2.3.5.4 RC4 CryptoAPI Encrypted Summary Stream
When RC4 CryptoAPI encryption is used, an encrypted summary stream (1) MAY<23> be created. The name of the stream (1) MUST be specified by the application. If the encrypted summary stream (1) is present, the \0x05DocumentSummaryInformation stream (1) MUST be present, MUST conform to the details as specified in [MS-OSHARED] section 2.3.3.2, and MUST contain no properties. The \0x05SummaryInformation stream (1) MUST NOT be present.
For details about the contents of the \0x05SummaryInformation and \0x05DocumentSummaryInformation streams (1), see [MS-OSHARED] section 2.3.3.2.1 and [MS-OSHARED] section 2.3.3.2.2.
For brevity, this section refers to the RC4 CryptoAPI Encrypted Summary stream (1) as the encrypted summary stream (1).
The stream (1) MUST have the format that is shown in the following diagram.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
StreamDescriptorArrayOffset |
|||||||||||||||||||||||||||||||
|
StreamDescriptorArraySize |
|||||||||||||||||||||||||||||||
|
EncryptedStreamData (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
EncryptedStreamDescriptorCount |
|||||||||||||||||||||||||||||||
|
EncryptedStreamDescriptorArray (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
StreamDescriptorArrayOffset (4 bytes): An unsigned integer that specifies the offset within the encrypted summary stream (1) where the EncryptedStreamDescriptorCount structure is found.
StreamDescriptorArraySize (4 bytes): An unsigned integer that specifies the number of bytes used by the EncryptedStreamDescriptorArray structure.
EncryptedStreamData (variable): One or more encrypted streams (1) stored within the encrypted summary stream (1).
EncryptedStreamDescriptorCount (4 bytes): An encrypted unsigned integer specifying the count of EncryptedStreamDescriptor structures (section 2.3.5.3).
EncryptedStreamDescriptorArray (variable): One or more EncryptedStreamDescriptor structures that specify the offsets and names of the encrypted streams (1) and storages contained within the encrypted summary stream (1).
The encrypted summary stream (1) MUST be written as specified in the following steps:
Seek forward from the start of the encrypted summary stream (1) by 8 bytes to provide space for the StreamDescriptorArrayOffset and StreamDescriptorArraySize fields, which will be written in step 8. Let BlockNumber initially be 0x00000000.
If additional streams (1) or storages are provided by the application, for each stream (1) or storage the following steps MUST be performed:
If the data is contained within a stream (1), retrieve the contents of the stream (1). Initialize the encryption key as specified in section 2.3.5.2, using a block number of 0x00000000, and encrypt the stream (1) data. Write the encrypted bytes into the encrypted summary stream (1).
If the data is contained within a storage, convert the storage into a file as specified in [MS-CFB]. Initialize the encryption key as specified in section 2.3.5.2, using a block number of BlockNumber, and encrypt the storage data as a stream (1) of bytes. Write the encrypted bytes into the encrypted summary stream (1).
Set the fields within the associated EncryptedStreamDescriptor for the stream (1) or storage. Do not write it to the encrypted summary stream (1) yet.
Increment BlockNumber.
Generate or retrieve the entire contents of the \0x05SummaryInformation stream (1). Initialize the encryption key as specified in section 2.3.5.2, using a block number of BlockNumber, and encrypt the \0x05SummaryInformationStream data. Write the encrypted bytes into the encrypted summary stream (1). Increment BlockNumber.
Set the fields within the associated EncryptedStreamDescriptor for the \0x05SummaryInformation stream (1). Do not write it to the encrypted summary stream (1) yet.
Generate or retrieve data contained within the \0x05DocumentSummaryInformation stream (1). Initialize the encryption key as specified in section 2.3.5.2, using a block number of BlockNumber, and encrypt the \0x05DocumentSummaryInformationStream data. Write the encrypted bytes into the encrypted summary stream (1) immediately following the data written in step 2.
Set the fields within the associated EncryptedStreamDescriptor for the \0x05DocumentSummaryInformation stream (1). Do not write it to the encrypted summary stream (1) yet.
Write the EncryptedStreamDescriptorCount and EncryptedStreamDescriptorArray by initializing the encryption key as specified in section 2.3.5.2, using a block number of 0x00000000. Concatenate and encrypt the EncryptedStreamDescriptorCount and the EncryptedStreamDescriptor. Write the encrypted bytes into the encrypted summary stream (1).
Initialize the StreamDescriptorArrayOffset and StreamDescriptorArraySize fields to specify the encrypted location of the EncryptedStreamDescriptorCount and size of the EncryptedStreamDescriptorCount and EncryptedStreamDescriptorArray within the encrypted summary stream (1). Initialize the encryption key as specified in section 2.3.5.2, using a block number of 0x00000000.