OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office] Fwd: OASIS and encryption

Hi David,

I've asked the OpenOffice.org encryption experts for a clarification:

David Faure wrote:
> Hello,
> I was asked to forward you the following questions, so that we can implement
> OASIS-compatible encryption support in KOffice.
> ----------  Forwarded Message  ----------
> Subject: OASIS queries
> Date: Wednesday 25 August 2004 15:23
> From: Brad Hards <bradh@frogmouth.net>
> To: David Faure <faure@kde.org>
> David,
> Can you make the following queries to the OASIS people for me?
> I'm looking at office-spec-1.0-cd-1.pdf Section 16.3, and having a bit of
> trouble with understanding how to decrypt a file.
> I understand that each file is seperately compressed and then encrypted
>  before being stored.
> I understand that I need to extract the salt and initialisation vectors for
> each file from the META/manifest.xml file, and base64 decode them before
> applying.
> I understand that I need to use PKCS#5 / PBKDF2 to combine the SHA1 hash of
> the user-provided password with the salt. I don't know what the pseudo-random
> function for PBKDF2 is though. Is it just HMAC-SHA-1?

The PBKDF2 pseudo-random function is indeed HMAC-SHA-1, as defined in 
the PKCS#5 v2.0 document in appendices A.2 and B.1.1:

PKCS#5 only mentions a single implementation, in Appendix A.2 "...shall 
consist of HMAC-SHA-1...", and in Appendix B.1.1 explains that 
algorithm, only. This means that there would be some freedom for 
diverting implementations (because of the term SHALL), but the OOo 
people never heard of one not using HMAC-SHA-1.

If it helps, we of course might add a sentence to chapter 16.3 
clarifying that actually HMAC-SHA-1 is used within PBKDF2.

> Can I have some test vectors for the PBKDF2 functions?

Test vectors shuld be available within tutorial and books regarding 
PKCS#5. The OpenOffice.org people have a single test vector in the file 
"t_digest.c" in their CVS archive at:


> Brad


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]