[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Insufficient documentation on ODF encryption.
Hi, I am attempting to implement ODF encryption
(ODF 1.1 paragraph 17.3) and I am failing miserably. My goal was to purely use
information within the ODF specification and not use any extra materials like
the Open Office source code. My goal of implementing this feature of ODF is
made difficult with the lack of useful information in the ODF specification
itself. In total there is ½ an A4 worth of text on encryption of documents,
which IMHO is a vital feature and deserves much more attention. I find the text
hard to read, lacking important information and generally not useful for
building software. In short, here are my main issues with this part of the ODF specification.
-
The text immediately jumps into
implementation steps, without explaining anything about the goals, process
or general background of encryption of ODF documents. For instance, is
the entire ZIP encrypted, or the entries within the ZIP? -
There are no references
to other important areas of the specification, which would facilitate improved navigation.
This makes it even harder to find relevant areas of ODF to look at. -
There is no mention of decryption
of a document. -
The steps do not show any sample
data which could be used to validate my code without needing to fall
back on existing implementations (which might be equally wrong as my code) -
The author of the Blowfish encryption
algorithm indicates that he is amazed that it is even used. It might not be
allowed to use the algorithm for FIPS compliancy (I’m no expert on that though). -
The encoding of the
password is not mentioned, which is vital information to be able to implement
this feature. -
The exact process of salting
the password hash is defined as ‘used together’, which is totally
useless from an implementation standpoint. Since my government is demanding usage of
this file format, I have interest in seeing it improve much beyond where it is
right now. Even the source code of Open Office would result in more useful
documentation, which IMHO should never be the case for a specification of this
importance. I hope you will appreciate this feedback
and take appropriate action to make ODF a more useful standard, and not the
essay that I am reading right now. People actually need to use this to
implement applications, and to be honest, I do not think this is actually
possible. Please don’t take this the wrong way, but the Open XML specification
would be a great sample on how the general structure of the ODF specification
should look like. Much more text, samples, and anchor / hyperlinks. Thanks for all your efforts in this field.
I hope you will continue to improve and tune ODF. Sincerely yours, Wouter van Vugt Code Counsel |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]