Description: Documents exported as password-protected PDFs are encrypted with the outdated and insecure RC4-128, with no options to use a newer standard (AES) Steps to Reproduce: 1. File > Export as PDF 2. Security > Set Passwords 3. Export 4. Open the PDF in a PDF viewer such as Acrobat Reader, and check the Encryption Level Actual Results: Encrypted with RC4 Expected Results: Encrypted with AES, or at least let the user pick when they export the PDF Reproducible: Always User Profile Reset: Additional Info: User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
LibO currently only supports PDF 1.4. Support for 1.6 would need to be added. https://ask.libreoffice.org/en/question/32318/how-can-i-export-a-pdf-with-128-bit-aes-encryption-in-libreoffice-writer/ For import there is bug 55425 http://opengrok.libreoffice.org/xref/core/vcl/source/gdi/pdfwriter_impl2.cxx#1323 "TODO: in pdf ver 1.5 and 1.6 the step 6 is different, should be implemented. See spec."
Repro LO 6.3+.
Much people in firms and journalists needs better encryption with AES so importance for security is high and not medium
Repro 6.4.2.2 x64 win10-64
Still RC4 as of version 7.1.1.2. $ pdfinfo -opw abc lo.pdf | fgrep Encrypted Encrypted: yes (print:yes copy:yes change:yes addNotes:yes algorithm:RC4) Version: 7.1.1.2 / LibreOffice Community Build ID: 10(Build:2) CPU threads: 4; OS: Linux 5.4; UI render: default; VCL: gtk3 Locale: en-CA (en_CA.UTF-8); UI: en-US Ubuntu package version: 1:7.1.1~rc2-0ubuntu0.20.04.1~lo1 Calc: threaded Workaround on Linux to encrypt a PDF in AES-256: qpdf --encrypt <user-password> <owner-password> 256 -- "${DECRYPTED_PDF}" "${ENCRYPTED_PDF}" Would be nice that LibreOffice detect that qpdf is available and use it to encrypt in AES-256 instead of relying on its library. Also, LibreOffice does not report what algorithm is being used. A warning should be shown that a very week algorithm is being used.
Still using RC4 in 2024 (version 24.2.0)