2.3.4.6 \EncryptionInfo Stream (Extensible Encryption)
ECMA-376 documents [ECMA-376] can optionally use user-provided custom (extensible) encryption modules. When extensible encryption is used, the \EncryptionInfo stream (1) MUST contain the structure described in the following table.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
EncryptionVersionInfo |
|||||||||||||||||||||||||||||||
|
EncryptionHeader.Flags |
|||||||||||||||||||||||||||||||
|
EncryptionHeaderSize |
|||||||||||||||||||||||||||||||
|
EncryptionHeader (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
EncryptionInfo(variable) |
|||||||||||||||||||||||||||||||
|
… |
|||||||||||||||||||||||||||||||
|
EncryptionVerifier (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
EncryptionVersionInfo (4 bytes): A Version structure (section 2.1.4) where Version.vMajor MUST be 0x0003 or 0x0004 and Version.vMinor MUST be 0x0003.
EncryptionHeader.Flags (4 bytes): A copy of the Flags stored in the EncryptionHeader field of this structure as specified in section 2.3.1. It MUST have the fExternal bit set to 1. All other bits in this field MUST be set to 0.
EncryptionHeaderSize (4 bytes): An unsigned integer that specifies the size, in bytes, of the EncryptionHeader field of this structure, including the GUID specifying the extensible encryption module.
EncryptionHeader (variable): An EncryptionHeader structure (section 2.3.2) used to encrypt the structure. The values MUST be set as described in the following table.
-
Field
Value
Flags
A value that MUST have the fExternal bit set to 1. All other bits MUST be set to 0.
SizeExtra
A value that MUST be 0x00000000.
AlgID
A value that MUST be 0x00000000.
AlgIDHash
A value that MUST be 0x00000000.
KeySize
A value that MUST be 0x00000000.
ProviderType
A value that MUST be 0x00000000.
Reserved1
A value that is undefined and MUST be ignored.
Reserved2
A value that MUST be 0x00000000 and MUST be ignored.
CSPName
A unique identifier of an encryption module.<12>
EncryptionInfo (variable): A Unicode string that specifies an EncryptionData element. The first Unicode code point MUST be 0xFEFF.
-
The EncryptionData XML element MUST conform to the following XMLSchema namespace as specified by [W3C-XSD].
-
<?xml version="1.0" encoding="utf-8"?> <xs:schema targetNamespace="urn:schemas-microsoft-com:office:office" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"> <xs:element name="EncryptionData"> <xs:complexType> <xs:sequence> <xs:element name="EncryptionProvider"> <xs:complexType> <xs:sequence> <xs:element name="EncryptionProviderData"> <xs:simpleType> <xs:restriction base="xs:base64Binary"/> </xs:simpleType> </xs:element> </xs:sequence> <xs:attribute name="Id" use="required"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value="\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\- [0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}"/> </xs:restriction> </xs:simpleType> </xs:attribute> <xs:attribute name="Url" type="xs:anyURI" use="required"/> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> </xs:schema> -
Element
Parent
Attribute
Value
EncryptionData
EncryptionProvider
EncryptionData
Id
The GUID of the extensible encryption module, expressed as a string.
Url
A URL where the extensible encryption module can be obtained.
EncryptionProviderData
EncryptionProvider
Base64-encoded data used by the extensible module.
EncryptionVerifier (variable): An EncryptionVerifier structure, as specified in section 2.3.3, that is generated as specified in section 2.3.4.8.