Apache OpenOffice (AOO) Bugzilla – Issue 119214
Saving in ODF 1.1/1.2 Default Encryptions should omit optional items defined by default
Last modified: 2020-11-15 12:35:22 UTC
Apache OpenOffice 3.4.0 r1309668 will produce the ODF 1.1/1.2 default Blowfish encryption with SHA1 digests. (It is the default in accordance with the resolution of issue #119090.). However, elements and attributes are used which are not defined for ODF 1.1 documents and are not recognized by OpenOffice.org releases that precede the establishment of these optional elements in the ODF 1.2 specification. RECOMMENDATION Whenever the SHA1 digests and Blowfish encryption are used and the parameters are those understood by default for ODF 1.2 (and as exclusive cases for ODF 1.1), the explicit setting of those parameters should not be performed. Specifically: The <manifest:start-key-generation> element should not be produced when the the digest is the default "SHA1" and the key-size is the default 20. This is an optional element in ODF 1.2. It does not exist in ODF 1.0/1.1. In ODF 1.0/1.1 the ODF 1.2 default parameters are tacit. The <manifest:key-derivation> manifest:key-size should be omitted when the default value of 16 is expected. This is an optional attribute in ODEF 1.2 It does not exist in ODF 1.0/1.1. In ODF 1.0/1.1, the size of 16 is understood. EXAMPLE When the fully-explicit case is of this form: <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="content.xml" manifest:size="3587"> <manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="x6qqlWMYrhuzxAqPcO8niNZOWIc="> <manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="1u3Zg9iEHQQ=" /> <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:key-size="16" manifest:iteration-count="1024" manifest:salt="O4elKYLGe3qqLjIXEO3NXQ==" /> <manifest:start-key-generation manifest:start-key-generation-name="SHA1" manifest:key-size="20" /> </manifest:encryption-data> </manifest:file-entry> It should be abbreviated to this form, providing the maximum safe downward compatibility by achieving the same effect using the default definitions: <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="content.xml" manifest:size="5427"> <manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="c3hAKVVsQkDjjumyfU8/pECHfZA="> <manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="4QYt5d5RrQ4="/> <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="ieDfP45urTGFmp6rb4gIAw=="/> </manifest:encryption-data> </manifest:file-entry>
In some other tests I noticed that the additional information, although not defined for ODF 1.1, does not interfere with earlier OO.o versions, all the way back to 2.4.1 when there was no provision for changes coming in ODF 1.2 encryption. This does not mean that a stricter implementation of ODF 1.1 that supports encryption won't fail, but correcting this is probably not a priority in this particular case, so long as setting Save to ODF 1.0/1.1 does not lead to production of the non-ODF 1.0/1.1 material. (That needs to be tested.)
Reset assigne to the default "issues@openoffice.apache.org".