View Full Version : Encypted Embedded Fonts in ePubs


pdurrant
09-19-2009, 06:40 AM
I'm starting a new thread for this.

I now have working Python scripts for encrypting the fonts in ePubs, one for the Adobe method and one for the IDPF method.

Since the code is very similar, I'm pretty sure I have the code for the IDPF method done correctly.

My Adobe code produces ePubs that ADE will read, but which are obfusticated sufficiently that operating systems can't read them.

My IDPF code produces ePubs that look right, but that ADE will not read.

So at the moment it looks like going the Adobe route is best.

I still need to add a bit to my code a bit, (currently I have to add the encryption.xml file by hand), but it should be available by the end of next week.

Does anyone know of any ePub reader that will read IDPF obfusticated fonts? I'd like to test both

I'm also pondering whether it would be possible to include /both/ encryptions in some way. Anyone got any ideas?

Jellby
09-19-2009, 09:16 AM
Does anyone know of any ePub reader that will read IDPF obfusticated fonts? I'd like to test both

Not yet... but I'd be glad to add the option to my epub2pdf and epub-read scripts.

Jellby
09-22-2009, 06:23 AM
Is there a way to know which obfuscation method is used by a particular ePUB, other than trying both and seeing which one works (gives correct font files)?

pdurrant
09-22-2009, 08:43 AM
I'm not sure that your epub to pdf script should convert fonts that are encrypted.

Is there a way to know which obfuscation method is used by a particular ePUB, other than trying both and seeing which one works (gives correct font files)?

Jellby
09-22-2009, 11:47 AM
I'm not sure that your epub to pdf script should convert fonts that are encrypted.

Why not? They'd only be stored in a temporary directory (which is deleted upon termination) and subset-embedded in the final PDF.

pdurrant
09-22-2009, 01:24 PM
I see what you mean. I suppose that would be OK.

(Having just got a good response from one font company I don't want to jinx anything!)

Why not? They'd only be stored in a temporary directory (which is deleted upon termination) and subset-embedded in the final PDF.

Jellby
09-22-2009, 02:10 PM
Of course, it would be possible to "hack" into the temporary directory to get the un-obfuscated font, or to copy the code that un-obfuscates it... but I guess someone willing and knowledgeable to do that, would also be able to write the code or to get it from somewhere else. After all, the obfuscation does not prevent anything but trivial copying of font files.

pdurrant
09-22-2009, 03:16 PM
You are right, of course.

Of course, it would be possible to "hack" into the temporary directory to get the un-obfuscated font, or to copy the code that un-obfuscates it... but I guess someone willing and knowledgeable to do that, would also be able to write the code or to get it from somewhere else. After all, the obfuscation does not prevent anything but trivial copying of font files.

JSWolf
09-24-2009, 03:53 PM
Why not? They'd only be stored in a temporary directory (which is deleted upon termination) and subset-embedded in the final PDF.
Because they are going to be stored (even temp) unencrypted, it's going to be fairly easy to get at them. So unless you can deal with the fonts in memory only, don't do it.

Jellby
09-24-2009, 04:34 PM
Well, it turns out to be surprisingly simple to obfuscate/deobfuscate fonts with just with bash and xxd, provided one has the key:

for line in $(xxd -p -c 20 -l 1040 $file); do
for i in $(seq 0 2 39); do
if [[ ${line:$i:2} == '' ]]; then break; fi
printf "%02x" $(( 0x${line:$i:2} ^ 0x${key:$i:2} ))
done
done | xxd -r -p - $file

That's for the IDPF scheme, the ADE scheme would be similar, I guess.

As for including the code in epub2pdf or similar scripts, I'll probably not distribute it but I don't think there's any (legal or moral) problem in doing so.