Encrypted MSO files (docx,xlsx) in Libo

Hi all,

This is my first message here so please be tolerant
Maybe it is a not right place to ask, but let me start. I'm wondering if is
possible to open encrypted xlsx/docx files in Libo? IMHO MSO rights and
concept of protecting files exclude possibility of opening it in competitors
software, since it would be a breaking of encryption algorithm and it would
be against MSO rights. Am I right? The encryption methods are part which I
am not well acquainted yet

As for example, similar topic was mentioned on OO forum:
http://user.services.openoffice.org/en/forum/viewtopic.php?f=9&t=34894
The file attached there could be opened in MSO, but in Libo 3.4.3
(win&linux) I can only saw “Filter Selection” window and “general
input/output error” message. The xlsx converted to xls in MSO (xls is also
password protected), work smoothly in Libo. So encryption is essential.

Moving away from the solution through the conversion to xls/doc, in general,
is there a chance to open encrypted ***x file in Libo?

Thanks in advance for answer!
Krzysztof

Hi
There are several things that can be encrypted. It could be the entire
hard-drive (partition really) or just a folder or just the file itself.
Also i think it's possible to "password-protect" a file without encrypting
it or set the file to read-only so that the data is available but can't be
over-written.

I think the only way to know if you can open the file is to try it. At my
work they tried to protect a file so that no-one could open it or read it
but with LibreOffice on Gnu&Linux it opened read-only with no trouble.
Regards from
Tom

This is my first message here so please be tolerant

Let me just hide the flamethrower... ok, now we can start.

Maybe it is a not right place to ask, but let me start. I'm wondering if is
possible to open encrypted xlsx/docx files in Libo? IMHO MSO rights and
concept of protecting files exclude possibility of opening it in competitors
software, since it would be a breaking of encryption algorithm and it would
be against MSO rights. Am I right? The encryption methods are part which I
am not well acquainted yet

Microsoft nowadays *claims* to be using open formats, so I'd expect the
encryption algorithm to be documented somewhere, and even if it isn't,
until some time ago it was pretty clear that math wasn't patenteable.

As for example, similar topic was mentioned on OO forum:
http://user.services.openoffice.org/en/forum/viewtopic.php?f=9&t=34894
The file attached there could be opened in MSO, but in Libo 3.4.3
(win&linux) I can only saw “Filter Selection” window and “general
input/output error” message. The xlsx converted to xls in MSO (xls is also
password protected), work smoothly in Libo. So encryption is essential.

Moving away from the solution through the conversion to xls/doc, in general,
is there a chance to open encrypted ***x file in Libo?

I wonder if this is related to your issue. Or wait, are you the
reporter?
https://bugs.freedesktop.org/show_bug.cgi?id=35422

Hi all,

This is my first message here so please be tolerant
Maybe it is a not right place to ask, but let me start. I'm wondering if is
possible to open encrypted xlsx/docx files in Libo? IMHO MSO rights and
concept of protecting files exclude possibility of opening it in competitors
software, since it would be a breaking of encryption algorithm and it would
be against MSO rights. Am I right? The encryption methods are part which I
am not well acquainted yet

Let's forget for a moment MS's anti-competitor practices. Encryption doesn't rely on the algorithm being secret, but on the /encryption key/ being secret and strong enough to be practically impossible (or extremely costly) to guess with brute force.

The fact that MS tries to keep algorithms or implementation details hidden to hinder competition is a more general problem which has nothing to do with encryption.

HTH

@Tom:
By encrypted file, I mean file secured by build in function in Excel/Word
2007 . I know about encryption from message when i try convert to xls the
test file mentioned in linked thread. I get information that "This document
is both encrypted and password protected. The Office Open XML Formats
available in the 2007 release provide stronger encryption ...".

Nuno J. Silva wrote:

Microsoft nowadays *claims* to be using open formats, so I'd expect the
encryption algorithm to be documented somewhere, and even if it isn't,
until some time ago it was pretty clear that math wasn't patenteable.

This sound good, but can we be sure about MS ? :>

Nuno J. Silva wrote:

I wonder if this is related to your issue. Or wait, are you the
reporter?
https://bugs.freedesktop.org/show_bug.cgi?id=35422

Yep, I reported it some time ago. Now I know that it should be in a
different order

@Tom:
By encrypted file, I mean file secured by build in function in Excel/Word
2007 . I know about encryption from message when i try convert to xls the
test file mentioned in linked thread. I get information that "This document
is both encrypted and password protected. The Office Open XML Formats
available in the 2007 release provide stronger encryption ...".

It's still a weird way to describe it. Encryption itself has a
key/password. So this means the document has *two* passwords? One for
non-encrypted password "protection" (it's as much real protection as
ROT26), and other for the encryption?

Or it's just Microsoft that are doing a bad job at describing what's
going on?

Nuno J. Silva wrote:

Microsoft nowadays *claims* to be using open formats, so I'd expect the
encryption algorithm to be documented somewhere, and even if it isn't,
until some time ago it was pretty clear that math wasn't patenteable.

This sound good, but can we be sure about MS ? :>

We can't. The only way to get rid of the issue is to step away from MS,
but if you could do that you wouldn't be trying to get working OOXML
encryption...

Nuno J. Silva wrote:

I wonder if this is related to your issue. Or wait, are you the
reporter?
https://bugs.freedesktop.org/show_bug.cgi?id=35422

Yep, I reported it some time ago. Now I know that it should be in a
different order

So it also affects docx? I'd suggest updating the bug report summary to
reflect that

If you can make an example document, attach it to the report. I guess
the only way to create one is using Microsoft Office itself?

Hi
Thanks. That explains why it was so easy to break into the file at work.
At least yours is protected by encryption! The file i was opening was only
password protected but it didn't even ask for the password when i opened it
in LibreOffice. This HowTo Geek Guide shows that there are 2 levels of
passwords
http://www.howtogeek.com/howto/microsoft-office/secure-your-private-word-2007-documents/

I would guess that MS Office just remembers one of them and automatically
enters it for you. Hopefully that's the password one rather than the
encryption one since LO seems to just ignore the password one anyway! Lol
Regards from
Tom

Nuno J. Silva wrote:

It's still a weird way to describe it. Encryption itself has a
key/password. So this means the document has *two* passwords? One for
non-encrypted password "protection" (it's as much real protection as
ROT26), and other for the encryption?

Password prompt shows only once in Excel. How does it looks deeper - I don't
know.

Nuno J. Silva wrote:

So it also affects docx? I'd suggest updating the bug report summary to
reflect that

If you can make an example document, attach it to the report. I guess
the only way to create one is using Microsoft Office itself?

I made some tests with protecting MSO files. There is (AFAIK) two ways to
encrypt files in Excel/Word 07 :
1. MS Button -> Prepare -> Encrypt Document
2. Save as -> Tools -> General options -> Password to open --> Save
In both, when I created a test file on my own, always it could be opened by
Libo.
So, the issue is caused by another thing in MSO. In addition, SP2 for Office
changed something in encryption. I had already deal with this.

Another thing I spotted is difference in the EncryptionInfo file contained
in xlsx pack.

I also attached files to bug report.
Hope this help.

Krzysztof

...
Really? I see nothing hidden here:

http://msdn.microsoft.com/en-us/library/cc313071(v=office.12).aspx
<http://download.microsoft.com/download/2/4/8/24862317-78F0-4C4B-B355-C7B2C1D997DB/[MS-OFFCRYPTO].pdf>

Hi all,

This is my first message here so please be tolerant
Maybe it is a not right place to ask, but let me start. I'm wondering if is
possible to open encrypted xlsx/docx files in Libo?

Wrong place, silly question. To illustrate, create an encrypted file
using any non-m$ product. Go to m$ mailing list and ask the inverse to
the above question.

concept of protecting files exclude possibility of opening it in competitors
software, since it would be a breaking of encryption algorithm and it would
be against MSO rights. Am I right?

Totally irrelevant to LO. Please create an encrypted odf document and
ask if LO is supposed to open it (or not).

Moving away from the solution through the conversion to xls/doc, in general,
is there a chance to open encrypted ***x file in Libo?

Equally irrelevant; see above

I think the interesting bit is the following:

"Microsoft has patents that may cover your implementations of the
technologies described in the Open Specifications. Neither this notice
nor Microsoft's delivery of the documentation grants any licenses under
those or any other Microsoft patents. However, a given Open
Specification may be covered ..."

The emphasis, I feel, is on the word "may".

The US notion of software patents is an abhorrence that pollutes and
cripples software development everywhere in the world. So even more than
ensuring that the FSM takes His Rightful Place (TM), it should be the
overriding goal of every domestic citizen to repeal such legislation.

Cheers, Dave
(a non-domestic infidel)

I followed the link for the patents and it redirects to:
<http://www.microsoft.com/openspecifications/en/us/programs/osp/default.aspx>
[Open Specification Promise]
and
<http://www.microsoft.com/openspecifications/en/us/programs/osp/security/default.aspx>

Don't know enough about it to comment otherwise.

> Really? I see nothing hidden here:
>
> http://msdn.microsoft.com/en-us/library/cc313071(v=office.12).aspx
> <http://download.microsoft.com/download/2/4/8/24862317-78F0-4C4B-B355-C7B2C1D997DB/[MS-OFFCRYPTO].pdf>

I think the interesting bit is the following:

"Microsoft has patents that may cover your implementations of the
technologies described in the Open Specifications. Neither this notice
nor Microsoft's delivery of the documentation grants any licenses under
those or any other Microsoft patents. However, a given Open
Specification may be covered ..."

The emphasis, I feel, is on the word "may".

The US notion of software patents is an abhorrence that pollutes and
cripples software development everywhere in the world. So even more than
ensuring that the FSM takes His Rightful Place (TM), it should be the
overriding goal of every domestic citizen to repeal such legislation.

Agreed, whoever cooked up the stupidity should be tortured with the
nasty tortures available

I noticed that Haworth left of the part after the "may be covered ... "?

Is it not good to first check to see if the specification is indeed covered or not?

Here is the full text:

"However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com."

If you go to <http://www.microsoft.com/openspecifications/en/us/programs/osp/office-file-formats/default.aspx> which lists "Other Office File Formats" under the Open Specification Promise, you will see that indeed, "[MS-OFFCRYPTO]: Office Document Cryptography Structure Specification" is covered by the Microsoft Open Specification Promise.

If you go to <http://www.microsoft.com/openspecifications/en/us/programs/community-promise/default.aspx> you will find that MS-OFFCRYPTO is not listed as a Covered Specification under the Microsoft Community Promise.

So what is available is the irrevocable promise under the Open Specification Promise at <http://www.microsoft.com/openspecifications/en/us/programs/osp/default.aspx>.

That's the same promise that applies to [MS-DOC], [MS-XLS], [MS-PPT], [MS-DOCX], [MS-PPTX], [MS-PST](Outlook!), [MS-XLSX], [RTF] and more.

So until the US Congress decides to abandon the power to legislate patents and copyrights stipulated in the US Constitution, this is pretty much as good as it gets short of MSFT not having obtained any patents in the first place (whether or not any apply to items under the Open Specification Promise).

- Dennis

> Really? I see nothing hidden here:
>
> http://msdn.microsoft.com/en-us/library/cc313071(v=office.12).aspx
>
> <http://download.microsoft.com/download/2/4/8/24862317-78F0-4C4B-B355-C7B2C1D997DB/[MS-OFFCRYPTO].pdf>

I think the interesting bit is the following:

"Microsoft has patents that may cover your implementations of the
technologies described in the Open Specifications. Neither this notice
nor Microsoft's delivery of the documentation grants any licenses under
those or any other Microsoft patents. However, a given Open
Specification may be covered ..."

The emphasis, I feel, is on the word "may".

[...]

I noticed that Haworth left of the part after the "may be covered
... "?

Is it not good to first check to see if the specification is indeed
covered or not?

From what I recall from some USENET talks about this, it's actually

better *not* to check, as if you knowingly violate a patent, fines and
the rest are heavier than if you didn't know there was a patent.

So until the US Congress decides to abandon the power to legislate
patents and copyrights stipulated in the US Constitution, this is
pretty much as good as it gets short of MSFT not having obtained any
patents in the first place (whether or not any apply to items under
the Open Specification Promise).

We don't need the US Congress (and some other legislative branches over
the world) to stop legislating patents, we just need them to stop
screwing the definition of patent. Algorithm patenteability is a
Pandora's box that should have never been opened.

(Copyright has nothing to do with this, unless you plan to copy
Microsoft's code in some way.)

IANAL

I think there is a misunderstanding. The material at the Microsoft site does not include copies of the patents, not even the identifiers for patents. Reading the specification of a format is going to tell you nothing about how implementing something according to those specifications might infringe a patent held by anyone, not just Microsoft.

And so long as the specification is under the Open Specification Promise, there is no problem with Microsoft patents, if there are any, so long as the OSP conditions are honored.

Now, you might be so wary that this is not enough. Then there is ODF to deal with also.

Sun provided a reassurance about ODF that is comparable (not literally the same) to the Open Specification Promise for the free-to-the-public specifications for the Microsoft binary formats and some of the common functions shared among them, such as [MS-OFFCRYPTO].

Microsoft personnel participated in preparation of ODF 1.2 and OpenFormula, where there is a lot of attention to providing functions and formulas that correspond to ones in Excel. It seems that one cannot avoid coming to grips with this.

Microsoft has promised to treat Standards at OASIS and ISO/IEC for ODF 1.2 under the Open Specification Promise too. Approval of an OASIS Standard for ODF 1.2 should happen in the next month or two. ISO/IEC acceptance of ODF 1.2 will likely be resolved by next Summer, it seems to me. That seems like a good thing, yes?

- Dennis

Thank you for the pointer.

I was just trying to emphasize the fact that encryption algorithm secrecy has nothing to do with its strength, encryption-wise.
Indeed I should've written something like:
"The fact that someone *might* try to..."

Didn't the OP ask to "be tolerant"