[OASIS Issue Tracker] Updated: (OFFICE-2722) ODF 1.2 Part 3 3.4.1Plaintext and Ciphertext Same Size?

[OASIS Issues Tracker <workgroup_mailer@lists.oasis-open.org>]

     [ http://tools.oasis-open.org/issues/browse/OFFICE-2722?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dennis Hamilton updated OFFICE-2722:
------------------------------------


David, I agree that one needs to know three things: 1. The decompressed plaintext size, 2. the plaintext (1, compressed) size, and the 3. ciphertext size upon encryption of (2).

The existing default implementation only carries (1) and (3) anywhere that a consumer can determine it.

This issue is about the fact that (2) is not carried anywhere.  The proposed resolution is to make it explicit that for the default case where 8-bit CFB is used, the sizes of (2) and (3) are the same.

The implementers may have another answer with regard to what actually happens, in which case they need to make that known.

It is also relevant, here, to confirm that the default Blowfish encryption is with 8-bit CFB. Issue OFFICE-2723 is focused on that aspect.

There clearly can be expansion of the information retained in the manifest to make (2) explicit in case it is different than (3).  I did not propose that.  But we need to make sure the current default case is well-specified as it is.  Any addition to deal with differences between (2) and (3) would probably have to be optional and not applicable in the default case.  That is also the legacy case.

> ODF 1.2 Part 3 3.4.1 Plaintext and Ciphertext Same Size?
> --------------------------------------------------------
>
>                 Key: OFFICE-2722
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2722
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Packaging, Part 3 (Packages), Security
>    Affects Versions: ODF 1.2 CD 05
>         Environment: This issue applies specifically to section 3.4.1 of ODF 1.2 Part 3 CD01-rev08 and the ODF 1.2 CD05 Part 3 approved form.  The question also applies to ODF 1.0/1.1/IIS 26300. 
>            Reporter: Dennis Hamilton
>             Fix For: ODF 1.2 CD 06
>
>
> In the third paragraph of section 3.4.1 on General Encryption provisions, it is stated that the uncompressed file size of the deflated file data (the plaintext) is saved in the corresponding <manifest:file-entry> manifest:size attribute value.  The deflated file data is replaced by the encryption (ciphertext) of the deflated file data, the entry is changed to STORED and the size of the encrypted file is then carried in those places where the file's real size value is carried.
> 1. Why is flagging as STORED asserted for the Zipped file's central directory entry and no other place, although the ciphertext size is placed in all applicable places?
> 2. There is no indication of how the size of the plaintext deflated file is to be recovered.  Is it to be assumed that the ciphertext size is the same as the size of the plaintext deflated size, so there is no need to recover it separately?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira