文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >加密ODS存档中的文件

加密ODS存档中的文件
EN

Stack Overflow用户
提问于 2020-05-25 11:41:38
回答 1查看 287关注 0票数 1

我试图在ODS (打开的文档电子表格)存档中复制文件的LibreOffice加密。有关技术信息,请参见826425813

我发现的最好的总结是在维基百科

当OpenDocument文件被密码保护时,包的文件结构保持不变,但是包中的XML文件内容是使用以下算法加密的:

  1. 文件内容通过压缩算法进行压缩。
  2. 计算压缩文件的一部分的校验和(文件内容的SHA-1,或文件的第一1024字节的SHA-1,或文件的前1024字节的SHA-256 ),并存储以便在解密时验证密码的正确性。
  3. 创建用户以UTF-8编码输入密码的摘要(散列),并将其传递给包组件。ODF版本1.0和1.1只要求在这里支持SHA-1摘要,而版本1.2建议使用SHA-256。
  4. 此摘要用于通过使用HMAC-SHA-1与任意长度的盐(在ODF1.1及以下的PBKDF2中为16个字节)进行密钥拉伸来生成派生密钥,该随机数生成器用于任意迭代计数(在ODF1.2中默认为1024)。
  5. 随机数发生器用于为每个文件生成随机初始化向量。
  6. 初始化向量和导出密钥用于对压缩文件内容进行加密。ODF 1.0和1.1在8位密码反馈模式下使用Blowfish,而ODF 1.2则认为它是一种遗留算法,允许在密码块链接模式下使用三重DES和AES ( 128、196或256位)。

我的未加密模块内容(编码: utf-8,换行: LF)是:

代码语言:javascript
复制
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE script:module PUBLIC "-//OpenOffice.org//DTD OfficeDocument 1.0//EN" "module.dtd">
<script:module xmlns:script="http://openoffice.org/2000/script" script:name="Module1" script:language="StarBasic" script:moduleType="normal">REM  *****  BASIC  *****
REM Hello, world!
</script:module>

LibreOffice生成并存储在ODS存档中的加密模块内容为(十六进制):

代码语言:javascript
复制
[a3, f4, 61, 98, c1, c8, e8, b1, d3, fa, b0, bc, ef, 51, 87, da, 4c, d8, 92, c2, 09, 7f, 12, 19, 47, 44, af, 3b, 32, 9d, 4a, 33, eb, ab, c0, 45, 97, 00, 27, 60, cf, b3, 49, 55, 76, 46, e2, 3c, 35, a0, a7, a9, 8a, af, a3, cd, 3c, f3, 20, 5f, 83, 89, a4, 9c, d9, b5, a6, f5, db, 68, 0a, b4, d0, 15, 3e, 6d, af, c6, 16, 78, 29, 79, 42, cb, 56, e3, b1, cd, c1, a6, a0, 13, 91, 16, e3, 89, a8, c6, d4, 69, e8, ea, 87, e9, 9d, 09, bb, 03, a0, 6e, a0, 29, 37, 85, 9a, 59, fb, 47, 3a, 72, 1d, 85, 25, b0, 92, 37, 55, a4, eb, de, 03, eb, de, e1, b6, f3, f9, 7b, 3a, 09, 2c, ad, 8e, ff, 1e, a2, 79, 63, 12, 04, 93, 67, 3d, 59, 6c, e8, aa, ae, 37, 7e, 66, cf, 99, 54, 63, a5, ea, 31, 78, 44, b1, 54, be, 5a, af, 3f, 0d, bf, b5, ce, 98, c8, 7a, 44, 61, d4, 76, 69, 3b, 01, 6f, 27, ab, 5f, a2, b0, 98, 32, 52, 0c, 9c, 08, 0c, 6a, 0c, 54, e0, 83, dc, d0, ad, 3a, 0f, 0f, 75, 6f, e6, 0d, db, db, 50, a4, 2b, d3, 5f, 43, 7c, 2d, 16, fa, 87, 62, 09, f6, d2, 28, 31, b5, a0, be]

下面是LibreOffice生成的清单的相关部分:

代码语言:javascript
复制
    <manifest:file-entry manifest:full-path="Basic/Test/Module1.xml" manifest:media-type="text/xml" manifest:size="332">
     <manifest:encryption-data manifest:checksum-type="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k" manifest:checksum="/UdU2OKZn04r0e9O047PaWNqi7LGaHYN9mURmvMCM60=">
      <manifest:algorithm manifest:algorithm-name="http://www.w3.org/2001/04/xmlenc#aes256-cbc" manifest:initialisation-vector="ZEk8JHG3bHu8kZw0VGOT+g=="/>
      <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:key-size="32" manifest:iteration-count="100000" manifest:salt="jGIagiBnlFdvQctdCkYfRQ=="/>
      <manifest:start-key-generation manifest:start-key-generation-name="http://www.w3.org/2000/09/xmldsig#sha256" manifest:key-size="32"/>
     </manifest:encryption-data>
    </manifest:file-entry>

密码是123

这是我的密码:

代码语言:javascript
复制
// imports
// needs a dependency on `org.bouncycastle/bcprov-jdk15on/1.65`

public class EncryptMacro {
    public static void main(String[] args)
            throws IOException, NoSuchAlgorithmException, InvalidKeySpecException,
            IllegalBlockSizeException, InvalidKeyException, BadPaddingException,
            InvalidAlgorithmParameterException, NoSuchPaddingException {
        new EncryptMacro().encryptAsLO();
    }

    public void encryptAsLO() throws IOException, NoSuchAlgorithmException,
            InvalidKeySpecException, NoSuchPaddingException, InvalidAlgorithmParameterException,
            InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        // needs a dependency on `org.bouncycastle/bcprov-jdk15on/1.65`
        Security.addProvider(new BouncyCastleProvider());

        // copy the manifest parameters
        int plainSize = 332;
        byte[] checksum = Base64.decode("/UdU2OKZn04r0e9O047PaWNqi7LGaHYN9mURmvMCM60=");
        byte[] iv = Base64.decode("ZEk8JHG3bHu8kZw0VGOT+g==");
        int iterationCount = 100000;
        byte[] salt = Base64.decode("jGIagiBnlFdvQctdCkYfRQ==");
        int startKeySize = 32;
        int keySize = 32;

        // password
        String password = "123"; // that's for testing purpose!

        String plainText =
                "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE script:module PUBLIC \"-//OpenOffice.org//DTD OfficeDocument 1.0//EN\" \"module.dtd\">\n<script:module xmlns:script=\"http://openoffice.org/2000/script\" script:name=\"Module1\" script:language=\"StarBasic\" script:moduleType=\"normal\">REM  *****  BASIC  *****\nREM Hello, world!\n</script:module>";
        byte[] encrypted =
                new byte[]{-93, -12, 97, -104, -63, -56, -24, -79, -45, -6, -80, -68, -17, 81, -121,
                        -38, 76, -40, -110, -62, 9, 127, 18, 25, 71, 68, -81, 59, 50, -99, 74, 51,
                        -21, -85, -64, 69, -105, 0, 39, 96, -49, -77, 73, 85, 118, 70, -30, 60, 53,
                        -96, -89, -87, -118, -81, -93, -51, 60, -13, 32, 95, -125, -119, -92, -100,
                        -39, -75, -90, -11, -37, 104, 10, -76, -48, 21, 62, 109, -81, -58, 22, 120,
                        41, 121, 66, -53, 86, -29, -79, -51, -63, -90, -96, 19, -111, 22, -29, -119,
                        -88, -58, -44, 105, -24, -22, -121, -23, -99, 9, -69, 3, -96, 110, -96, 41,
                        55, -123, -102, 89, -5, 71, 58, 114, 29, -123, 37, -80, -110, 55, 85, -92,
                        -21, -34, 3, -21, -34, -31, -74, -13, -7, 123, 58, 9, 44, -83, -114, -1, 30,
                        -94, 121, 99, 18, 4, -109, 103, 61, 89, 108, -24, -86, -82, 55, 126, 102,
                        -49, -103, 84, 99, -91, -22, 49, 120, 68, -79, 84, -66, 90, -81, 63, 13,
                        -65, -75, -50, -104, -56, 122, 68, 97, -44, 118, 105, 59, 1, 111, 39, -85,
                        95, -94, -80, -104, 50, 82, 12, -100, 8, 12, 106, 12, 84, -32, -125, -36,
                        -48, -83, 58, 15, 15, 117, 111, -26, 13, -37, -37, 80, -92, 43, -45, 95, 67,
                        124, 45, 22, -6, -121, 98, 9, -10, -46, 40, 49, -75, -96, -66};

        // check the plain text size
        byte[] source = plainText.getBytes(StandardCharsets.UTF_8);
        this.check("Plain size", plainSize == source.length);
        // deflate the content (see 1. above)
        byte[] deflated = this.deflate(source);
        // and check the checksum (see 2. above)
        this.check("Deflated hash", Arrays.equals(checksum, this.getSha256_1k(deflated)));

        // hash the password (see 3. above)
        byte[] hashedPassword = this.getSha256_1k(password.getBytes(StandardCharsets.UTF_8));
        char[] chars = new char[hashedPassword.length];
        for (int i = 0; i < hashedPassword.length; i++) {
            chars[i] = (char) hashedPassword[i];
        }
        this.check("Start key size", chars.length == startKeySize);
        // or:
        // char[] chars = password.toCharArray();

        // get the key (see 4. above)
        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        KeySpec keySpec = new PBEKeySpec(chars, salt, iterationCount, keySize * 8);
        SecretKey s = factory.generateSecret(keySpec);
        Key key = new SecretKeySpec(s.getEncoded(), "AES");

        // encrypt the data (see 6. above)
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        // or:
        // Cipher cipher = Cipher.getInstance("AES/CBC/ISO10126Padding"); // W3C padding
        cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));
        byte[] result = cipher.doFinal(deflated);

        this.check("Encrypted", Arrays.equals(encrypted, result));
    }

    private byte[] deflate(byte[] data) throws IOException {
        InputStream is = new ByteArrayInputStream(data);
        ByteArrayOutputStream os = new ByteArrayOutputStream();
        final byte[] buffer = new byte[16];  // for testing purpose

        Deflater deflater = new Deflater(Deflater.BEST_COMPRESSION, true);
        DeflaterOutputStream dos = new DeflaterOutputStream(os, deflater);
        int count = is.read(buffer);
        while (count != -1) {
            dos.write(buffer, 0, count);
            count = is.read(buffer);
        }
        dos.close();
        return os.toByteArray();
    }

    private byte[] getSha256_1k(byte[] data) throws NoSuchAlgorithmException {
        MessageDigest digest = MessageDigest.getInstance("SHA-256");
        digest.update(data, 0, Math.min(data.length, 1024));
        return digest.digest();
    }

    private void check(String text, boolean test) {
        if (test) {
            System.out.println(text + " ok");
        } else {
            System.out.println(text + " NOT ok");
            System.exit(1);
        }
    }
}

产出如下:

代码语言:javascript
复制
Plain size ok
Deflated hash ok
Start key size ok
Encrypted NOT ok

当然,我希望生成的加密数据与ODS档案中的数据相同。我试图更改填充(键派生函数),将password直接传递给PBEKeySpec,三次检查密码等等,但都没有成功。我还查看了LibreOffice (https://github.com/LibreOffice/core/tree/master/oox/source/crypto)的源代码,但没有发现代码中有什么问题。(如果这有关系,我在Ubuntu18.04.10和Java8上使用了LibreOffice Calc版本: 6.0.7.3。)

我的问题是:我的错误在哪里,我如何纠正它?

java
encryption
aes
libreoffice
ods
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2020-05-25 15:06:05

代码中有三个问题:

  1. 根据规范,PBKDF2与HMAC-SHA1 1(而不是HMAC-SHA1 256)一起使用,s. 3.4.2加密过程
  2. PBKDF2WithHmacSHA256派生的键PBKDF2WithHmacSHA256PBKDF2KeyImpl的一个实例,它需要一个UTF8字符串作为密码(参见PBKDF2KeyImpl类的文档)。但是,在这里,密码是一个散列,通常与UTF8不兼容。一种可能的解决方案是将PBEKeySpec替换为Bouncy城堡的PKCS5S2ParametersGenerator,它要求密码为字节数组(在init中)。对于此解决方案,请替换 SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");KeySpec keySpec =新PBEKeySpec(炭、盐、iterationCount、keySize * 8);SecretKey s= factory.generateSecret(keySpec);Key =新SecretKeySpec(s.getEncoded(),"AES"); 使用 PBEParametersGenerator生成器=新PKCS5S2ParametersGenerator(新的SHA1Digest());generator.init(hashedPassword,salt,iterationCount);KeyParameter keyParam =generator.init*8;Key =新SecretKeySpec(keyParam.getKey(),"AES");
  3. 所使用的填充是ISO10126Padding,因此AES/CBC/PKCS7Padding必须由AES/CBC/ISO10126Padding代替。验证这一点的最简单方法是解密目标密文(encrypted),而不删除填充(AES/CBC/NoPadding)。最后一个块是06230276DDC67229EB31E830A1D7500F,它符合ISO10126Padding。对于ISO10126Padding,最后一个字节指定填充字节的数量,该字节(除了最后一个字节)由随机值组成。因此,在本例中,最后15个字节是填充字节。 ISO10126Padding也是为什么将字节级别的密文与 This.check(“加密”,Arrays.equals(加密,结果)); 失败了。因此,在比较密文时,不能考虑填充块。
票数 1
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/62001716

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档