Avoid password prompt on attachment-only encryption when there are no attachments

Aditi-1400 · Aditi-1400 · commit 0d430b7de1a2 · 2025-08-01T16:40:38.000+05:30
PDF.js wrongly prompted for passwords when a PDF had no attachments but
had an encryption enabled that was limited to only attachments
leaving all page, image and metadata streams in clear text.

The encryption dictionary is now discarded for this case.
This prevents unnecessary prompts for PDFs with no protected
content beyond attachments
diff --git a/src/core/xref.js b/src/core/xref.js
@@ -31,6 +31,7 @@ import {
 } from "./core_utils.js";
 import { BaseStream } from "./base_stream.js";
 import { CipherTransformFactory } from "./crypto.js";
+import { NameTree } from "./name_number_tree.js";
 
 class XRef {
   #firstXRefStmPos = null;
@@ -118,22 +119,6 @@ class XRef {
       }
       warn(`XRef.parse - Invalid "Encrypt" reference: "${ex}".`);
     }
-    if (encrypt instanceof Dict) {
-      const ids = trailerDict.get("ID");
-      const fileId = ids?.length ? ids[0] : "";
-      // The 'Encrypt' dictionary itself should not be encrypted, and by
-      // setting `suppressEncryption` we can prevent an infinite loop inside
-      // of `XRef_fetchUncompressed` if the dictionary contains indirect
-      // objects (fixes issue7665.pdf).
-      encrypt.suppressEncryption = true;
-      this.encrypt = new CipherTransformFactory(
-        encrypt,
-        fileId,
-        this.pdfManager.password
-      );
-    }
-
-    // Get the root dictionary (catalog) object, and do some basic validation.
     let root;
     try {
       root = trailerDict.get("Root");
@@ -143,6 +128,52 @@ class XRef {
       }
       warn(`XRef.parse - Invalid "Root" reference: "${ex}".`);
     }
+
+    if (encrypt instanceof Dict) {
+      const ids = trailerDict.get("ID");
+      const fileId = ids?.length ? ids[0] : "";
+
+      const stmF = encrypt.get("StmF")?.name ?? "Identity";
+      const strF = encrypt.get("StrF")?.name ?? "Identity";
+      const eff = encrypt.has("EFF") ? encrypt.get("EFF")?.name : strF;
+      const cryptFilters = encrypt.get("CF") || Dict.empty;
+      // Check if only the file attachments are encrypted.
+      if (
+        stmF === "Identity" &&
+        strF === "Identity" &&
+        eff !== "Identity" &&
+        cryptFilters.has(eff) &&
+        cryptFilters.get(eff)?.get("CFM") !== "None"
+      ) {
+        let hasEncryptedAttachments = false;
+        if (root instanceof Dict) {
+          const names = root.get("Names");
+          if (names instanceof Dict && names.has("EmbeddedFiles")) {
+            const nameTree = new NameTree(names.getRaw("EmbeddedFiles"), this);
+            const attachments = nameTree.getAll();
+            if (attachments.size > 0) {
+              hasEncryptedAttachments = true;
+            }
+          }
+        }
+        if (!hasEncryptedAttachments) {
+          // If there are no encrypted attachments, encrypt dictionary is
+          // not needed.
+          encrypt = null;
+        }
+      } else {
+        // The 'Encrypt' dictionary itself should not be encrypted, and by
+        // setting `suppressEncryption` we can prevent an infinite loop inside
+        // of `XRef_fetchUncompressed` if the dictionary contains indirect
+        // objects (fixes issue7665.pdf).
+        encrypt.suppressEncryption = true;
+        this.encrypt = new CipherTransformFactory(
+          encrypt,
+          fileId,
+          this.pdfManager.password
+        );
+      }
+    }
     if (root instanceof Dict) {
       try {
         const pages = root.get("Pages");
diff --git a/test/pdfs/issue20049.pdf.link b/test/pdfs/issue20049.pdf.link
@@ -0,0 +1 @@
+https://github.com/user-attachments/files/20997912/encryption.pdf
diff --git a/test/test_manifest.json b/test/test_manifest.json
@@ -8751,6 +8751,14 @@
       }
     }
   },
+  {
+    "id": "issue20049",
+    "file": "pdfs/issue20049.pdf",
+    "md5": "1cdfde56be6b070e0c18aafc487d92ff",
+    "rounds": 1,
+    "link": true,
+    "type": "eq"
+  },
   {
     "id": "bug1778692",
     "file": "pdfs/bug1778692.pdf",
diff --git a/test/unit/api_spec.js b/test/unit/api_spec.js
@@ -878,6 +878,21 @@ describe("api", function () {
 
       await loadingTask.destroy();
     });
+
+    it("should not prompt for password if only attachments are encrypted and there are none", async function () {
+      const loadingTask = getDocument(buildGetDocumentParams("issue20049.pdf"));
+      expect(loadingTask instanceof PDFDocumentLoadingTask).toEqual(true);
+
+      loadingTask.onPassword = function (callback, reason) {
+        if (reason === PasswordResponses.NEED_PASSWORD) {
+          expect(false).toEqual(true);
+          throw new Error("Should not prompt for password.");
+        }
+      };
+
+      const pdfDocument = await loadingTask.promise;
+      expect(pdfDocument.numPages).toBeGreaterThan(0);
+    });
   });
 
   describe("PDFWorker", function () {

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+https://github.com/user-attachments/files/20997912/encryption.pdf`
Original file line number	Diff line number	Diff line change
`@@ -8751,6 +8751,14 @@`
`8751`	`8751`	`}`
`8752`	`8752`	`}`
`8753`	`8753`	`},`
	`8754`	`+ {`
	`8755`	`+ "id": "issue20049",`
	`8756`	`+ "file": "pdfs/issue20049.pdf",`
	`8757`	`+ "md5": "1cdfde56be6b070e0c18aafc487d92ff",`
	`8758`	`+ "rounds": 1,`
	`8759`	`+ "link": true,`
	`8760`	`+ "type": "eq"`
	`8761`	`+ },`
`8754`	`8762`	`{`
`8755`	`8763`	`"id": "bug1778692",`
`8756`	`8764`	`"file": "pdfs/bug1778692.pdf",`