠️: pypdf only implements [RC4 encryption](https://en.wikipedia.org/wiki/RC4). +> ⚠️ WARNING ⚠️: pypdf uses by default [RC4 encryption](https://en.wikipedia.org/wiki/RC4) +> if you ommit the "algorithm" parameter. > This encryption algorithm is insecure. The more modern and secure AES -> encryption is not implemented. pypdf can only decrypt, but not encrypt with -> AES. +> encryption requires [`pycryptodome`](https://pypi.org/project/pycryptodome/) to be installed. Add a password to a PDF (encrypt it): @@ -23,13 +23,19 @@ for page in reader.pages: writer.add_page(page) # Add a password to the new PDF -writer.encrypt("my-secret-password") +writer.encrypt("my-secret-password", algorithm="AES-256") # Save the new PDF to a file with open("encrypted-pdf.pdf", "wb") as f: writer.write(f) ``` +We recommend using `AES-256-R5`: + +* Using the [Advanced Encryption Standard](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) encryption +* with a key size of 256 bit + + ## Decrypt Remove the password from a PDF (decrypt it): diff --git a/pyproject.toml b/pyproject.toml index 9376667f1..5da4d9b7f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -189,7 +189,6 @@ ignore = [ "tests/*" = ["S101", "ANN001", "ANN201","D104", "S105", "S106", "D103", "B018", "B017"] "sample-files/*" = ["D100", "INP001"] "_encryption.py" = ["S324", "S311"] -"_security.py" = ["S324"] "_writer.py" = ["S324"] "make_changelog.py" = ["T201", "S603", "S607"] "json_consistency.py" = ["T201"]