(As nick suggested in #53475, I'm opening this new bug to track the changes) Currently POI only supports standard/agile decryption - my goal is to provide (mainly agile) encryption support As this is a bigger change, I'll post changes as soon as a certain feature compiles/tests stable. I plan the following parts: - Part 1: refactor decryption code, so I can use it for encryption - Part 2: xmlbeans support for encryption descriptor - Part 3: encryption classes - Part 4: more javadocs and updates to the documentation ;) Currently the patches will be based on the trunk, so part X contains changes of part X-1,... I'll update the diffs, if predecessor parts have been applied
Created attachment 31077 [details] patch for encryption support - Part 1 - refactor crypt code For a starter I've refactored the used crypto helper functions, which will be reused for encryption
Created attachment 31079 [details] patch for encryption support - Part 2 - xmlbeans for descriptor The 2nd part introduces the xml schemas for the encryption descriptor, which is used in agile encryption. The new xmlbeans classes made it necessary to also change the build. Furthermore there's a fix for OOXMLLite which didn't work with one of the recently introduced Junit4 tests. I've tried to keep the public decryption interface, i.e. EncryptionInfo/Decryptor, but I've split up the standard and agile classes, so one can use standard without xmlbeans support, i.e. these classes stay in the main-poi jar, whereas the agile classes have been moved to the ooxml area, because of the new xmlbeans dependency. As agile encryption is used for the X**F formats, one has to have xmlbeans anyway in the dependencies. Before you apply the patch to the svn repo, please move the corresponding test classes in the repo, to keep the history.
Created attachment 31100 [details] patch for encryption support - Part 3 - standard encryption ok, here comes part 3, which contains standard encryption support currently only AES has been tested, but maybe you already want to give it a try ... Also comments about the interface are welcomed
Created attachment 31116 [details] patch for encryption support - Part 4 - agile encryption part 4 brings support for agile encryption. I've tested most cipher/hash combinations with a ms word viewer, but couldn't validate the hashes ripemd* and whirlpool, because opposed to the full feature version, it doesn't support all encryptions. RC4 is currently also not supported, because I don't know how to handle a streaming cipher (i.e. IVs don't work the same way, as with block ciphers) and it's not recommended [1][2] The code still lacks some (a lot?) of comments, so this is something for part 5 to come and some usage infos wouldn't hurt too .... [1] http://msdn.microsoft.com/en-us/library/dd925810(v=office.12).aspx [2] http://blogs.msdn.com/b/david_leblanc/archive/2010/04/16/don-t-use-office-rc4-encryption-really-just-don-t-do-it.aspx (although this focus actually on "Office Binary Document RC4 Encryption" ...)
Created attachment 31137 [details] patch for encryption support - Part 5 - docs and certificate encryption Part 5 brings a few javadocs / docu updates and an experimental certificate encryption support. Currently I can't validate the certificate approach ... lets see what the msdn people come up with [1] [1] social.msdn.microsoft.com/Forums/en-US/cc9092bb-0c82-4b5b-ae21-abf643bdb37c/agile-encryption-with-certificates
applied with SVN rev r1553336, r1553338, r1553339, r1553340, r1553342 sorry for that many submits, but I'm running on a jdk 7 locally, instead of a jdk 5