odftoolkit icon indicating copy to clipboard operation
odftoolkit copied to clipboard
verified publisher icon tdf

encryption code is obsolete and supports only Blowfish/SHA1

Open mistmist opened this issue 3 years ago • 0 comments

https://github.com/tdf/odftoolkit/blob/master/odfdom/src/main/java/org/odftoolkit/odfdom/pkg/OdfPackage.java#L1901

there is some encryption code in OdfPackage but it is using obsolete algorithms.

since OOo 3.4 "AES algorithm in CBC mode with W3C padding" and "SHA256" are used by default, so we should support these for interoperability.

these are the corresponding URLs:

AES256_URL = "http://www.w3.org/2001/04/xmlenc#aes256-cbc" SHA256_URL_ODF12 = "http://www.w3.org/2000/09/xmldsig#sha256" SHA256_URL = "http://www.w3.org/2001/04/xmlenc#sha256"

there are 2 different URLs for SHA256 because of a mistake - both should be supported for reading.

for the encryption algorithms see also:

https://api.libreoffice.org/docs/idl/ref/CipherID_8idl.html

hopefully this should all be possible with JDK: https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html

mistmist avatar Mar 02 '22 19:03 mistmist