I think reverting to Blowfish with 8-bit CFB and the default algorithms is a good idea regardless.
I have confirmed that when OOo-dev 3.4 is set to save in ODF 1.0/1.1 format, it will use the default algorithms for Password protection of files, as expected. I also confirmed that saving in ODF 1.2 and ODF 1.2 extended format, the aes256 algorithm is used. The resulting encrypted document will fail on open with any of these releases: OpenOffice.org 2.4.1 OpenOffice.org 3.2.0 LibreOffice.org 3.3.2 LibreOffice.org 3.4.3 Lotus Symphony 3 fixpack3 Note that the only algorithm required to be supported by ODF 1.2 Package consumers is the default Blowfish CFB. Other algorithms are admissible, but none are recommended in the ODF 1.2 specification and only the one is required. - Dennis -----Original Message----- From: Mathias Bauer [mailto:[email protected]] Sent: Friday, September 16, 2011 15:40 To: [email protected] Subject: Re: AOOo can't save passwort protected file Hi, AOOo can't use the nss libraries as easily as it was possible in the "old" OOo, so perhaps a fix would be to revert the default encryption algorithm in AOOo from AES to Blowfish in 3.4 until we found a replacement for the AES encryption code from the nss libs. I know that MPL libs can be used "in binary form" in Apache projects, here's the wording: "Software under the following licenses may be included in binary form within an Apache product if the inclusion is appropriately labeled: (...)" (lists MPL 1.0 and 1.1) As most 3rd party software is included in binary form in release anyway, I wonder what that means in practice. Perhaps somebody in the know can explain that. Regards, Mathias Am 16.09.2011 10:40, schrieb Chao Huang: > hi, Jürgen > > Yes, I built AOOo with argument "--disable-mozilla". I will try to > rebuild AOOo without that arg. > > Do we have any alternative way to solve the problem quickly? For > example, put mozilla library into someplace? Thanks! > > > On Fri, 2011-09-16 at 10:30 +0200, Jürgen Schmidt wrote: >> Hi Raphael, >> >> i assume you have built your office with at least --disable-mozilla, >> correct? As far as i know the password encryption used some stuff from the >> mozilla code. So there will be a problem. >> >> Juergen >> >> >> On Fri, Sep 16, 2011 at 10:01 AM, Raphael Bircher <[email protected]> wrote: >> >> > Hi Dennis >> > >> > Thank you for the test too >> > >> > Am 16.09.11 03:19, schrieb Dennis E. Hamilton: >> > >> > I can't confirm with an AOOo Build, but I did check the OOO-dev 3.4 on >> >> win32 to see if the problem existed previously. I was able to password >> >> protect (encrypt) a simple Writer document. It saved and opened fine >> >> (after >> >> I gave the password again. >> >> >> > So this is maybe a regression >> > >> > What was interesting to me was that OO.o 2.4.1 (Novell Edition) failed to >> >> open the document and never got to recognizing that it was encrypted. I >> >> got >> >> a bad XML message, suggesting that an encrypted file was being mistakenly >> >> opened without decryption first. >> >> >> > I think, that has nothing to do with it. >> > >> > >> > Greetings Raphael >> > >> > >> > -- >> > My private Homepage: http://www.raphaelbircher.ch/ >> > >
