Password set for DocumentProtection not accepted in MSWord
Posted: Fri Jul 01, 2016 12:03 am
I try to protect a Word document to READ Only mode using the docx4java API. Using the following code;
When opening the Word document it is protected and a password is asked the expected password seems not to match the password used in the code "aaaa".
Any idea what is not correct in the code ?
Cheers,
Peter
== Update 1 ==
When setting the hash and the salt using the value of password
And printing the hash and salt
The salt and hash seem to be ok;
What seems to be odd is that the salt and hash in the settings.xml is the same. I would expect that the hash and salt in the settings.xml would differ (Hashed pasword would be salted using salt value)
== Update 2 =
Also tried to create a hash using the salt value using the following method;
- Code: Select all
CTDocProtect cdtP = new CTDocProtect();
cdtP.setEnforcement(Boolean.TRUE);
cdtP.setEdit(STDocProtect.READ_ONLY);
// Set password for protection
String password = "aaaa" ;
Random rnd = new SecureRandom();
int spins = 100000 ;
int keylength = 256 ;
byte[] salt = new byte[16];
rnd.nextBytes(salt);
byte[] hash = new byte[0] ;
hash = password.getBytes() ;
cdtP.setCryptProviderType(STCryptProv.RSA_FULL);
cdtP.setCryptAlgorithmClass(STAlgClass.HASH);
cdtP.setCryptAlgorithmType(STAlgType.TYPE_ANY);
cdtP.setCryptAlgorithmSid(BigInteger.valueOf(4));
cdtP.setCryptSpinCount(BigInteger.valueOf(spins));
cdtP.setHash(hash);
cdtP.setSalt(salt);
// set document protection
dsp.getContents().setDocumentProtection(cdtP);
When opening the Word document it is protected and a password is asked the expected password seems not to match the password used in the code "aaaa".
Any idea what is not correct in the code ?
Cheers,
Peter
== Update 1 ==
When setting the hash and the salt using the value of password
- Code: Select all
hash = password.getBytes() ;
salt = password.getBytes() ;
And printing the hash and salt
- Code: Select all
System.out.println("Hash: " + new String(hash)) ;
cdtP.setHash(hash);
System.out.println("Salt: " + new String(salt)) ;
cdtP.setSalt(salt);
The salt and hash seem to be ok;
- Code: Select all
Protection is enabled , protection mode is READ_ONLY
Hash: aaaa
Salt: aaaa
What seems to be odd is that the salt and hash in the settings.xml is the same. I would expect that the hash and salt in the settings.xml would differ (Hashed pasword would be salted using salt value)
- Code: Select all
w:hash="YWFhYQ==" w:salt="YWFhYQ=="/
== Update 2 =
Also tried to create a hash using the salt value using the following method;
- Code: Select all
public static byte[] hash(char[] password, byte[] salt, int iterations, int keylength) {
PBEKeySpec spec = new PBEKeySpec(password, salt, iterations, keylength);
Arrays.fill(password, Character.MIN_VALUE);
try {
for (Object obj : java.security.Security.getAlgorithms("Cipher")) {
System.out.println(obj);
}
SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
System.out.println(skf.generateSecret(spec).getEncoded()) ;
return skf.generateSecret(spec).getEncoded();
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
throw new AssertionError("Error while hashing a password: " + e.getMessage(), e);
} finally {
spec.clearPassword();
}
}