[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: encryption of signature files
Hi Dennis, > I have a pent-up pending analysis and blog post on the ODF 1.x package > encryption scheme's vulnerability to known-plaintext attacks. The fact that > the digital signature files cannot be encrypted is also something that > should raise eyebrows in document security circles. Hmz, probably I'm missing something here, but I haven't read that one cannot encrypt the signature files (or other files in META-INF, except the manifest.xml) As far as I know, one cannot encrypt the manifest (otherwise it'll be a tad difficult to get to the encryption/decryption parameters), nor the mimetype stream... Part 3 mentions that, for encrypted documents, Thumbnails/thumbnail.png may be a dummy one (but I haven't seen a statement that one isn't allow to simply encrypt that one as well, although that might cause some trouble for environments trying to show the preview, so probably not a good idea) Best regards, Bart
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]