https://issues.apache.org/ooo/show_bug.cgi?id=119090
--- Comment #2 from orcmid <[email protected]> 2012-03-19 00:02:29 UTC --- The OASIS Standard ODF 1.2 Part 3 specifies the following conformance requirements with regard to choice of encryption methods (section 4.8.1): "Package producers that support encryption shall support the value Blowfish CFB. Package consumers that support encryption shall support the values Blowfish CFB and urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#blowfish." Although other algorithms are allowed for ODF 1.2, these are the only ones that are required to be supported for ODF 1.2 conformance. Furthermore, the one document encryption method defined for ODF 1.0/1.1 is fully allowable in ODF 1.2, in exactly the form provided in ODF 1.0/1.1. RECOMMENDATION Have the automatic choice of encryption methods and parameters be the same as when the document is saved in ODF 1.0/1.1 format. Do this even when Load/Save is set to ODF 1.2 or ODF 1.2 (extended). Still *ACCEPT* (but do not produce) any of the additional encryption methods and parameters including (1) SHA256 start-key digests, SHA256-1k confirmation checksums, and at least AES256-CBC among the other AES and Triple-DES algorithms allowed in accordance with section 5.2 of [xmlenc-core]. *AFTER* AOO 3.4, consider whether or not to allow user-controlled choice of a different encryption during a Save with Password operation. At that time, it can be determined how to advise users about the optional use and limitation to consumers that support the same optional parameters. This would be something useful to coordinate with LibreOffice support for optional ODF 1.2 encryption cases as well. -- Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
