When an ecma 376 document is encrypted as specified in ecma 376 part 2 annex c table c5 bit 0, a structured storage utilizing the data spaces construct as specified in section 2. Ecma 376 documents using agile encryption are required to use cbc and corruption. Document conformance to this part of ecma 376 is purely syntactic. Pandoc is a haskell library for converting from one markup format to another, and a commandline tool that uses this library. Backdooring ms office documents with secret master keys. Msoffcrypto v20150904 office document cryptography structure copyright 2015 microsoft corporation release. There is a vulnerability in the file format specification that can allow an attacker to later decrypt strongly encrypted documents without the password as long as the attacker has access to the originating ms office program. Apache poi contains support for reading few variants of encrypted office files.
All ecma 376 documents ecma 376 adhere to the approaches specified in this document and do not require knowledge of applicationspecific behavior to perform encryption operations. Microsoft office 2010 and 20 employ agile encryption algorithm in their office open xml documents. Ecma 376, 3rd edition office open xml file formats. Ecma376 document encryption using standard encryption does not support cbc and does not have a provision for detecting corruption, although a block cipher specifically, aes is not known to be subject to bitflipping attacks. Original use was for office open xml office documents, which are certainly. Open packaging conventions office open xml, iso 295002. This standard defines office open xmls vocabularies and document representation and packaging. The resulting document was approved as ecma 376 in december 2006 and was. A value that must be 1 if the protected content is an ecma 376 document ecma 376. Ecma376 document encryption ecma376 using standard encryption does not support cbc and does not have a provision for detecting. Ecma376 document encryption, which can include one of the fol. Encrypted ecma 376 documents use the data spaces functionality section 1.
Msoffcrypto v20181211 office document cryptography structure copyright 2018 microsoft corporation release. Ecma 376 encryption ecma 376 also includes encryption using a thirdparty cryptography extension, which will be called extensible encryption in the remainder of this document. Unless exceptions are noted in the following subsections, streams and storages contained within the \0x06dataspaces. Ecma376 1st edition part 1, 1441795, zipped pdf file. Office open xml is a zipped, xmlbased file format developed by microsoft for representing spreadsheets, charts, presentations and word processing documents. A value that must be 0 if document properties are encrypted. Standard ecma 376 office open xml file formats 1 st edition december 2006, 2 nd edition december 2008, 3 rd edition june 2011, 4 th edition december 2012 and 5 th edition part 3, december 2015.
Ecma376 document encryption key generation standard encryption. Compression in opc is restricted to the deflate algorithm. A flag that specifies whether cryptoapi rc4 or ecma 376 encryption ecma 376 is used. As such, conformance to that class implies conformance to the whole part.
1598 635 234 286 523 1185 827 1084 1602 944 231 953 815 1228 692 423 701 1417 1065 43 97 945 1051 1565 334 1229 102 737 396 657 852 1095 1345 1020 374 718 1047 1144 637 50 401 821 494 216 333 447 779 1462 1102 773 372