I have problem XLS file reading with POI: org.apache.poi.EncryptedDocumentException: HSSF does not currently support CryptoAPI encryption at org.apache.poi.hssf.record.FilePassRecord$Rc4KeyData.read(FilePassRecord.java:66) at org.apache.poi.hssf.record.FilePassRecord.<init>(FilePassRecord.java:215) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at org.apache.poi.hssf.record.RecordFactory$ReflectionConstructorRecordCreator.create(RecordFactory.java:84) at org.apache.poi.hssf.record.RecordFactory.createSingleRecord(RecordFactory.java:334) at org.apache.poi.hssf.record.RecordFactoryInputStream$StreamEncryptionInfo.<init>(RecordFactoryInputStream.java:70) at org.apache.poi.hssf.record.RecordFactoryInputStream.<init>(RecordFactoryInputStream.java:203) at org.apache.poi.hssf.record.RecordFactory.createRecords(RecordFactory.java:475) at org.apache.poi.hssf.usermodel.HSSFWorkbook.<init>(HSSFWorkbook.java:337) at org.apache.poi.ss.usermodel.WorkbookFactory.create(WorkbookFactory.java:95) at org.apache.poi.ss.usermodel.WorkbookFactory.create(WorkbookFactory.java:178) at org.apache.poi.ss.usermodel.WorkbookFactory.create(WorkbookFactory.java:140) File has workbook protection with Microsoft Enhanced Cryptographic Provider v1.0. I have found on bugzilla issue https://bz.apache.org/bugzilla/show_bug.cgi?format=multiple&id=35897 Problem with Word doc was resolved. but how about EXCEL ? was it resolved for Excel?
As the exception says: cryptoapi is not yet supported / implemented ... See also: http://poi.apache.org/encryption.html it's on my todo-list, therefore I leave this bug entry open. But as usual, I won't have the implementation in the near future ... maybe someone else give it a try ...
Dear Andreas, Many thanks for your response. We (small open source fun club from Georgia) appreciate your time and will be very thankful if that bug will be resolved. I am sure it will also help to many devs who are using POI for Excel files. Thanks Kakha & Nick P.S. By the way – very interesting question is how and when that cryptographic method occurs? With normal way of work non of the Excel s (2003, 2007, 2010, 2013, 2016) never have such kind of problem .
Just for the record ... there's already a crypto api XLS in our corpus: spreadsheet/35897-type4.xls - password "freedom" It actually doesn't look that complicated - I hope I can mix something of the HSLF encrypted document stream handling with the existing XLS RC4 encryption
The hssf_cryptoapi branch [1] contains an implementation. I try to provide encryption support too, before I merge it back to the trunk. The tests which covers Xor, RC4 and CryptoAPI is in [2] [1] https://svn.apache.org/repos/asf/poi/branches/hssf_cryptoapi/ [2] org.apache.poi.hssf.usermodel.TestCryptoAPI
Many thanks Andreas. Nick is on vacation but I will inform him about your message.
Added encryption support for XOR/RC4/CryptoAPI via r1756964 Unfortunately I've realized, that the existing and modified XOR obfuscation is flawed. It works for very small files, but for files > ~4kb, the office file validation complaints and it doesn't get opened anymore ... Of course I've tried to generate un-/encrypted files via Office and check when the de-/encryption goes wrong. Interestingly the first encrypted records (even long ones) get de-/encrypted correctly, but starting with the FontRecords (with the xor-encryption-abc.xls) only one of the bytes differ. This also happens even when the whole record processing is bypassed and the plain/encrypted stream of the POIFS is processed. My guess is, that similar to RC4/CryptoAPI there's a block key somewhere, although libre office [1] hasn't got something like this. ... but probably, it's something completely different and I was just focusing to much on the wrong spots ... [1] http://docs.libreoffice.org/oox/html/binarycodec_8cxx_source.html
Patch for applied with r1762726 this also contains the mentioned encrpytion routines. Up till now I couldn't fix the xor obfuscation bug. Apart of the encryption routines, I needed to tweak the little endian stream classes to be real In-/OutputStreams, but that change effect only the closed resources warning, which were ignored in the original version
I have come across a possible regression related to this patch. https://bz.apache.org/bugzilla/show_bug.cgi?id=60230