Office 2007 SP2 Encryption Settings

Now that we’ve actually shipped SP2, some of you may be curious about how to use the shiny new encryption. Here’s the registry settings: Registry keys Base keys (also corresponding Policy keys) HKCU\Software\Microsoft\Office\12.0\<appname>\Security\Crypto     Name Type Default Description CompatMode DWORD 0 Controls encrypted database compatibility: 0 – Legacy format for new files 1 -…


Legacy RC4 Example on Codeplex

Just a quick note on this – a customer had a question about the old RC4 40-bit encryption yesterday, and this prodded me into taking some memory dumps of intermediate steps and figuring out where my own example code wasn’t working. Fortunately, it wasn’t really a problem with the documentation – I’d just made a…


MS-Offcrypto Example Update

Just a quick note that I’ve updated the examples. I added an example for the CAPI RC4 encryption that does work. Along the way, I got smarter about managed C++ and C# interop, which turned out to be a bit of an adventure. I didn’t find the documentation on MSDN exceptionally helpful in this area….


MS-Offcrypto Examples

In response to some questions I’ve gotten about details of MS-OFFCRYPTO, I’ve created a CodePlex project to contain sample code demonstrating the documentation. You can find it at I had originally wanted to include sample code in MS-OFFCRYPTO itself, but we couldn’t do that. Instead, we can put sample code on CodePlex. To keep…


Office Crypto KDF Details

I’ve gotten a couple of questions asking how our key derivation function works. The technique is very similar to that described in RFC 2898, also known as PKCS #5. There are two key derivation functions (KDF) documented in this RFC – PBKDF1 and PBKDF2. Our KDF implementation is very similar to PBKDF1 (section 5.1), with…


New, Improved Office Crypto

If you’re enough of an Office crypto geek to stay on top of the most recent changes in MS-OFFCRYPTO, you already know about some of this, but my assumption is that most people aren’t going to want to parse something that hard to read. What we’re doing is introducing some substantial improvements in our encryption…


MS-OFFCRYPTO, W7 Engineering blog, etc

We have a new version of MS-OFFCRYPTO out. The big change is that how CryptDeriveKey was documented on MSDN was incorrect, we copied it, which made our document also incorrect. As it turns out, CryptDeriveKey always uses the same code path for AES as it does as if the hash output is shorter than the…


Office Crypto Follies

What I’ve been working on lately that has kept me from doing nearly anything else can be found at: MS-OFFCRYPTO is very detailed documentation of exactly how we do cryptography for binary and OOXML documents. Overall, it covers: IRM Encryption and obfuscation Password to modify Digital signing Before someone else figures out some of…