Bug 40006 - default ODF encryption etc algorithms changed, so encrypted/protected documents from master cannot be opened in <= 3.4.X
Summary: default ODF encryption etc algorithms changed, so encrypted/protected documen...
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
(earliest affected)
Master old -3.6
Hardware: x86 (IA32) Linux (All)
: highest critical
Assignee: Stephan Bergmann
Depends on:
Reported: 2011-08-11 05:20 UTC by Cor Nouws
Modified: 2011-12-15 07:58 UTC (History)
3 users (show)

See Also:
Crash report or crash signature:

ods password protected in 342 (6.66 KB, application/vnd.oasis.opendocument.spreadsheet)
2011-08-11 05:20 UTC, Cor Nouws

Note You need to log in before you can comment on or make changes to this bug.
Description Cor Nouws 2011-08-11 05:20:49 UTC
Created attachment 50122 [details]
ods password protected in 342

create spreadsheet in 3.4.2
save with password
open in build_from_master
edit and save
try to open again in 3.4.2
 > Error X
   Error in reading Subdocument ... on position ..

try to open again in build_from_master
 > OK

Version info:
LibreOffice 3.5.0 
Build ID: 0410bba-4eb4f62-260b7c1

Attached the document I created new (not my original password protected file)
password: password
Comment 1 Cor Nouws 2011-08-11 05:26:55 UTC
same problem when you try to open a password protected file from 35Master in 3.4.2
Comment 2 Markus Mohrhard 2011-08-11 11:12:34 UTC
I have noticed this already but I was unable to reproduce it when I worked on the password code two weeks ago.

I have some open work left in the password code and i will look at it when I do this. Might be that we don't use the correct algorithm at the moment.

Did you try if you can open a LibreOffice 3.3 file in 3.4 or master?
Comment 3 Cor Nouws 2011-08-11 11:38:27 UTC
hi Markus,

didn't notice any problems previous, so 3.3.x > 3.4.x must be OK.
Just tested: password protected from 3.3.3 opens fine in MasterBuild

Looking at the errors I get: it are all errors complaining about one or another xml file ...
HTH - Cor
Comment 4 Cor Nouws 2011-08-11 12:09:41 UTC
error in console when starting 3.3 from command line and trying to open file again:
librdf error URI file:///home/cono/tstPasswordFrom33ToMaster.odt/ - XML parser error: Document is empty
Comment 5 Markus Mohrhard 2011-08-12 15:29:02 UTC
Hello Cor,

can you reproduce this every time? I had a look at the generated manifest.xml and there are no password information saved. This file is totally invalid can neither be opened in 3.4 nor in 3.5.

I had a quick look at a newly generated manifest.xml and we have a missing line in a 3-4 document:

//Version master
<manifest:file-entry manifest:media-type="text/xml" manifest:full-path="settings.xml" manifest:size="7226">
    <manifest:encryption-data manifest:checksum-type="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k" manifest:checksum="5+tFidD/SNAtXf1fHsBcoXSEghaK6y9gb9KbdeyD4kM=">
        <manifest:algorithm manifest:algorithm-name="http://www.w3.org/2001/04/xmlenc#aes256-cbc" manifest:initialisation-vector="VelJ1kajLXUIeoDIkSG2Ow=="/>
        <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:key-size="32" manifest:iteration-count="1024" manifest:salt="Vrp3nZICerDtWfXs2fqVag=="/>
        <manifest:start-key-generation manifest:start-key-generation-name="http://www.w3.org/2001/04/xmlenc#sha256" manifest:key-size="32"/>

//Version 3.4
<manifest:file-entry manifest:media-type="text/xml" manifest:full-path="settings.xml" manifest:size="7226">
    <manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="ba3iogtlREVABXDLTrQ5d0DJIDk=">
        <manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="CcoafZ9v4Rk="/>
        <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:iteration-count="1024" manifest:salt="4i1aKukpZWu2BhCTwar2Jw=="/>

//version 3.3
<manifest:file-entry manifest:media-type="text/xml" manifest:full-path="styles.xml" manifest:size="6933">
    <manifest:encryption-data manifest:checksum-type="SHA1/1K" manifest:checksum="i9UUUMTixqCE5k1mVYGt0hIG/Aw=">
        <manifest:algorithm manifest:algorithm-name="Blowfish CFB" manifest:initialisation-vector="YPXtGlqCoCk="/>
        <manifest:key-derivation manifest:key-derivation-name="PBKDF2" manifest:key-size="16" manifest:iteration-count="1024" manifest:salt="YK1YYEXehMzE3s42UVSfqA=="/>
        <manifest:start-key-generation manifest:start-key-generation-name="SHA1" manifest:key-size="20"/>

I think that only the master version is a valid odf 1.2 document.
Comment 6 Cor Nouws 2011-08-13 13:30:43 UTC
When I password protect a file in 3.4.2, I can open it in 35Master
When I password protect a file in 35Master I can not open it in 3.4.2,

Tested again. Same pattern. (And with my initial report, I didn't notice irregulaties too ...)

Typical error message: 
" Read error 
Format error discoverenr in subdocument styles.xml on position 1,n (row, column) "

(But I've seen another xml-file seen mentioned too)

I have no opinion on what manifest xml is the correct one.

If it would help to start with gdb or ?? pls, give me a hint (or some more if needed), then I'll do my best.

Can't you reproduce the error on your system?
Comment 7 Caolán McNamara 2011-08-15 03:49:35 UTC
This was a deliberate (I believe) change, see


to get an encrypted documented out of master which can be opened in <= 3.4, one needs to toggle ODF 1.1 on instead of ODF 1.2 Extended in tools->options
Comment 8 Cor Nouws 2011-08-15 04:08:46 UTC
Indeed, chosing ODF 1.0/1.1 as save format, makes it possible to open a encrypted doc from 35 Master in 342
Comment 9 Caolán McNamara 2011-12-15 07:34:54 UTC
we did this IIRC, i.e. backport support for reading these encryptions to the 3.4.X series
Comment 10 Stephan Bergmann 2011-12-15 07:45:01 UTC
Right, reading AES-encrypted ODF 1.2 documents (as genereated by LibO 3.5) has been backported to LO-3-4 towards LO 3.4.5 as <http://cgit.freedesktop.org/libreoffice/components/commit/?h=libreoffice-3-4&id=c726de0c282cab62b9f1a3b51249e37224325fe9> etc.