trouble with PDF encryption using itext-1.3.1

I am using this code to encrypt a pdf file using itext 1.3.1
   
   
/** User password. */
    public static byte[] USER = "Hello".getBytes();
    
    /** Owner password. */
    public static byte[] OWNER = "World".getBytes();

    public void createPdf(String filename) throws IOException, DocumentException {
        // step 1
        Document document = new Document();
        // step 2
        PdfWriter writer = PdfWriter.getInstance(document, new FileOutputStream(filename));
        writer.setEncryption(USER, OWNER, PdfWriter.AllowPrinting, true);
        // step 3
        document.open();
        // step 4
        document.add(new Paragraph("Hello World"));
        // step 5
        document.close();
    }

Open in new window



However I  don't like to put text  "Hello" password  in the above.  

I  already have a  password and its  MD5 encrypted and Hex converted.  encrypted password is 51dc7cdb52d04cc20036dbd8313ed042

Question:  How do I use this MD5  encrypted password here to  encrypt the pdf ?

N.B: I'm attaching MD5 password generation algo
pass-algo.txt
cofactorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CEHJCommented:
How do I use this MD5  encrypted password here to  encrypt the pdf ?
It's not encrypted. MD5 is a hash algo, so functionally that's no different to saying
int enc = password.hashCode();

Open in new window

and then asking how you can use 'enc' to decrypt.

The only safe way is to make the user enter it. If that's impossible, then you can obfuscate it a little, but that's about it.
Jotain 50Development managerCommented:
You should not take MD5 hash from password but just use password directly. if you use MD5 hash of the password, then you have to use MD5 hash of the password to open it (not password itself).

From attached code i see that you are generating MD5 hash of the password yourself from plaintext password, so just remove MD5 hashing and use password directly.
Jotain 50Development managerCommented:
Here is example how to do it.

    public void createPdf(String filename, String ownerPassword, String userPassword) throws IOException, DocumentException {
        // step 1
        Document document = new Document();
        // step 2
        PdfWriter writer = PdfWriter.getInstance(document, new FileOutputStream(filename));
        writer.setEncryption(userPassword.getBytes(), ownerPassword.getBytes(), PdfWriter.AllowPrinting, true);
        // step 3
        document.open();
        // step 4
        document.add(new Paragraph("Hello World"));
        // step 5
        document.close();
    }

Open in new window

Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

CEHJCommented:
... but that's about it.

Unless of course you can store the password server-side
cofactorAuthor Commented:
>>>>It's not encrypted. MD5 is a hash algo
CHEJ,

after doing MD5 hash algo  on  1234  ,  I  get this  81dc9bdb52d04dc20036dbd8313ed055

Now could you please provide me a code which can convert 81dc9bdb52d04dc20036dbd8313ed055  back  to  1234

This is my requirement
CEHJCommented:
You have not understood. Hashing != encryption
Hashing is one-way ONLY

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cofactorAuthor Commented:
please see this site...

http://www.md5online.org/md5-decrypt.html

when I type 81dc9bdb52d04dc20036dbd8313ed055  and click decrypt in this site

I get back 1234

If its one way , how they are restoring it ?

I have checked with other few md 5 hash  ...and this site is restoring values perfectly

So Is there any Java library  / API  can help me restoring in this regard ?
CEHJCommented:
If its one way , how they are restoring it ?

Take the trouble to read their "How it works"

If they manage to 'decrypt' Hello or World of course all that illustrates is that the passwords chosen in your example are very weak.

Furthermore - MD5, even when used correctly, is BROKEN (so should not be used)
cofactorAuthor Commented:
reason I am doing it is ...

I want user to open secured PDF with original password.  (I have posted the pdf security code in the first post)


issue is I dont know the original password ....I only have the MD5 hash of it  captured in database.

So, I am looking for a way to use this MD5 hash  to secure the pdf so  that user could open it using his original password.

Do you see any workaround / suggestion ?
Jotain 50Development managerCommented:
Well, only way to restore original password from MD5 hash is to crack it. And since you tried to decrypt it using that website and it failed, it means that original password is quite strong. So pretty much only way to recover original password is to brute force it (can take many days or in worst case, many hundred of years). Or you can just ask the person who gave you MD5 hash.
cofactorAuthor Commented:
>>>>And since you tried to decrypt it using that website and it failed
It did not fail.
Jotain 50Development managerCommented:
Well, i tried and it failed.
CEHJCommented:
Well, i tried and it failed.

You probably didn't use the captcha ;)  (Of which they probably also store the MD5 sum)

'Hello' doesn't fail as it's extremely weak. Dictionary words are about as low as the bar gets
Jotain 50Development managerCommented:
I mean that i tried to decrypt the MD5 hash from the opening post from cofactor. That failed.
CEHJCommented:
Oh i see, sorry. Yes, it DOES fail
cofactorAuthor Commented:
I got success !

This was my MD5 hashed value was:   81dc9bdb52d04dc20036dbd8313ed055

I was able to  get back 1234    using that site
CEHJCommented:
I  already have a  password and its  MD5 encrypted and Hex converted.  encrypted password is 51dc7cdb52d04cc20036dbd8313ed042
Is what we're talking about. '1234' is a toy password, so unsurprising that it's in the database
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java

From novice to tech pro — start learning today.