Bug 154747 - write error when saving a xlsx file with gpg encryption (and unexpected result with ods+gpg)
Summary: write error when saving a xlsx file with gpg encryption (and unexpected resul...
Status: RESOLVED DUPLICATE of bug 121140
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Calc (show other bugs)
Version:
(earliest affected)
7.0.0.3 release
Hardware: All All
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords: bibisected, bisected
Depends on:
Blocks: Digital-Signatures
  Show dependency treegraph
 
Reported: 2023-04-10 16:14 UTC by help.7ocym
Modified: 2024-07-11 12:04 UTC (History)
3 users (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description help.7ocym 2023-04-10 16:14:16 UTC
Description:
when I try to save and encrypt the spreadsheet using xlsx format I get a "write error" message box (with nothing useful to know the error)

saving in ods + gpg encryption format works (but produce unexpected result see information below).

suspecting similar issue on other documents (writer...) when using microsoft format

Steps to Reproduce:
1.open a spreadsheet
2.file->save as
3.choose xlsx file format
4.check "encrypt with gpg key"

Actual Results:
1.the key chooser is displayed 
2.when saving a error message box is displayed "write error, the file could not be written"

Expected Results:
a binary encrypted file


Reproducible: Always


User Profile Reset: No

Additional Info:
seems that when saving ods+gpg file the content is encrypted but the container remain a zip
for compatibility with ms office, which I think don't support "in archive pgp file encryption", I would have expected to have the file be the result of "gpg -e file" and have a file type of "PGP/MIME-encrypted message header"

same for ODS file by the way... this could even create "dual encryption" : the "save with password" option act as described by https://support.microsoft.com/en-us/office/protect-a-document-with-a-password-05084cc3-300d-4c1a-8416-38d3e37d6826 

and GPG encryption should encrypt the result file as if it was an email attachement.

so, when opening a file with a xlsx or ods extension, if the file type is "PGP/MIME-encrypted message header" the gpg key is prompted, then the file decifered, the result is opened as a regular file (so password is prompted if file is password protected...) 

on saving, the file is saved as the requested format, applying password protection if requested, then piped to gpg to encrypt the result
Comment 1 Stéphane Guillou (stragu) 2023-04-25 13:18:07 UTC
Focusing on encrypting an XLSX with an OpenPGP key, I see the same message in a recent master build:

Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: 5cd9de202765e243e41416802f3e4486b8a96f16
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

Started in 7.0, but beforehand the file would just be saved unencrypted, so not a regression.
As our documentation says, we can only encrypt ODF files with OpenPGP: https://help.libreoffice.org/7.6/en-US/text/shared/guide/openpgp.html

Bibisected in linux-64-7.0 repo to:

commit b9353394f46e46485fd148f2842f0c1e8e5322e3
author	Vasily Melenchuk <vasily.melenchuk@cib.de>	Tue Sep 03 21:08:34 2019 +0300
committer	Thorsten Behrens <Thorsten.Behrens@CIB.de>	Mon May 25 10:04:15 2020 +0200
[MS-OFFCRYPTO] convert oox implementation into UNO service
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/84436

The change is listed in the release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.0#UNO_API_changes

Vasily, what do you think? If this just a case of needing a better error message to explain that OOXML can't use this? Or even better: stop earlier in the process, before letting the user select a key?
Comment 2 help.7ocym 2023-04-25 15:24:36 UTC
hummm ok, 

so at least : 
stop earlier in the process, before letting the user select a key and display a message saying pgp encryption isn't supported 


as an improvement : allow gpg encrypted file to be opened and saved 
as 
"writer | gpg -e file -recipient alice@example.com \
    --recipient bob@example.com" 

or for opening 

"gpg -d file | writer" 

I think the improvement is really useful as it is "file format agnostic" and even if it breaks MS office compatibility, a user can still open the file by decrypting it locally...
Comment 3 Thorsten Behrens (allotropia) 2024-07-11 10:26:24 UTC
This should be fixed with bug 121140 (by simply not permitting anything but ODF files to be gpg-encrypted). For the ODS file, this is NOTABUG, the openpgp encryption feature is standardized in ODF.
Comment 4 Moritz Duge 2024-07-11 12:04:13 UTC
(In reply to Thorsten Behrens (allotropia) from comment #3)
> This should be fixed with bug 121140 (by simply not permitting anything but
> ODF files to be gpg-encrypted). For the ODS file, this is NOTABUG, the
> openpgp encryption feature is standardized in ODF.

Yes. I marked this as a duplicate.

With some luck we'll have a fix soon, where the "Encrypt with GPG key" checkbox gets disabled for anything but ODF.


(In reply to help.7ocym from comment #2)
> [...]
> as an improvement : allow gpg encrypted file to be opened and saved 
> as 
> "writer | gpg -e file -recipient alice@example.com \
>     --recipient bob@example.com" 

That's not really the intended usage scenario here. Sorry :-/
If you like to encrypt the whole file using GPG, please use GPG directly as you described it.

The idea of this ODF feature is to encrypt the data inside the ZIP container. That's also why the encrypted ODF is still a valid ZIP file. Before LibreOffice-24.2 just the strings in the XML files got encrypted. Starting with LibreOffice-24.2 there's an encrypted container in the ZIP file and just the encryption metadata stays in plain test as it must.

*** This bug has been marked as a duplicate of bug 121140 ***