Bug ID: 390338
           Summary: implementation of 19.697 table:protection-key doesn't
                    conform to ODF 1.2
           Product: calligrasheets
           Version: 3.0.0
          Platform: Other
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: opendocument
  Target Milestone: ---

tested version: calligra-sheets-3.0.1-16.fc27.x86_64

ODF 1.1 allowed these attributes to set passwords to "protect" spreadsheet
documents and sheets, and did not specify in any way what their string value

ODF 1.2 part 1 says about them:

19.851 text:protection-key-digest-algorithm

... The password shall be provided as a sequence of bytes in UTF-8 encoding.

... Consumers shall support, which is
the default, and

bugs vs. ODF 1.2:

1. apparently the implementation uses UTF-16 little-endian encoding for the
password, at least LibreOffice 5.4 can verify the password and it only uses

2. only SHA1 is supported, not the mandatory SHA256

verifying the above variants in addition to the currently implemented one would
be nice i guess.

see LO bug
and LO fix
for inspiration, particularly SvPasswordHelper::CompareHashPassword which does
all verification in one place.

You are receiving this mail because:
You are watching all bug changes.

Reply via email to