2.2.10 Encryption (Password to Open)

Workbook files can contain sensitive information that needs to be protected. A file can be protected by encrypting it using a password<20>. Once a file is encrypted, the data can only be accessed by decrypting the file using the same password.

If a file in this format is saved with encryption it MUST be saved with XOR obfuscation<21> as specified in [MS-OFFCRYPTO] section 2.3.7, or RC4 encryption as specified in [MS-OFFCRYPTO] section 2.3.6, or one of a number of RC4 CryptoAPI encryption<22> algorithms as specified in [MS-OFFCRYPTO] section 2.3.5. The specific obfuscation or encryption method being used, and the associated obfuscation or encryption information, is specified in the FilePass record (section 2.4.117).

If RC4 CryptoAPI encryption is used, certain storages and streams are stored in the Encryption Stream (section 2.1.7.6) as specified in [MS-OFFCRYPTO] section 2.3.5.3. See the following table for details.

Storage/Stream

XOR obfuscation or RC4 encryption

RC4 CryptoAPI encryption

Component Object Stream (section 2.1.7.1)

Not encrypted

Not encrypted.

Control Stream (section 2.1.7.2)

Not encrypted

Encrypted in encryption stream (section 2.1.7.6).

Data Spaces Storage (section 2.1.7.3)

Not encrypted

Not encrypted.

Document Summary Information Stream (section 2.1.7.4)

Not encrypted

Encrypted in encryption stream (section 2.1.7.6) if and only if flag is set **

Embedding Storage (section 2.1.7.5)

Not encrypted

Encrypted in encryption stream (section 2.1.7.6).

Link Storage (section 2.1.7.7)

Not encrypted

Encrypted in encryption stream (section 2.1.7.6).

List Data Stream (section 2.1.7.8)

Not encrypted

Encrypted in encryption stream (section 2.1.7.6).

Office Data Store Storage (section 2.1.7.9)

Not encrypted

Not encrypted.

Office Toolbars Stream (section 2.1.7.10)

Not encrypted

Not encrypted.

OLE Stream (section 2.1.7.11)

Not encrypted

Not encrypted.

Pivot Cache Storage (section 2.1.7.12)*

Encrypted

Encrypted.

Protected Content Stream (section 2.1.7.13)

Not encrypted

Not encrypted.

Revision Stream (section 2.1.7.14)*

Encrypted

Encrypted.

Signatures Stream (section 2.1.7.15)

Not encrypted

Not encrypted.

Summary Information Stream (section 2.1.7.16)

Not encrypted

Encrypted in encryption stream (section 2.1.7.6) if and only if flag is set **

User Names Stream (section 2.1.7.17)*

Not encrypted

Not encrypted.

VBA Storage (section 2.1.7.18)

Not encrypted

Not encrypted.

Viewer Content Stream (section 2.1.7.19)

Not encrypted

Not encrypted

Workbook Stream (section 2.1.7.20)*

Encrypted

Encrypted.

XML Signatures Storage (section 2.1.7.21)

Not encrypted

Not encrypted.

XML Stream (section 2.1.7.22)

Not encrypted

Encrypted in encryption stream (section 2.1.7.6)

* The indicated items specify either streams that contain BIFF records as specified in Record (section 2.1.4) or storages that contain streams that contain BIFF records as specified in Record (section 2.1.4). When obfuscating or encrypting BIFF records in these streams the record type and record size components MUST NOT be obfuscated or encrypted. In addition the following records MUST NOT be obfuscated or encrypted: BOF (section 2.4.21), FilePass (section 2.4.117), UsrExcl (section 2.4.339), FileLock (section 2.4.116), InterfaceHdr (section 2.4.146), RRDInfo (section 2.4.227), and RRDHead (section 2.4.226). Additionally, the lbPlyPos field of the BoundSheet8 record (section 2.4.28) MUST NOT be encrypted.

** The indicated streams for the indicated encryption method MUST be encrypted if and only if the 0x08 bit of EncryptionHeader.flags is equal to 0. EncryptionHeader.flags is specified in [MS-OFFCRYPTO] section 2.3.5.1.

For XOR obfuscation, the obfuscation key is generated as specified in the Password Verifier Algorithm section. The algorithm for XOR obfuscation is specified in [MS-OFFCRYPTO] section 2.3.7. The Unicode password string is converted to a new character string in the ANSI code page of the current system using the algorithm specified in the revisionsPassword attribute in [ECMA-376] part 4, 3.2.29. The new string is then provided as input into the XOR obfuscation array initialization as specified in [MS-OFFCRYPTO] section 2.3.7.2. The initialized array is then used by the algorithm specified in [MS-OFFCRYPTO] section 2.3.7.3 to obfuscate the file data.

For RC4 encryption and RC4 CryptoAPI encryption, the Unicode password string is used to generate the encryption key as specified in [MS-OFFCRYPTO] section 2.3.6.2 or [MS-OFFCRYPTO] section 2.3.5.2 depending on the RC4 algorithm used. The record data is then encrypted by the specific RC4 algorithm in 1024-byte blocks. The block number is set to zero at the beginning of every BIFF record stream, and incremented by one at each 1024-byte boundary. Bytes to be encrypted are passed into the RC4 encryption function and then written to the stream. For unencrypted records and the record headers consisting of the record type and record size, a byte buffer of all zeros, of the same size as the section of unencrypted bytes, is passed into the RC4 encryption function. The results are then ignored and the unencrypted bytes are written to the stream.

See the Security Considerations section for information about security concerns relating to file encryption for this file format.