|
Apache OpenOffice (AOO) Bugzilla – Full Text Issue Listing |
| Summary: | insert option to enable ODF 1.2 encryption AES-256 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | General | Reporter: | jsc | ||||
| Component: | ui | Assignee: | AOO issues mailing list <issues> | ||||
| Status: | RESOLVED FIXED | QA Contact: | |||||
| Severity: | Normal | ||||||
| Priority: | P3 | CC: | knmc, mseidel | ||||
| Version: | 4.2.0-dev | ||||||
| Target Milestone: | 4.2.0 | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Issue Type: | FEATURE | Latest Confirmation in: | --- | ||||
| Developer Difficulty: | --- | ||||||
| Attachments: |
|
||||||
|
Description
jsc
2014-06-12 06:57:30 UTC
"jsc" committed SVN revision 1602143 into trunk: #125083# add new checkbox in options dialog load/save-general to enable ODF 1... checked in first code for review and feedback on trunk I see the checkbox for AES-256 in trunk/AOO42X but did anyone really review it? This seems to be "fixed" for 6 years now, can anyone confirm? (In reply to Matthias Seidel from comment #4) > This seems to be "fixed" for 6 years now, can anyone confirm? I can confirm that confirm that the check box is there in 4.2.0-Dev2. I checked the box to activate it, saved the file and it saved it asked for the password. I opened it with 4.1.8 and it opened fine. I will do an admin install of some older older versions to see where it might fail. If anyone else has older versions already installed and can test it. I will upload my test file here. The password is test01. Created attachment 86986 [details]
Test for AES encryption
Test file using AES-256 encryption. password is test01
But i that file is AES-256 encrypted it should not open in AOO 4.1.8? Or has the encryption code been backported and only the UI was missing? (In reply to Matthias Seidel from comment #7) > But i that file is AES-256 encrypted it should not open in AOO 4.1.8? > > Or has the encryption code been backported and only the UI was missing? It appears that it was only the UI that was missing. I Installed 4.1.7, 4.1.6 and 4.1.5 and the only one that would not open it was 4.1.5 That's interesting. We updated some components in 4.1.6, so maybe that made AES-256 possible. Any idea how one can see if a file is encrypted with Blowfish or AES-256? (In reply to Matthias Seidel from comment #9) > That's interesting. > We updated some components in 4.1.6, so maybe that made AES-256 possible. > > Any idea how one can see if a file is encrypted with Blowfish or AES-256? That will take someone much smarter than I am on encryption matters to figure out. There is a new development though. I re-installed 4.1.5 to try and get the exact error message but instead it opened the file with no problem. This leads me to believe that I probably miss typed the password the first time and since I was expecting an error didn't look closely at what the message was. I wonder if the AES-256 encryption was added earlier but this option to enable it or not and fall back to the Blowfish encryption only was added Will do some more investigating tomorrow. I think you are right, ODF 1.2 can use AES-256: https://en.wikipedia.org/wiki/OpenDocument_technical_specification#Encryption But it is not set as default, so the UI changes add the possibility to do so. (In reply to Matthias Seidel from comment #11) > I think you are right, ODF 1.2 can use AES-256: > > https://en.wikipedia.org/wiki/OpenDocument_technical_specification#Encryption > > But it is not set as default, so the UI changes add the possibility to do so. Thanks for the reference Matthias. Time for me to set aside some time and wade through the spec to get a better understanding of the structure. |