Document Encryption in Office 2007 with Open XML

I was asked recently to comment on “security” of Office 2007. Conversations like this tend to unfold in a certain way… which is to play a fun game of Technology-Tennis, where we volley questions back and forth until we get at the root of the thing… although I’ve never understood why the grunting is necessary. In the end our conversation was about document encryption. I’d like to post (more or less) the answer to the question on my blog, as it is one that comes up from time to time.

The question was in reference to an article about another product opening XLS files that ignored the protection settings specified on a worksheet tab, and what they could do ensure their content was actually not viewable by unintended parties. For simplicity, I’ll reduce the discussion to what happens in the applications here (Vs. the use of SharePoint, NTFS, BitLocker or things like IPSec).

The conversation began by explaining that the functionality in Excel to show/hide or protect content within the workbook are not intended as a full-fledged “security” feature, rather “strong guidance” for how the consumer should be reading the information in the workbook. The use of encryption with Office is much more robust, and is the recommended method for how to apply a password to an Office 2007 document for Word, Excel or PowerPoint.

For the full detail, read this document. If you are interested in the deeper story of how Office security is managed, download this guide. If you are interested in reading about how Open XML documents are encrypted, read this document. If you are interested in reading the blog of a (the) Office security guru, read here: . His most recent post is about the MS-CRYPTO documentation.

I think you’ll find that the breadth and depth of coverage available for encrypting documents, helping secure communication, protecting users from potentially harmful content and other aspects of security are an excellent illustration of how much innovation we bring to the table with any new Office release.

Below is an excerpt from the first white paper I referenced:

Microsoft 2007 Office system Document Encryption Improvements

Password protection is not a new concept in the Microsoft 2007 Office system, but it has been made stronger and easier to use. Previous versions of Microsoft Office used an RC4 stream cipher with a key length of up to 128 bits. The problem with this approach was that when changes are made to the encrypted document and the document is saved, the initialization vector (IV) remains unchanged and the same keystream is used to encrypt subsequent versions of the encrypted document. This weakness in the implementation of the RC4 encryption algorithm made it possible for hackers compare two versions of a password-protected file to discover the contents and allow unauthorized users to read its contents. A number of software companies took advantage of these limitations to make “password recovery utilities” that could decrypt RC4-protected documents. Obviously, it was time to move to a now a new means of encrypting documents.

Microsoft 2007 Office system document encryption is a significant improvement. The encryption information block is the same as in previous versions of Office, but the Microsoft 2007 Office system uses the Advanced Encryption Standard (AES) encryption, which is the strongest industry-standard algorithm available and was selected by the National Security Agency (NSA) to be used as the standard for the U.S. Government, AES has a default 128-bit key (which can be increased to 256-bit via the Windows Registry) and uses SHA-1 hashing. In addition, The Microsoft 2007 Office system improves the algorithm of converting passwords into keys: 50,000 SHA-1 sequential iterations are performed.

Some key facts about Microsoft 2007 Office system document encryption:

  • Only Microsoft Word 2007 documents, Microsoft Excel 2007 workbooks, and Microsoft PowerPoint 2007 presentations can be encrypted using the built-in Microsoft 2007 Office system encryption feature.

  • The default encryption algorithm is AES 128-bit. This value can be increased to AES 256-bit via a Registry entry, local security policy, or domain Group Policy.

  • AES encryption is supported for Open XML formats used in previous versions of Microsoft Office when those documents are created in an Microsoft 2007 Office system application. However, documents saved in the older Office binary formats can only be encrypted using RC4 to maintain compatibility with older versions of Microsoft Office.

  • AES support is a function of the operating system’s cryptographic services providers (CSPs). AES encryption is supported on Windows Server 2003, Windows XP SP2 and Windows Vista.

  • The level of protection provided by the AES encryption is related to the strength of the password used to protect the document. You should use complex passwords that include upper and lower case letters, numbers and symbols and that are at least 8 characters long.

  • Password complexity cannot be enforced for Microsoft 2007 Office system encryption. Users should be encouraged to use complex passwords during training.

  • There are no administrative settings that force users to encrypt documents

It’s important to note that there are two options to add a password in Microsoft 2007 Office system documents. One option enables you to encrypt the document using a password; this is referred to as a Password to open. The second option does not use any encryption. It is designed so you can collaborate with content reviewers you trust, but is not designed to help make the file more secure. This is referred to as the Password to modify.


Comments (3)

  1. Anonymous says:

    Hi hAl,

    thanks for the tip, I’ll check it out and well get the paper updated.


  2. Jesper Lund Stocholm says:

    Hi Gray,

    I think it is great that Microsoft has finally documented how Microsoft Office 2007 handles encryption of OOXML-documents. The information until now has been nothing more than "Microsoft Office 2007 uses the Office CryptoAPI" and that was pretty much it.

    The documentation will help the rest of us figure out what Microsoft Office 2007 actually does when protecting a document, and as I wrote some time ago on my blog at (sorry, in Danish) quite a lot of information is needed expecially when it comes to the functionality in the Office Crypto API that Microsoft Office 2007 doesn’t support.

  3. hAl says:

    [quote]The second option does not use any encryption.[/quote]

    That is actually not totally correct.

    Encryption is still used to store the password.