3b347664b2
Redo the ODF encryption by storing an ODF package and wrapping it as a stream "encrypted-package" in another ODF package, such that there is only one encrypted stream - this requires only one KDF computation. * This is only enabled in Experimental mode for now. * Avoid storing unencrypted data in the pTempFile of SfxMedium, as it is usually created in the same directory as the target file, which may be on a network share or similar less trusted location. * SfxMedium::SetEncryptionDataToStorage_Impl() should just set an error status if it fails (how can it fail anyway) * when loading a document, SfxDocPasswordVerifier extracts an encrypted inner package (by calling SfxMedium::TryEncryptedInnerPackage()) * SfxMedium::GetStorage() automatically decrypts an encrypted inner storage and sets it as the SfxMedium's xStorage * when storing a document, SfxObjectShell::SaveTo_Impl() creates the wrapped storages * One challenge is to keep the macro/scripting signature working; this can only be put in the inner storage, whereas the document signature should continue to be on the outer storage; also it must use a Zip storage, to see the "META-INF" directory. This needs a new SfxMedium::GetScriptingStorageToSign_Impl() and changes in SfxMedium::SignContents_Impl(). Change-Id: Ibfee36ce3a9cd030f2aa2ce1484b6d001cba2389 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160401 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> |
||
---|---|---|
.. | ||
manifest | ||
xstor | ||
zipapi | ||
zippackage |