Office 2007 'Password to Open' Decryption
Posted on 2007-08-04
I am a C++ developer trying to programatically decrypt an office 2007 file. I know the password, and i'm trying to map the algorithm to extract the document into an unencrypted archive. There are a couple issues i am having, though they are all tied into the decryption process. I have scoured the net for information on how to open the encrypted archive without luck.
The encrypted file is saved as an OLE document. The "EncryptedPackage" OLE storage contains the encrypted data. AES 128 is used by default. The encrypted data has to have a multiple of 16B in order to be properly decrypted. The encrypted data always contains an extra 8B. How do i account for this extra data? How is the original data padded to fit the 16B standards.
The password to AES 128 is 32B. The marketting surrounding the office 2007 encryption claims the password goes through 50,000 iterations of SHA1 hash. SHA1 returns a 20B hash for the password. Office 2007 allows for passwords up to 255 characters long. How is the password formatted upon entering the SHA1 hash? Is a salt used? Do i padd the resulting 20B SHA1 result with 12 0's after the result?
There are multiple questions listed here, but all fall under the same problem. If i should split it down into 2 or more questions, please let me know. Pointing me to a resource where this has been addressed would work just as well.