Export of PDF Decryption code (fwd)
Jim Choate
ravage at einstein.ssz.com
Fri Mar 9 20:04:43 PST 2001
____________________________________________________________________
Liberty means responsibility. That is why most men dread it.
Locke
The Armadillo Group ,::////;::-. James Choate
Austin, Tx /:'///// ``::>/|/ ravage at ssz.com
www.ssz.com .', |||| `/( e\ 512-451-7087
-====~~mm-'`-```-mm --'-
--------------------------------------------------------------------
---------- Forwarded message ----------
Date: Fri, 9 Mar 2001 17:51:32 -0800
From: Raph Levien <raph at acm.org>
To: coderpunks at toad.com
Subject: Export of PDF Decryption code
Hi Coderpunks,
I realize this is, strictly speaking, a political rather than
technical issue, but at least it's directly related to getting
encryption code out there, and I figure that knowledgeable people will
be hanging out here.
Basically, I want to know under what circumstances we can safely
export PDF decryption code with versions of Ghostscript. We ship
Ghostscript under three licenses: GPL (for older versions), Aladdin
Free Public License (free redistribution but limitations on commercial
products; thus not DFSG), and under proprietary licenses to our OEM
customers.
Here are some relevant facts:
* The encryption in PDF is 40-bit RC4, with MD5 used to derive the RC4
key from the user-supplied password.
* Geoffrey Keating in Australia makes a patch available for Ghostscript
which adds the encryption capability.
* The competing xpdf package (distributed under GPL only) includes
support for PDF decryption.
I'd guess that we are allowed to freely distribute 40-bit RC4 with
both the GPL and AFPL versions as long as we cc: the BXA on all
releases, but for the commercial licensing, we'd have to advise our
customers that they need to go through the export licensing process
(no matter how pro forma) before including the code in their products.
Is this correct?
Thanks in advance,
Raph
More information about the cypherpunks-legacy
mailing list