Bug 107007 - PDF export uses insecure RC4-128 encryption
Summary: PDF export uses insecure RC4-128 encryption
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Printing and PDF export (show other bugs)
(earliest affected)
Inherited From OOo
Hardware: All All
: medium enhancement
Assignee: Not Assigned
Depends on:
Blocks: PDF-Export
  Show dependency treegraph
Reported: 2017-04-06 21:37 UTC by kevin.foley.fyg
Modified: 2019-05-31 08:42 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:


Note You need to log in before you can comment on or make changes to this bug.
Description kevin.foley.fyg 2017-04-06 21:37:55 UTC
Documents exported as password-protected PDFs are encrypted with the outdated and insecure RC4-128, with no options to use a newer standard (AES)

Steps to Reproduce:
1. File > Export as PDF
2. Security > Set Passwords
3. Export
4. Open the PDF in a PDF viewer such as Acrobat Reader, and check the Encryption Level

Actual Results:  
Encrypted with RC4

Expected Results:
Encrypted with AES, or at least let the user pick when they export the PDF

Reproducible: Always

User Profile Reset: 

Additional Info:

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Comment 1 Buovjaga 2017-04-23 15:56:09 UTC
LibO currently only supports PDF 1.4. Support for 1.6 would need to be added.


For import there is bug 55425

"TODO: in pdf ver 1.5 and 1.6 the step 6 is different, should be implemented. See spec."
Comment 2 Timur 2019-01-08 10:25:50 UTC
Repro LO 6.3+.