Hi Thomas, A stream is always compressed before encrypting by the package component. The checksum is generated based on the first 1024 bytes of the compressed stream data using SHA1 algorithm ( if the stream is smaller the whole stream is taken ). This is why it is named SHA1/1K.
Hope that helps. Best regards, Mikhail. Thomas Schaap wrote: > LS, > > I'm currently working on encryption of documents in KOffice. Of course, since > we want to stay compatible with other office suites, I've begun checking out > OOo's implementation of the encryption features of ODF to see if I'm being > compatible and to try and find some missing links. > > Doing so almost always raises questions, as it did this time. So let me ask > the first ones I've found to you (I might find more when I get some progress, > you'll hear, trust me :D). > > Looking for the password checking checksum I found that the algorithm used, > according to the META-INF/manifest.xml in files I saved using OOo, is > SHA1/1K. Now I have been searching for this particular algorithm, but can't > seem to find anything not referencing OOo, which is kind of a circle. What > exactly is this SHA1/1K, if not simply SHA1, in which case I'm wondering why > it doesn't simply say SHA1? > > Also, I couldn't find exactly what is being hashed for this checksum. I'm > suspecting it's the unencrypted version of the file, so one can quickly see > whether the decryption was succesful using a particular password. Am I > correct here? The ODF standard is not quite clear on this, alas, yet it does > seem the most logical thing to do. > > I hope you folks can help me out here. > > Yours truly, > > Thomas Schaap --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]