2.3.2 EncryptionHeader
The EncryptionHeader structure is used by ECMA-376 document encryption [ECMA-376] and Office binary document RC4 CryptoAPI encryption, as defined in section 2.3.5, to specify encryption properties for an encrypted stream (1).
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Flags |
|||||||||||||||||||||||||||||||
|
SizeExtra |
|||||||||||||||||||||||||||||||
|
AlgID |
|||||||||||||||||||||||||||||||
|
AlgIDHash |
|||||||||||||||||||||||||||||||
|
KeySize |
|||||||||||||||||||||||||||||||
|
ProviderType |
|||||||||||||||||||||||||||||||
|
Reserved1 |
|||||||||||||||||||||||||||||||
|
Reserved2 |
|||||||||||||||||||||||||||||||
|
CSPName |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Flags (4 bytes): An EncryptionHeaderFlags structure, as specified in section 2.3.1, that specifies properties of the encryption algorithm used.
SizeExtra (4 bytes): A field that is reserved and for which the value MUST be 0x00000000.
AlgID (4 bytes): A signed integer that specifies the encryption algorithm. It MUST be one of the values described in the following table.
-
Value
Algorithm
0x00000000
Determined by Flags
0x00006801
RC4
0x0000660E
128-bit AES
0x0000660F
192-bit AES
0x00006610
256-bit AES
-
The Flags field and AlgID field contain related values and MUST be set to one of the combinations in the following table.
-
Flags.fCryptoAPI
Flags.fAES
Flags.fExternal
AlgID
Algorithm
-
0
-
0
-
1
-
0x00000000
-
Determined by the application
-
1
-
0
-
0
-
0x00000000
-
RC4
-
1
-
0
-
0
-
0x00006801
-
RC4
-
1
-
1
-
0
-
0x00000000
-
128-bit AES
-
1
-
1
-
0
-
0x0000660E
-
128-bit AES
-
1
-
1
-
0
-
0x0000660F
-
192-bit AES
-
1
-
1
-
0
-
0x00006610
-
256-bit AES
-
AlgIDHash (4 bytes): A signed integer that specifies the hashing algorithm together with the Flags.fExternal bit. It MUST be one of the combinations in the following table.
-
AlgIDHash
Flags.fExternal
Algorithm
0x00000000
1
Determined by the application
0x00000000
0
SHA-1
0x00008004
0
SHA-1
KeySize (4 bytes): An unsigned integer that specifies the number of bits in the encryption key. It MUST be a multiple of 8 and MUST be one of the values in the following table.
-
Algorithm
Value
Comment
Any
0x00000000
Determined by Flags
RC4
0x00000028 – 0x00000080 (inclusive)
8-bit increments
AES
0x00000080, 0x000000C0, 0x00000100
128-bit, 192-bit, or 256-bit
-
If the Flags field does not have the fCryptoAPI bit set, the KeySize field MUST be 0x00000000. If RC4 is used, the value MUST be compatible with the chosen cryptographic service provider (CSP).
ProviderType (4 bytes): An implementation-specific value that corresponds to constants accepted by the specified CSP. It MUST be compatible with the chosen CSP. It SHOULD<8> be one of the following values.
-
Algorithm
Value
Comment
Any
0x00000000
Determined by Flags
RC4
0x00000001
AES
0x00000018
-
If the Flags field does not have the fCryptoAPI bit set, the ProviderType field MUST be 0x00000000.
Reserved1 (4 bytes): A value that is undefined and MUST be ignored.
Reserved2 (4 bytes): A value that MUST be 0x00000000 and MUST be ignored.
CSPName (variable): A null-terminated Unicode string that specifies the CSP name.