2.3.3 EncryptionVerifier
The EncryptionVerifier structure is used by Office Binary Document RC4 CryptoAPI Encryption (section 2.3.5) and ECMA-376 Document Encryption (section 2.3.4). Every usage of this structure MUST specify the hashing algorithm and encryption algorithm used in the EncryptionVerifier structure.
Verifier can be 16 bytes of data randomly generated each time the structure is created. Verifier is not stored in this structure directly.
The EncryptionVerifier structure MUST be set by using the following process:
Generate random data and write it into the Salt field.
Derive the encryption key from the password and salt, as specified in either section 2.3.4.7 or section 2.3.5.2, with block number 0.
Generate 16 bytes of additional random data as the Verifier.
Encrypt the result of step 3 and write it into the EncryptedVerifier field.
For the chosen hashing algorithm, obtain the size of the hash data and write this value into the VerifierHashSize field.
Obtain the hashing algorithm output by using as input the data generated in step 3.
Encrypt the hashing algorithm output from step 6 by using the chosen encryption algorithm, and write the output into the EncryptedVerifierHash field.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
SaltSize |
|||||||||||||||||||||||||||||||
|
Salt (16 bytes) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
EncryptedVerifier (16 bytes) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
VerifierHashSize |
|||||||||||||||||||||||||||||||
|
EncryptedVerifierHash (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
SaltSize (4 bytes): An unsigned integer that specifies the size of the Salt field. It MUST be 0x00000010.
Salt (16 bytes): An array of bytes that specifies the salt value used during password hash generation. It MUST NOT be the same data used for the verifier stored encrypted in the EncryptedVerifier field.
EncryptedVerifier (16 bytes): A value that MUST be the randomly generated Verifier value encrypted using the algorithm chosen by the implementation.
VerifierHashSize (4 bytes): An unsigned integer that specifies the number of bytes needed to contain the hash of the data used to generate the EncryptedVerifier field.
EncryptedVerifierHash (variable): An array of bytes that contains the encrypted form of the hash of the randomly generated Verifier value. The length of the array MUST be the size of the encryption block size multiplied by the number of blocks needed to encrypt the hash of the Verifier. If the encryption algorithm is RC4, the length MUST be 20 bytes. If the encryption algorithm is AES, the length MUST be 32 bytes. After decrypting the EncryptedVerifierHash field, only the first VerifierHashSize bytes MUST be used.