Office 2007 SP2 Encryption Settings
Now that we've actually shipped SP2, some of you may be curious about how to use the shiny new encryption. Here's the registry settings:
Registry keys
Base keys (also corresponding Policy keys) |
HKCU\Software\Microsoft\Office\12.0\<appname>\Security\Crypto |
Name |
Type |
Default |
Description |
CompatMode |
DWORD |
0 |
Controls encrypted database compatibility:
|
Context |
String |
Restrict encryption parameters to those defined in this CNG context |
|
CipherAlgorithm |
String |
Cipher algorithm to use, optional, CNG string |
|
CipherKeyBits |
DWORD |
Number of bits to use when creating the cipher key, rounded down to a multiple of 8, optional |
|
CipherChaining |
String |
Cipher chaining mode to use, optional, CNG string |
|
HashAlgorithm |
String |
Hash algorithm to use, optional, CNG string |
|
RngAlgorithm |
String |
Random number generator algorithm to use, optional, CNG string |
|
SaltBytes |
DWORD |
16 |
Bytes of salt to use, optional |
PasswordSpinCount |
DWORD |
100000 |
Number of times to spin (e.g. rehash) the password verifier, optional |
NewKeyOnPwdChange |
DWORD |
1 |
If non-zero, a new intermediate key is generated when the password is changed. This will cause any extra key encryptors to be removed on save. |
Many thanks to my tester for giving me the information in such a nicely formatted and well documented table. Once you have Office 2010 Technical Preview available to you, the same settings should work there as well. Many more thanks to Dan Jump for carefully implementing our design. Note that if you use the new format, then the converter for Office 2003 and earlier won't be able to read them until we update the converters to understand the new encryption.