EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Office, cannot load binary excel file

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#24732
Posted: 04/29/2013 10:00:31
by Filippo Solimando (Basic support level)
Joined: 06/23/2009
Posts: 10

Hello,
we are testing SecureBox.Office namespace. We are creating a *.xls Office 2003 compatible document by using Microsoft Office Interoperability protected by a password.

To protect the document, we set "Microsoft Strong Cryptographic Provider" provider and a RC4 algorithm, with a 128 bit key length.

The attachment file is an example of the document we create (please, change the extension to *.xls, as we changed it to bypass the forum policy). To open it use the password:

3730286740

With the SecureBox office example, we want to decrypt the document but, even if the encrypt handler is recognized, the password we set is invalid.

The same procedure works with Microsoft Word files.

How can we create an excel document decryptable by SecureBox?


[ Download ]
#24737
Posted: 04/29/2013 18:20:48
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for the sample.

I have reproduced the issue using your sample document and investigating it.
#24739
Posted: 04/30/2013 02:20:32
by Filippo Solimando (Basic support level)
Joined: 06/23/2009
Posts: 10

Many thanks, in case you need, this is an example in c# of the code we use to create the file (using Office 2010 32 bit and adding reference to interop from PIA 2010 to the project)

Microsoft.Office.Interop.Excel.ApplicationClass oExcel = new Microsoft.Office.Interop.Excel.ApplicationClass();

oExcel.Visible = false;
oExcel.DisplayAlerts = false;

Microsoft.Office.Interop.Excel.Workbook oWb2010 = oExcel.Workbooks.Open( "myfile",
oMissing,
oMissing,
oMissing,
oMissing,
oMissing,
oMissing,
oMissing,
oMissing,
oMissing,
oMissing,
oMissing,
oMissing,
oMissing,
oMissing);

oWb2010.SetPasswordEncryptionOptions( //"Microsoft RSA SChannel Cryptographic Provider",
"Microsoft Strong Cryptographic Provider",
"RC4",
128,
true );

object oFileFormat = Microsoft.Office.Interop.Excel.XlFileFormat.xlExcel8;
object oNewPath = "mynewfile";

object oPassword = "mypassword";

oWb2010.SaveAs( oNewPath,
oFileFormat,
oPassword,//oMissing,
oMissing,
oMissing,
oMissing,
Excel2010.XlSaveAsAccessMode.xlNoChange,
oMissing,
oMissing,
oMissing,
oMissing,
oMissing );
#24764
Posted: 05/01/2013 14:13:27
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for the details.

Encryption header of your excel document contains undocumented combination of flags, that should not be used for RC4 encryption. The same combination of flags are used in xml encryption handler and used to enable AES encryption.
According to the tests this combination of encryption header flags for CryptoAPI RC4 encryption handler enables "new" encryption key generation procedure (the same procedure as for standard encryption handler for Office Open XML documents).
This feature will be included in the next build.
#25027
Posted: 05/22/2013 09:23:22
by Filippo Solimando (Basic support level)
Joined: 06/23/2009
Posts: 10

We have a problem with the last beta: when we open a file like the attachment one (password is 1890937801 please remove the txt extension as we used to avoid forum protection), the SBOffice.TElOfficeDocument throws an excetion when closed and leaves the file in use.

We are using the .NET framework 2.0 assembly version

This is the code we can replicate the error:

Code
public static bool DecryptFileOnStream( string _szPath, string _szPassword, ref Stream _oFileStream )
      {
         bool bOperationCompleted = false;

         try
         {
            using (SBOffice.TElOfficeDocument oSBDoc = new SBOffice.TElOfficeDocument())
            {
               oSBDoc.Open( _szPath, true );

               if (oSBDoc.EncryptionHandler is SBOfficeSecurity.TElOfficeOpenXMLStandardEncryptionHandler)
               {
                  ((SBOfficeSecurity.TElOfficeOpenXMLStandardEncryptionHandler)oSBDoc.EncryptionHandler).Password = _szPassword;
                  if (!((SBOfficeSecurity.TElOfficeOpenXMLStandardEncryptionHandler)oSBDoc.EncryptionHandler).IsPasswordValid())
                  {
                     return false;
                  }
               }
               else if (oSBDoc.EncryptionHandler is SBOfficeSecurity.TElOfficeOpenXMLAgileEncryptionHandler)
               {
                  bool bFound = false;
                  SBOfficeSecurity.TElOfficeOpenXMLAgileEncryptionHandler AgileHandler = (SBOfficeSecurity.TElOfficeOpenXMLAgileEncryptionHandler)oSBDoc.EncryptionHandler;
               
                  for (int i = 0; i < AgileHandler.KeyEncryptorCount; i++)
                  {
                     if (AgileHandler.get_KeyEncryptors(i) is SBOfficeSecurity.TElOfficeOpenXMLPasswordKeyEncryptor)
                     {
                        ((SBOfficeSecurity.TElOfficeOpenXMLPasswordKeyEncryptor)AgileHandler.get_KeyEncryptors(i)).Password = _szPassword;
                        if (((SBOfficeSecurity.TElOfficeOpenXMLPasswordKeyEncryptor)AgileHandler.get_KeyEncryptors(i)).IsPasswordValid())
                        {
                           bFound = true;
                           break;
                        }
                     }
                  }

                  if (!bFound)
                  {
                     return false;
                  }
               }
               else if (oSBDoc.EncryptionHandler is SBOfficeSecurity.TElOfficeBinaryRC4EncryptionHandler)
               {
                  ((SBOfficeSecurity.TElOfficeBinaryRC4EncryptionHandler)oSBDoc.EncryptionHandler).Password = _szPassword;
                  if (!((SBOfficeSecurity.TElOfficeBinaryRC4EncryptionHandler)oSBDoc.EncryptionHandler).IsPasswordValid())
                  {
                     return false;
                  }
               }
               else if (oSBDoc.EncryptionHandler is SBOfficeSecurity.TElOfficeBinaryRC4CryptoAPIEncryptionHandler)
               {
                  ((SBOfficeSecurity.TElOfficeBinaryRC4CryptoAPIEncryptionHandler)oSBDoc.EncryptionHandler).Password = _szPassword;
                  if (!((SBOfficeSecurity.TElOfficeBinaryRC4CryptoAPIEncryptionHandler)oSBDoc.EncryptionHandler).IsPasswordValid())
                  {
                     return false;
                  }
               }
               else
               {
                  return false;
               }

               oSBDoc.DecryptTo( _oFileStream );

               oSBDoc.Flush();

               bOperationCompleted = true;

                                        // throws an exception here, the filestream results correctly decrypted
                                        oSBDoc.Close();
            } // using
         }
         // ignora eccezione
         catch (Exception exc)
         {
         }

         return bOperationCompleted;
      }


[ Download ]
#25030
Posted: 05/22/2013 15:23:18
by Dmytro Bogatskyy (EldoS Corp.)

Moved to HelpDesk.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 3675 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!