Somebody sent me a encrypted PDF to ask me help decrypt, I tried pdfcrypt, it got error. and when used pdfcrack, got the following warning messages,

WARNING: O-String != 32 Bytes: 33
WARNING: U-String != 32 Bytes: 33


After studied the source code of iTextSharp, I noticed it is a bug of iTextSharp in SetupGlobalEncryptionKey method of the PdfEncryption class,
misused the this.ownerKey and ownerKey and we can only find this bug when the PDF has strange length of ownerkey/userkey, for example 33, not 32.

this.documentID = documentID;
//this.ownerKey = ownerKey;
Array.Copy(ownerKey, 0, this.ownerKey, 0, 32);
this.permissions = permissions;
// use variable keylength
mkey = new byte[keyLength / 8];

//fixed by ujihara in order to follow PDF refrence
md5.Reset();
md5.BlockUpdate(userPad, 0, userPad.Length);
//md5.BlockUpdate(ownerKey, 0, ownerKey.Length);
md5.BlockUpdate(this.ownerKey, 0, this.ownerKey.Length);


Then I review iText 5.1.1 and find it has the same bug:

this.documentID = documentID;
//this.ownerKey = ownerKey;
System.arraycopy(ownerKey, 0, this.ownerKey, 0, 32);
this.permissions = permissions;
// use variable keylength
mkey = new byte[keyLength / 8];

// fixed by ujihara in order to follow PDF reference
md5.reset();
md5.update(userPad);
//md5.update(ownerKey);
md5.update(this.ownerKey);


PdfCrypt is a windows 32 console/command line version PDF encrypt & decrypt software, supports standard 48 bits, 128 bits, AES-128 bits encryption, and decryption. And first of all,it is free.

Download now(1.84M).

If you need java source code, linux stand alone version, or .net version, please let me know.

It bases on modified version iText 1.5.4 and gcj 3.4.2, compressed with UPX 3.03.

Here is the usage manual,

usage:
pdfcrypt

Where:
= encrypt
[info pairs]

= decrypt

permissions is 8 digit long 0 or 1. Each digit has a particular security function:

AllowPrinting
AllowModifyContents
AllowCopy
AllowModifyAnnotations
AllowFillIn (128 bit only)
AllowScreenReaders (128 bit only)
AllowAssembly (128 bit only)
AllowDegradedPrinting (128 bit only)

Example permissions to copy and print would be: 10100000

Some example,
pdfcrypt encrypt in.pdf out.pdf owner_pwd user_pwd 10100000 AES
pdfcrypt encrypt in.pdf out.pdf owner_pwd “” 11100000 128 //128 bits encrypt with owner password
pdfcrypt encrypt in.pdf out.pdf “” user_pwd 11100000 128 //18 bits encrypt with user password
pdfcrypt decrypt in.pdf out.pdf owner_pwd
if the owner password is empty, please use it in this way,
pdfcrypt decrypt in.pdf out.pdf “”
It means if the pdf only encrypted with user password, you can easily remove the password without the password.
If you forget the owner password, you can try pdfcrack to get it and use PdfCrypt to remove the owner password