office message

Subject: [OASIS Issue Tracker] (OFFICE-3940) Add OpenPGP-based XML encryption
From: OASIS Issues Tracker <workgroup_mailer@lists.oasis-open.org>
To: office@lists.oasis-open.org
Date: Mon, 15 Jul 2019 15:59:00 +0000 (UTC)
    [ https://issues.oasis-open.org/browse/OFFICE-3940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=74333#comment-74333 ] 

Patrick Durusau commented on OFFICE-3940:
-----------------------------------------

My annotations to the schema changes:

diff --git a/schema/odf1.3/OpenDocument-manifest-schema-v1.3.rng b/schema/odf1.3/OpenDocument-manifest-schema-v1.3.rng
index f485ffbd019c..a84a49e71128 100644
--- a/schema/odf1.3/OpenDocument-manifest-schema-v1.3.rng
+++ b/schema/odf1.3/OpenDocument-manifest-schema-v1.3.rng
@@ -81,6 +81,34 @@
 <rng:define name="base64Binary">
 <rng:data type="base64Binary"/>
 </rng:define>
+ <rng:define name="encrypted-key">
+ <rng:element name="manifest:encrypted-key">

https://www.w3.org/TR/xmlenc-core1/#sec-EncryptedKey

+ <rng:optional>
+ <rng:element name="manifest:encryption-method">

https://www.w3.org/TR/xmlenc-core1/#sec-EncryptionMethod

+ <rng:attribute name="manifest:PGPAlgorithm">
+ <rng:ref name="anyURI"/>
+ </rng:attribute>

fixed value as PGPAlgorithm

+ </rng:element>
+ </rng:optional>
+ <rng:element name="manifest:keyinfo">

https://www.w3.org/TR/2001/PR-xmldsig-core-20010820/#sec-KeyInfo

(but limited to PGPData)

+ <rng:element name="manifest:PGPData">

https://www.w3.org/TR/2001/PR-xmldsig-core-20010820/#sec-PGPData

+ <rng:element name="manifest:PGPKeyID">
+ <rng:ref name="base64Binary"/>
+ </rng:element>
+ <rng:optional>
+ <rng:element name="manifest:PGPKeyPacket">
+ <rng:ref name="base64Binary"/>
+ </rng:element>
+ </rng:optional>
+ </rng:element>
+ </rng:element>


+ <rng:element name="manifest:CipherData">

https://www.w3.org/TR/xmlenc-core1/#sec-CipherData

same but does not allow CipherReference

+ <rng:element name="manifest:CipherValue">
+ <rng:ref name="base64Binary"/>
+ </rng:element>
+ </rng:element>
+ </rng:element>
+ </rng:define>

<rng:define name="encryption-data">
 <rng:element name="manifest:encryption-data">
 <rng:ref name="encryption-data-attlist"/>
@@ -149,29 +177,37 @@
 </rng:element>
 </rng:define>
 <rng:define name="key-derivation-attlist">
- <rng:interleave>
+ <rng:choice>
 <rng:attribute name="manifest:key-derivation-name">
- <rng:choice>
- <rng:value>PBKDF2</rng:value>
- <rng:ref name="anyURI"/>
- </rng:choice>
+ <rng:value>PGP</rng:value>

https://www.w3.org/TR/2001/PR-xmldsig-core-20010820/#sec-PGPData

Add normative ref for PGP

</rng:attribute>
- <rng:attribute name="manifest:salt">
- <rng:ref name="base64Binary"/>
- </rng:attribute>
- <rng:attribute name="manifest:iteration-count">
- <rng:ref name="nonNegativeInteger"/>
- </rng:attribute>
- <rng:optional>
- <rng:attribute name="manifest:key-size">
+ <rng:interleave>
+ <rng:attribute name="manifest:key-derivation-name">

Is this: https://www.w3.org/TR/xmlenc-core1/#sec-DerivedKey - DerivedKeyName?

<already defined in part 2>

+ <rng:choice>
+ <rng:value>PBKDF2</rng:value>
+ <rng:ref name="anyURI"/>
+ </rng:choice>
+ </rng:attribute>
+ <rng:attribute name="manifest:salt">
+ <rng:ref name="base64Binary"/>
+ </rng:attribute>
+ <rng:attribute name="manifest:iteration-count">
 <rng:ref name="nonNegativeInteger"/>
 </rng:attribute>
- </rng:optional>
- </rng:interleave>
+ <rng:optional>
+ <rng:attribute name="manifest:key-size">
+ <rng:ref name="nonNegativeInteger"/>
+ </rng:attribute>
+ </rng:optional>
+ </rng:interleave>
+ </rng:choice>
 </rng:define>
 <rng:define name="manifest">
 <rng:element name="manifest:manifest">
 <rng:ref name="manifest-attlist"/>
+ <rng:zeroOrMore>
+ <rng:ref name="encrypted-key"/>
+ </rng:zeroOrMore>
 <rng:oneOrMore>
 <rng:ref name="file-entry"/>
 </rng:oneOrMore>
--
</already defined in part 2>

> Add OpenPGP-based XML encryption
> --------------------------------
>
>                 Key: OFFICE-3940
>                 URL: https://issues.oasis-open.org/browse/OFFICE-3940
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: New Feature
>          Components: Packaging, Part 3 (Packages)
>    Affects Versions: ODF 1.3
>            Reporter: Thorsten Behrens
>            Priority: Major
>             Fix For: ODF 1.3
>
>
> Currently ODF supports password-based encryption, using a user-provided string of characters to encrypt an AES session encryption key.
> That is not ideal in the context of sharing documents securely with wider audiences, since one always needs a secure sidechannel to distribute the passphrase.
> This proposal builds on top of https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/ for XML encryption, and essentially extends the ODF manifest markup with a few nodes to denote OpenPGP key material plus transport encryption for the session key



--
This message was sent by Atlassian JIRA
(v7.7.2#77003)