Apache POI - Encryption support
Overview
Apache POI contains support for reading few variants of encrypted office files:
- Binary formats (.xls, .ppt, .doc, ...)
encryption is format-dependent and needs to be implemented per format differently.
Use Biff8EncryptionKey.setCurrentUserPassword(String password) to specify the decryption password before opening the file or (where applicable) before saving. Setting a null password before saving removes the password protection.
The password is set in a thread local variable. Do not forget to reset it to null after text extraction. - XML-based formats (.xlsx, .pptx, .docx, ...)
use the same encryption logic over all formats. When encrypted, the zipped files will be stored within an OLE file in the EncryptedPackage stream.
If you plan to use POI to actually generate encrypted documents, be aware not to use anything less than agile encryption, because RC4 is not really secure and ECB chaining is problematic too. Of course you'll need to make sure, that your clients can read the documents, i.e. the various free Excel, Powerpoint, Word viewers have limitations in the cipher or hashing parameters.
If you want to use high encryption parameters, you need to install the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" for your JRE version (Oracle JDK6, JDK7, JDK8, IBM JDK8).
Some "write-protected" files are encrypted with the built-in password "VelvetSweatshop", POI can read that files too.
Supported feature matrix
Encryption | HSSF | HSLF | HWPF |
---|---|---|---|
XOR obfuscation *) | Yes (Writing since 3.16) | N/A | No |
40-bit RC4 encryption | Yes (Writing since 3.16) | N/A | Yes (since 3.17) |
Office Binary Document RC4 CryptoAPI Encryption | Yes (Since 3.16) | Yes | Yes (since 3.17) |
XSSF | XSLF | XWPF | |
Office Binary Document RC4 Encryption **) | Yes | Yes | Yes |
ECMA-376 Standard Encryption | Yes | Yes | Yes |
ECMA-376 Agile Encryption | Yes | Yes | Yes |
ECMA-376 XML Signature | Yes | Yes | Yes |
*) the xor encryption is flawed and works only for very small files - see #59857.
**) the MS-OFFCRYPTO documentation only mentions the RC4 (without CryptoAPI) encryption as a "in place" encryption, but apparently there's also a container based method with that key generation logic.
Binary formats
As mentioned above, use Biff8EncryptionKey.setCurrentUserPassword(String password) to specify the password.
XOR/RC4 decryption for xls
RC4 CryptoApi support ppt - decryption
XML-based formats - Decryption
XML-based formats are stored in OLE-package stream "EncryptedPackage". Use org.apache.poi.poifs.crypt.Decryptor to decode file:
If you want to read file encrypted with build-in password, use Decryptor.DEFAULT_PASSWORD.
XML-based formats - Encryption
Encrypting a file is similar to the above decryption process. Basically you'll need to choose between binaryRC4, standard and agile encryption, the cryptoAPI mode is used internally and it's direct use would result in an incomplete file. Apart of the CipherMode, the EncryptionInfo class provides further parameters to specify the cipher and hashing algorithm to be used.
XML-based formats - Signing (XML Signature)
An Office document can be digital signed by a XML Signature to protect it from unauthorized modifications, i.e. modifications without having the original certificate. The current implementation is based on the eID Applet which is dual-licensed to Apache License 2.0 and LGPL v3.0. Instead of using the internal JDK API this version is based on Apache Santuario.
The classes have been tested against the following libraries, which need to be included additionally to the default dependencies:
- BouncyCastle bcpkix and bcprov (tested against 1.65)
- Apache Santuario "xmlsec" (tested against 2.1.5)
- and slf4j-api (tested against 1.7.30)
Depending on the configuration and the activated facets various XAdES levels are supported - the support for higher levels (XAdES-T+) depend on supporting services and although the code is adopted, the integration is not well tested ... please support us on integration (testing) with timestamp and revocation (OCSP) services.
Further test examples can be found in the corresponding test class.
If you want to use a hash algorithm with 64 bytes (currently only applies to SHA512),
a base64 "feature" in xmlsec
leads to line breaks in the digest values, which won't be accepted by Office. To workaround this, you
need to set the following system property:
-Dorg.apache.xml.security.ignoreLineBreaks=true
Validating a signed office document
Signing an office document
Signing a file
Signing a stream - in-memory
When saving a OOXML document, POI creates missing relations on the fly. Therefore calling the signing method before would result in an invalid signature. Instead of trying to fix all save invocations, the user is asked to save the stream before in a intermediate byte array (stream) and process this stream instead.
Encrypting temporary files created when unzipping an OOXML document
For security-conscious environments where data at rest must be stored encrypted, the creation of plaintext temporary files is a grey area.
The code example, written by PJ Fanning, modifies the behavior of SXSSFWorkbook to extract an OOXML spreadsheet zipped container and write the contents to disk using AES encryption.
See SXSSFWorkbookWithCustomZipEntrySource.java and other files that are needed for this example.
Debugging XML signature issues
Finding the source of a XML signature problem can be sometimes a pain in the ... neck, because the hashing of the canonicalized form is more or less intransparent done in the background.
One of the tripping hazards are different linebreaks in Windows/Unix, therefore use the non-indent form of the xmls. Furthermore the elements/anchestors containing namespace definitions and the used prefix might also differ.
The next thing is to compare successful signed documents from Office vs. POIs generated signature, i.e. unzip both files and look for differences. Usually the package relations (*.rels) will be different, and the sig1.xml, core.xml and [Content_Types].xml due to different order of the references.
The package relationsships (*.rels) will be specially handled, i.e. they will be filtered and only a subset will be processed - see 13.2.4.24 Relationships Transform Algorithm.
POI and Santuario (XmlSec) use SLF4J for logging. To get logging information and debug output ...:
-
add the following JVM parameters:
-Djava.io.tmpdir=<custom temp directory>-Xbootclasspath/p:<preload dir, which contains /org/apache/xml/security/utils/UnsyncBufferedOutputStream.class>-Dorg.apache.poi.util.POILogger=org.apache.poi.util.CommonsLogger
- replace commons-logging.jar with jcl-over-slf4j.jar
- beside log4j.jar, add slf4j-log4j12.jar
-
add a log4j.properties into the path with the following content:
log4j.rootLogger=ALL,FILE# Define the file appenderlog4j.appender.FILE=org.apache.log4j.FileAppenderlog4j.appender.FILE.File=debug.loglog4j.appender.FILE.ImmediateFlush=truelog4j.appender.FILE.Threshold=debuglog4j.appender.FILE.Append=falselog4j.appender.FILE.layout=org.apache.log4j.PatternLayoutlog4j.appender.FILE.layout.conversionPattern=%-5p %c %x - %m%n
-
To check the processed files in the canonicalized form, the below UnsyncBufferedOutputStream class needs
to be injected/replaced. Put the .class file in separate directory and add it to the JVM parameters (see above):
package org.apache.xml.security.utils;import java.io.File;import java.io.FileOutputStream;import java.io.IOException;import java.io.OutputStream;public class UnsyncBufferedOutputStream extends OutputStream {static final int size = 8*1024;static int filecnt = 0;private int pointer = 0;private final OutputStream out;private final FileOutputStream out2;private final byte[] buf;public UnsyncBufferedOutputStream(OutputStream out) {buf = new byte[size];this.out = out;synchronized(UnsyncBufferedOutputStream.class) {try {String tmpDir = System.getProperty("java.io.tmpdir");if (tmpDir == null) {tmpDir = "build";}File f = new File(tmpDir, "unsync-"+filecnt+".xml");out2 = new FileOutputStream(f);} catch (IOException e) {throw new RuntimeException(e);} finally {filecnt++;}}}public void write(byte[] arg0) throws IOException {write(arg0, 0, arg0.length);}public void write(byte[] arg0, int arg1, int len) throws IOException {int newLen = pointer+len;if (newLen > size) {flushBuffer();if (len > size) {out.write(arg0, arg1,len);out2.write(arg0, arg1,len);return;}newLen = len;}System.arraycopy(arg0, arg1, buf, pointer, len);pointer = newLen;}private void flushBuffer() throws IOException {if (pointer > 0) {out.write(buf, 0, pointer);out2.write(buf, 0, pointer);}pointer = 0;}public void write(int arg0) throws IOException {if (pointer >= size) {flushBuffer();}buf[pointer++] = (byte)arg0;}public void flush() throws IOException {flushBuffer();out.flush();out2.flush();}public void close() throws IOException {flush();out.close();out2.close();}}
by Maxim Valyanskiy, Andreas Beeker