PHPDocX Crypto API: disentangling Microsoft encryption standards for Word documents

  • Dec 09, 2012

Since the summer of 2012 we have been working hard on incorporating into PHPDocX some standard protection and encryption capabilities currently available for MS Office documents.
An now we are finally harvesting the fruits of our work.
The world of document security and protection is not one of the easiest to get to know. Information regarding Cryptographic APIs seems also to be encrypted although not by standard cryptographic algorithms but rather by other more sociological/commercial methods.
This said, it has also been quite a lot of fun to try to decipher scattered and incomplete documentation, run multiple tests with quite a few open questions, to finally get a solution that only needs a few hundreds of line of PHP code.
Currently we may, in a web server  running PHP 5, and with the help of PHPDocX:

Digitally sign Word (and PDF) documents.
Password protect Word (and PDF) documents.
Encrypt Word (and PDF) documents.

Let us briefly explain the differences among these different options, mainly regarding its potential uses.
Digital Signature for Word Documents
There are three main reasons to add a digital signature to your Word document.

Authenticate the source: you may want to state who is the “owner” of the document and make sure to its potential readers who has generated the document. This may be crucial in financial statements, in offering a quote to one of your clients or, in general, to distribute any Word document that may eventually have any legal validity.
No tampering: whoever reads your document can be certain that there have been no changes made to the document by unauthorized third parties. If anyone tries to change any part of the document the signature will become invalid and Word will inform accordingly to the reader.
No repudiation: whoever created the document is responsible of its whole contents and can not claim unauthorized modifications… so use it with care.

Now you can use the PHPDocX Digital Signature Package to insert a digital signature into  the Word documents without the need to use third party online services.
Password Protection of Word documents
The reasons to password protect a Word document are manifold. In particular a password protected document allows for:

Restricting editing capabilities to third parties: we may, for example, limit the edition to comments or forms.
Be sure that if we received back the document certain contents have not been tampered by people without permission rights.

VERY IMPORTANT: password protection does not detain an advanced user to modify the contents of the document or remove its protection. It only impedes unwanted changes or may help to detect them to the creators of the document (the protection should be cracked to modify the document).
Never use document protection if you want to really “strongly protect” a document from tampering or access by third parties. In those cases you should well use a digital signature or true encryption.
Encryption of Word documents
The previous methods of signing and password protection do not prevent the access of unauthorized personnel to the contents of a Word document.
If one really needs that a Word document will be exclusively opened by a specific person or selected group of people we need to encrypt the document with a secure algorithm.
MS Word uses AES128 that is currently recognized as a secure method to avoid unauthorized access.
The encrypted Word documents are no longer standard .docx files but rather a Microsoft Compound File Binary (MS-CFB).
The encryption process needs of a sophisticated password hashing algorithm, the corresponding AES128 encoding with the derived key and a final packaging into a Binary Compound File.
The only way to open the document is to know the password (the user is prompted to introduce it whenever he tries to open the document) or to carry out a brute force attack that is currently an unworkable method for non-trivial passwords.
One may, of course, combine any of these three methods to take full advantage of any of them simultaneously. For example one may encrypt a digitally signed document to prevent both unauthorized access and tampering.
The latest versions of PHPDocX allows to carry out any of these procedures described above with basically a couple of lines of code.
PHPDocX also allows for adding a digital signature and password protect PDF documents, although in this case we have simply linked resources provided by the FPDF and TCPDF libraries in order to provide an unified working interface.
If you need further information regarding these matters you may visit: