2.2.10 Protected Content Stream
The protected content stream (1) MUST be contained within the root storage. If the original document content is an ECMA-376 document [ECMA-376], the stream (1) MUST be named "EncryptedPackage". For all other original document content types, it MUST be named "\0x09DRMContent".
The protected content stream (1) has the following structure.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Length |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
Contents (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Length (8 bytes): An unsigned 64-bit integer that specifies the size, in bytes, of the plaintext data that is stored encrypted in the Contents field.
Contents (variable): Specifies the protected content. The protected content MUST be encrypted or decrypted with the content symmetric key encrypted for the user in the end-user license as specified in [MS-RMPR]. Protected content MUST be encrypted or decrypted using AES-128, a 16-byte block size, electronic codebook (ECB) mode, and an initialization vector of all zeros.