Open source software security

Microsoft Office Encryption 2003 and 2007

30 November -0001
by: Justin Klein Keane

Summary

This article was designed to address some nagging questions about utilizing Microsoft Office encryption as well as compatibility issues between Office 2003 and Office 2007. There isn't a lot of good documentation online about the differences between Office 2003 and Office 2007 encryption schemes, but there have been some notable instances of weaknesses being pointed out in Microsoft encryption schemes.

Through the course of writing this article I set to answer a series of questions that included the following:u

  1. Microsoft Office 2003 used to use a weak form of encryption. What was this weak form? Has this problem been addressed? How? What update or service pack addresses the problem?
  2. Can documents encrypted with Office 2007 be read with Office 2003? Is a patch or other update necessary? Which one and why?
  3. Can Office 2003 or 2007 utilize 256 bit AES encryption with SHA-1? If so how? If not, why not.

Microsoft Office 2003

Originally in Office 2003, the encryption improperly used the RC4 stream cipher (The Misuse of RC4 in Microsoft Word and Excel) with a 128-bit key with a common initialization vector and key stream for a document regardless of how many times it was encrypted. This meant that if an attacker observed multiple copies of a document (say as people e-mailed it back and forth with tracked changes) then the attacker could crack the password by comparing the various versions of the document. This weakness is addressed by installing the Microsoft Office Compatability pack:

"By installing the Compatibility Pack in addition to Microsoft Office 2000, Office XP, or Office 2003, you will be able to open, edit, and save files using the file formats new to Word, Excel, and PowerPoint 2007." [1]

The "file formats new to Word, Excel, and Powerpoint 2007" refer to the 128 bit AES encryption and SHA-1 hashing used by Office 2007. Note, however, that Microsoft Office 2003 relies on encryption algorithms installed on the host system to enable advanced encryption settings. Thus only Windows XP SP 2 and Vista can interpret the Office 2007 encryption format. Even with the compatibility pack installed, Office 2003 cannot encrypt documents using the SHA-1 AES standard that is utilized by Office 2007 (however, they can read documents encrypted in this fashion, with caveats - see below).

Creating an Office 2003 Encrypted File

Office 2003 SP2 addresses some of these problems. You can alter the default encryption settings by opening any Microsoft Office application, going to Tools -> Options and clicking the Security tab. Then click the 'Advanced' button. The option 'Office 97/2000 Compatible' will be selected. Changing this to another option, such as 'RC4, Microsoft Enhanced RSA and AES Cryptographic Provider (Protoype)' will allow you to utilize up to 128 bit encryption. Note that the encryption key must be between 40 and 128 bits and cannot exceed 128 bits by default. Different encryption types will allow for different key lengths. Be sure to check the 'Encrypt document properties' box as well or critical information about the document could be leaked. In my tests, selecting 'RC4, Microsoft Enhanced Cryptographic Provider v1.0' allowed 128 bit encryption that was easily read by Microsoft 2007. NOTE: You must select File -> Save As, then select the 'Tools' drop down in the upper right of the file dialog prompt, then select security options and set a 'Password to open:' and click the 'Advanced' button to set the encryption level. Then click 'OK' (do *not* click the 'Protect Document' button or the prompt will close and the document will not save encrypted) which will cause a 'Confirm Password' prompt to appear. Confirm your password and click 'OK'.

Also note that OpenOffice only supports Microsoft Office 97/2000 compatible password (weak) encryption, so utilizing stronger encryption will mean that OpenOffice users will not be able to access the file.

Office 2007

Microsoft Office 2007 uses SHA-1 hashing with 128 bit AES encryption in order to provide a stronger level of security. Documents encrypted using this method cannot be read by users of Office 2003 unless the Microsoft Office Compatibility Pack has been installed (Microsoft.com).

The default encryption algorithm is AES 128 bit, however, this can be increased to 256 bit via a Registry entry, local security policy, or domain Group Policy.

To alter the 128 bit encryption to 256 bit encryption post installation it is necessary to use the Office Customization Tool (OCT). The OCT is part of the installation media, to run the OCT simply insert the installation disk and at the command line run "setup.exe /admin". For further details on the OCT see Microsoft TechNet.

Creating an Encrypted Office 2007 File

Click on the Office button in the upper left, select Prepare -> Encrypt Document. This will prompt you for a password, and to confirm the password.

Keep in mind that any docx format (the default file format for Office 2007) will be unreadable to Office 2003 without installing the Compatibility Pack for the Office 2007 System from Microsoft. Note that docx files that are encrypted using Office 2007 are unable to be read by Office 2003 even if the compatibility pack is installed.

In order to encrypt a document in Office 2007 so that it can be read using Office 2003 the document mus first be protected using the Prepare -> Encrypt Document procedure described above. However, the document must then be saved using the Save As -> Word 97-2003 Document option.

Conclusions

Even with the compatibility pack installed, Microsoft Office 2003 cannot encrypt documents using SHA-1 AES encryption, the standard for Office 2007. Instead, Office 2003 must rely on the older RC4 stream encryption technique. While technically RC4 can be implemented soundly, the fact that Microsoft has moved away from that encryption model in Office 2007 indicates a lack of faith in the technology or implementation. Further complicating compatibility between the two versions of Office is the new docx format. Given the fact that encrypting a document with reasonable security is not a simple process in Office 2003, it is probably a feature best left to Office 2007 users.

Resources

  1. Safeguard your Office 2007 files with encryption, document protection, and digital signatures
  2. 2007 Microsoft® Office System Document Encryption
  3. 'Serious' Microsoft Office Encryption Flaw Uncovered
  4. Important Aspects of Password and Encryption Protection
  5. Security in Microsoft Office 2003 Editions
  6. Microsoft Office Compatibility Pack