OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] Updated: (OFFICE-2722) ODF 1.2 Part 3 3.4.1Plaintext and Ciphertext Same Size?



     [ http://tools.oasis-open.org/issues/browse/OFFICE-2722?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dennis Hamilton updated OFFICE-2722:
------------------------------------

    Proposal: 
1. Reword the section 3.4.1 third paragraph sentence "Encrypted file entries should be flagged as 'STORED' ... in the Zip file's central directory" to include the local file header in the same way as the "real size" value is kept consistent in all places.

2a. Add the requirement that the ciphertext file size SHALL be the same size as the plaintext deflated file size and encryption algorithms that result in a different cyphertext size SHALL NOT be used.

2b. Alternatively, add the requirement that when an encryption algorithm does not provide ciphertext files of the same size as the plaintext file, the algorithm and its parameters shall be such that the decryption process delivers the plaintext deflated file in its original size.

3. In section 3.4.2(3)  add a note to 3.4.2 on the default algorithms to the effect that "The derived key is used together with the initialization vector to produce a ciphertext of the same size as the deflated file using the Blowfish algorithm in 8-bit cipher feedback (8-bit CFB) mode."

  was:
1. Reword the section 3.4.1 third paragraph sentence "Encrypted file entries should be flagged as 'STORED' ... in the Zip file's central directory" to include the local file header in the same way as the "real size" value is kept consistent in all places.

2a. Add the requirement that the ciphertext file size SHALL be the same size as the plaintext deflated file size and encryption algorithms that result in a different cyphertext size SHALL NOT be used.

2b. Alternatively, add the requirement that when an encryption algorithm does not provide ciphertext files of the same size as the plaintext file, the algorithm and its parameters shall be such that the decryption process delivers the plaintext deflated file in its original size.

3. In section 3.4.2(3)  add a note to 3.4.2 on the default algorithms to the effect that "The derived key is used together with the initialization vector to produce a ciphertext of the same size as the deflated file using the Blowfish algorithm in cipher feedback (CFB) mode."


> ODF 1.2 Part 3 3.4.1 Plaintext and Ciphertext Same Size?
> --------------------------------------------------------
>
>                 Key: OFFICE-2722
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2722
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Packaging, Part 3 (Packages), Security
>    Affects Versions: ODF 1.2 CD 05
>         Environment: This issue applies specifically to section 3.4.1 of ODF 1.2 Part 3 CD01-rev08 and the ODF 1.2 CD05 Part 3 approved form.  The question also applies to ODF 1.0/1.1/IIS 26300. 
>            Reporter: Dennis Hamilton
>             Fix For: ODF 1.2 CD 06
>
>
> In the third paragraph of section 3.4.1 on General Encryption provisions, it is stated that the uncompressed file size of the deflated file data (the plaintext) is saved in the corresponding <manifest:file-entry> manifest:size attribute value.  The deflated file data is replaced by the encryption (ciphertext) of the deflated file data, the entry is changed to STORED and the size of the encrypted file is then carried in those places where the file's real size value is carried.
> 1. Why is flagging as STORED asserted for the Zipped file's central directory entry and no other place, although the ciphertext size is placed in all applicable places?
> 2. There is no indication of how the size of the plaintext deflated file is to be recovered.  Is it to be assumed that the ciphertext size is the same as the size of the plaintext deflated size, so there is no need to recover it separately?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]