-
Notifications
You must be signed in to change notification settings - Fork 31
Cryptography algorithms for MS Excel
Find here information which cryptography algorithms are supported for MS Excel. Note that you should use an in-depth analysis which security algorithms are suitable. As such, hadoopoffice does not define a default configuration, such as agile-aes256-CBC-sha512, but you need to define value for each attribute explicitly. Excel supports a lot of algorithms which are not secure, such as RC4, SHA1 or ECB.
Additionally, please think about secure passwords, otherwise any encryption of office document will be useless.
- "agile" (recommended by Apache POI)
- "cryptoAPI"
- "standard"
- "binaryRC4"
- "aes256"
- "aes192"
- "aes128"
- "rsa"
- "des3_112"
- "des3"
- "des"
- "rc4"
- "rc2"
- "cbc"
- "cfb"
- "ecb"
- "sha512"
- "sha384"
- "sha256"
- "sha224"
- "whirlpool"
- "sha1"
- "ripemd160"
- "ripemd128"
- "md5"
- "md4"
- "md2"
- "none"
Since version 1.1.0 HadoopOffice supports signing of new Excel files (.xlsx). You can specify one of the following hash algorithms for the digital signature:
- "sha512"
- "sha384"
- "sha256"
- "sha224"
- "whirlpool"
- "sha1"
- "ripemd160"
- "ripemd128"
- "md5"
- "md4"
- "md2"
- "none"
The following signature formats will be used:
- OOXML
- KeyInfo
- XAdES
- Office2010
Note: Encryption of old Excel files is supported since hadoopoffice 1.0.3, because it uses Apache POI 3.16.
The old Excel format is outdated with respect to cryptography. It only supports RC4 encryption and no signing within the document. Hence, you need to specify only the password to encrypt.
You are of course free to encrypt it more securely and sign it. However, you need to decrypt and verify the signature outside of Excel.
Write-protected files are encrypted documents in Excel with the password "VelvetSweatshop".
See the Apache POI web site.