views:

391

answers:

2

I am trying to understand how encrypted ("password protected") Office 2007 documents are bundled (specifically, Excel documents). I am experimenting with a known, password protected spread sheet.

When I unzip the XLSX file, I encounter three entries:

  • [6]DataSpaces (Directory)
  • EncryptionInfo (File)
  • EncryptedPackage (File)

How is the EncryptedPackage file encrypted (which cipher, which key derivation function, etc...)?

I have tried referencing the documentation, but I haven't had much success.

+2  A: 

File encryption is not part of the OpenXML ECMA/ISO specifications. It's a vendor-specific standard on top of that. For the specification please check out

[MS-OFFCRYPTO]: Office Document Cryptography Structure Specification

Encrypted OpenXML documents are not stored as an OPC zip package but as an encrypted OPC package inside a compound OLE document.

0xA3
+1  A: 

I created a OoXmlCrypto stream wrapper, connecting several open source bits and pieces to access Office 2007 encrypted files easily.

This answer might be helpful.

Turns out [6]DataSpaces is ignored, but other two parts are used. The encrypted XLSX file is not really zipped, it's an OLE compound container. If you take out the parts, and zip them using 7zip, Excel does not open it.

dbkk