BUG: Fix AESV2 decryption when /Length missing in encrypt dict

dmitry-kostin · dmitry-kostin · commit 27eeba4f1bb0 · 2026-02-04T16:38:14.000+01:00
For V=4 encryption with AESV2, read key length from the Crypt Filter dict instead of the main encrypt dict. Some PDFs omit /Length in the main dict (defaulting to 40 bits), but AESV2 requires 128 bits as specified in the CF /Length field. Fixes #3628
diff --git a/pypdf/_encryption.py b/pypdf/_encryption.py
@@ -1126,6 +1126,12 @@ def read(encryption_entry: DictionaryObject, first_id_entry: bytes) -> "Encrypti
         alg_rev = cast(int, encryption_entry["/R"])
         perm_flags = cast(int, encryption_entry["/P"])
         key_bits = encryption_entry.get("/Length", 40)
+        if alg_ver == 4:
+            stm_filter_name = encryption_entry.get("/StmF", "/Identity")
+            if stm_filter_name != "/Identity":
+                cf_dict = filters[stm_filter_name]  # type: ignore
+                if cf_dict.get("/CFM") == "/AESV2":
+                    key_bits = cf_dict.get("/Length", 16) * 8
         encrypt_metadata = encryption_entry.get("/EncryptMetadata")
         encrypt_metadata = (
             encrypt_metadata.value if encrypt_metadata is not None else True
diff --git a/resources/encryption/r4-aes-v2-no-key-length.pdf b/resources/encryption/r4-aes-v2-no-key-length.pdf
diff --git a/tests/test_encryption.py b/tests/test_encryption.py
@@ -130,6 +130,23 @@ def test_pdf_with_both_passwords(name, user_passwd, owner_passwd):
     assert len(ipdf.pages) == 1
 
 
+@pytest.mark.skipif(not HAS_AES, reason="No AES implementation")
+def test_aesv2_without_length_in_encrypt_dict():
+    """
+    AESV2-encrypted PDF without /Length in encrypt dict decrypts correctly.
+
+    Some PDFs omit /Length in the main encrypt dict (defaulting to 40 bits),
+    but AESV2 requires 128 bits. The key length should be read from the
+    crypt filter dict instead.
+    """
+    inputfile = RESOURCE_ROOT / "encryption" / "r4-aes-v2-no-key-length.pdf"
+    reader = PdfReader(inputfile)
+    assert reader.is_encrypted
+    result = reader.decrypt("")
+    assert result in (PasswordType.USER_PASSWORD, PasswordType.OWNER_PASSWORD)
+    assert len(reader.pages) == 1
+
+
 @pytest.mark.parametrize(
     ("pdffile", "password"),
     [
