Re: [CODE][DISCUSS]: new option to enable ODF 1.2 encryption AES-256
On 5/6/14 12:49 AM, Kay Schenk wrote: On Wed, Apr 30, 2014 at 1:53 AM, Jürgen Schmidt jogischm...@gmail.comwrote: Hi, for AOO 3.4 we had already discussed and later on reverted a change to enable the ODF Document encryption AES-256 by default. Some time ago I played with a new option field to allow the user to enable this option as new default, see [1] By default the office still uses the old blowfish algorithm but with this new option the user can enable the ODF 1.2 encryption. Well it is a minimal change to improve the current situation and allow the user to make use of what we already have. What does it mean in detail when we integrate this change? 1. No change as long as this option is not enabled 2. Option enabled and ODF 1.2 encryption is now default Would you happen to have a link to this in the ODF 1.2 spec? I can't seem to find this...sorry. not directly but you can review http://docs.oasis-open.org/office/v1.2/OpenDocument-v1.2-part3.pdf Section 4.5 describes the attribute manifest:algorithm and there you find a reference to 4.8.1 maifest:algorithm-name where the first bullet point listed An IRI listed in §5.2 of [xmlenc-core]: The algorithm and mode specified in §5.2 of [xmlenc-core] for this IRI. [xmlenc-core] is defined on page 9 and links to http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/ and under 5.2 you find Block Encryption Algorithms I think all this algorithm are supported theoretical but practical I know that OpenOffice supports Blowfish and AES-256. Maybe others can provide more details here. I am really no expert in this area ;-) Juergen 2.1 New documents stored with password can't be loaded on older office versions 2.2 New or existing documents stored in older versions can still be loaded in the new office 2.3 Documents stored in older version (with the old algorithm) and loaded in the new office works as expected. Changes made in the document and stored with the new office still use the old algorithm and the document can later on opened in older office versions. From my pov of view there is still room for improvements but it is a first useful step to move forward to a more secure algorithm and give the user the opportunity to tweak the settings in the preferred way. I would like to propose to integrate this change and test it how well it works. Any opinions? Well keep in mind it is a minimal enhancement to make use of what we already have. There is still room for improvements ... Juergen [1] http://people.apache.org/~jsc/test/encryption_aes256_odf12.png - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [CODE][DISCUSS]: new option to enable ODF 1.2 encryption AES-256
On 05/12/2014 08:32 AM, Jürgen Schmidt wrote: On 5/6/14 12:49 AM, Kay Schenk wrote: On Wed, Apr 30, 2014 at 1:53 AM, Jürgen Schmidt jogischm...@gmail.comwrote: Hi, for AOO 3.4 we had already discussed and later on reverted a change to enable the ODF Document encryption AES-256 by default. Some time ago I played with a new option field to allow the user to enable this option as new default, see [1] By default the office still uses the old blowfish algorithm but with this new option the user can enable the ODF 1.2 encryption. Well it is a minimal change to improve the current situation and allow the user to make use of what we already have. What does it mean in detail when we integrate this change? 1. No change as long as this option is not enabled 2. Option enabled and ODF 1.2 encryption is now default Would you happen to have a link to this in the ODF 1.2 spec? I can't seem to find this...sorry. not directly but you can review http://docs.oasis-open.org/office/v1.2/OpenDocument-v1.2-part3.pdf Section 4.5 describes the attribute manifest:algorithm and there you find a reference to 4.8.1 maifest:algorithm-name where the first bullet point listed An IRI listed in §5.2 of [xmlenc-core]: The algorithm and mode specified in §5.2 of [xmlenc-core] for this IRI. [xmlenc-core] is defined on page 9 and links to http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/ and under 5.2 you find Block Encryption Algorithms I think all this algorithm are supported theoretical but practical I know that OpenOffice supports Blowfish and AES-256. Maybe others can provide more details here. I am really no expert in this area ;-) Juergen Ok, thanks. The reason I asked is because I could only find a reference to blowfish, and not AES-256 anywhere. 2.1 New documents stored with password can't be loaded on older office versions 2.2 New or existing documents stored in older versions can still be loaded in the new office 2.3 Documents stored in older version (with the old algorithm) and loaded in the new office works as expected. Changes made in the document and stored with the new office still use the old algorithm and the document can later on opened in older office versions. From my pov of view there is still room for improvements but it is a first useful step to move forward to a more secure algorithm and give the user the opportunity to tweak the settings in the preferred way. I would like to propose to integrate this change and test it how well it works. Any opinions? Well keep in mind it is a minimal enhancement to make use of what we already have. There is still room for improvements ... Juergen [1] http://people.apache.org/~jsc/test/encryption_aes256_odf12.png - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org -- - MzK Life is either a daring adventure, or nothing. -- Helen Keller - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [CODE][DISCUSS]: new option to enable ODF 1.2 encryption AES-256
On Wed, Apr 30, 2014 at 1:53 AM, Jürgen Schmidt jogischm...@gmail.comwrote: Hi, for AOO 3.4 we had already discussed and later on reverted a change to enable the ODF Document encryption AES-256 by default. Some time ago I played with a new option field to allow the user to enable this option as new default, see [1] By default the office still uses the old blowfish algorithm but with this new option the user can enable the ODF 1.2 encryption. Well it is a minimal change to improve the current situation and allow the user to make use of what we already have. What does it mean in detail when we integrate this change? 1. No change as long as this option is not enabled 2. Option enabled and ODF 1.2 encryption is now default Would you happen to have a link to this in the ODF 1.2 spec? I can't seem to find this...sorry. 2.1 New documents stored with password can't be loaded on older office versions 2.2 New or existing documents stored in older versions can still be loaded in the new office 2.3 Documents stored in older version (with the old algorithm) and loaded in the new office works as expected. Changes made in the document and stored with the new office still use the old algorithm and the document can later on opened in older office versions. From my pov of view there is still room for improvements but it is a first useful step to move forward to a more secure algorithm and give the user the opportunity to tweak the settings in the preferred way. I would like to propose to integrate this change and test it how well it works. Any opinions? Well keep in mind it is a minimal enhancement to make use of what we already have. There is still room for improvements ... Juergen [1] http://people.apache.org/~jsc/test/encryption_aes256_odf12.png - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org -- - MzK Life is either a daring adventure, or nothing. -- Helen Keller
Re: [CODE][DISCUSS]: new option to enable ODF 1.2 encryption AES-256
On 30/04/2014 Jürgen Schmidt wrote: for AOO 3.4 we had already discussed and later on reverted a change to enable the ODF Document encryption AES-256 by default. Some time ago I played with a new option field to allow the user to enable this option as new default, see [1] ... [1] http://people.apache.org/~jsc/test/encryption_aes256_odf12.png This seems a good change, so long as we keep the checkbox disabled by default in a new (or updated) OpenOffice installation, as it seems from your description. What error will older versions give? Will they be able to detect the unsupported encryption algorithm and give a meaningful error message or will they simply consider it a malformed document? Regards, Andrea. - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
[CODE][DISCUSS]: new option to enable ODF 1.2 encryption AES-256
Hi, for AOO 3.4 we had already discussed and later on reverted a change to enable the ODF Document encryption AES-256 by default. Some time ago I played with a new option field to allow the user to enable this option as new default, see [1] By default the office still uses the old blowfish algorithm but with this new option the user can enable the ODF 1.2 encryption. Well it is a minimal change to improve the current situation and allow the user to make use of what we already have. What does it mean in detail when we integrate this change? 1. No change as long as this option is not enabled 2. Option enabled and ODF 1.2 encryption is now default 2.1 New documents stored with password can't be loaded on older office versions 2.2 New or existing documents stored in older versions can still be loaded in the new office 2.3 Documents stored in older version (with the old algorithm) and loaded in the new office works as expected. Changes made in the document and stored with the new office still use the old algorithm and the document can later on opened in older office versions. From my pov of view there is still room for improvements but it is a first useful step to move forward to a more secure algorithm and give the user the opportunity to tweak the settings in the preferred way. I would like to propose to integrate this change and test it how well it works. Any opinions? Well keep in mind it is a minimal enhancement to make use of what we already have. There is still room for improvements ... Juergen [1] http://people.apache.org/~jsc/test/encryption_aes256_odf12.png - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
Re: [CODE][DISCUSS]: new option to enable ODF 1.2 encryption AES-256
On 4/30/14 10:53 AM, Jürgen Schmidt wrote: Hi, for AOO 3.4 we had already discussed and later on reverted a change to enable the ODF Document encryption AES-256 by default. Some time ago I played with a new option field to allow the user to enable this option as new default, see [1] By default the office still uses the old blowfish algorithm but with this new option the user can enable the ODF 1.2 encryption. Well it is a minimal change to improve the current situation and allow the user to make use of what we already have. What does it mean in detail when we integrate this change? 1. No change as long as this option is not enabled 2. Option enabled and ODF 1.2 encryption is now default 2.1 New documents stored with password can't be loaded on older office versions - stored with the new ODF 1.2 encryption And Oliver pointed out that AOO 3.4 of course is already able to read such documents 2.2 New or existing documents stored in older versions can still be loaded in the new office with the old blowfish encryption 2.3 Documents stored in older version (with the old algorithm) and loaded in the new office works as expected. Changes made in the document and stored with the new office still use the old algorithm and the document can later on opened in older office versions. From my pov of view there is still room for improvements but it is a first useful step to move forward to a more secure algorithm and give the user the opportunity to tweak the settings in the preferred way. I would like to propose to integrate this change and test it how well it works. Any opinions? Well keep in mind it is a minimal enhancement to make use of what we already have. There is still room for improvements ... Juergen [1] http://people.apache.org/~jsc/test/encryption_aes256_odf12.png - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
