search

nissl-lab / npoi

a .NET library that can read/write Office formats without Microsoft Office installed. No COM+, no interop.
Apache License 2.0
5.71k stars 1.43k forks source link

Support password protection on Word documents #365

Open JValck opened 4 years ago

JValck commented 4 years ago

The apache repo allows to use passwords when enforcing readonly access. The current implementation is securitywise weak as anyone can remove te restrictions.

See the official apache docs

public void enforceReadonlyProtection(java.lang.String password,
                                      HashAlgorithm hashAlgo)

Enforces the readOnly protection with a password.

sample snippet from settings.xml

   <w:documentProtection w:edit="readOnly" w:enforcement="1"
       w:cryptProviderType="rsaAES" w:cryptAlgorithmClass="hash"
       w:cryptAlgorithmType="typeAny" w:cryptAlgorithmSid="14"
       w:cryptSpinCount="100000" w:hash="..." w:salt="...."
   />

Parameters:
    password - the plaintext password, if null no password will be applied
    hashAlgo - the hash algorithm - only md2, m5, sha1, sha256, sha384 and sha512 are supported. if null, it will default default to sha1
tonyqus commented 4 years ago

this is not supported yet.

CSharpSeraph commented 3 years ago

Hi everyone, any plans to implement this?