SEC: Warn about PDF encryption security

See #1754
py-pdf · Mar 28, 2023 · 70e040b · 70e040b
1 parent 1563e8e
commit 70e040b
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/docs/user/encryption-decryption.md b/docs/user/encryption-decryption.md
@@ -5,6 +5,11 @@
 
 ## Encrypt
 
+> ⚠️ WARNING ⚠️: pypdf only implements [RC4 encryption](https://en.wikipedia.org/wiki/RC4).
+> This encryption algorithm is insecure. The more modern and secure AES
+> encryption is not implemented. pypdf can only decrypt, but not encrypt with
+> AES.
+
 Add a password to a PDF (encrypt it):
 
 ```python

diff --git a/pypdf/_writer.py b/pypdf/_writer.py
@@ -1027,6 +1027,12 @@ def encrypt(
  5 and 6 control annotations, 9 for form fields,
  10 for extraction of text and graphics.
  """
+ warnings.warn(
+ "pypdf only implements RC4 encryption so far. "
+ "The RC4 algorithm is insecure. Either use a library that supports "
+ "AES for encryption or put the PDF in an encrypted container, "
+ "for example an encrypted ZIP file."
+ )
  if user_pwd is not None:
  if user_password is not None:
  raise ValueError(