OODecr

Overview

oodecr is a bash script and related utilities that does OpenOffice encryption. It promts the user for a password and then either writes the decrypted content.xml to a file or to a pager, such as less after optionally formatting it with xmllint -format. For information about the encryption format see the OpenOffice encryption page. Keep in mind that I'm not a cryptographer. I just find this stuff interesting.

User's Guide

oodecr is a bash script and related utilities that decrypt OpenOffice documents. It can be downloaded here. Once you've downloaded and installed it read the README file for additional information. But to get started quickly try the following

oodecr -fpv secret-file.odt

The above will decrypt the content.xml within secret-file.odt. The result is formatted (-f switch) and then passed through a pager (-p switch). Verbose output (-v switch) let's you know what it is doing. Finally, unless the -k (keep) switch is used the file is securely deleted with shred -u.

Technical Details

oodecr is a a bash script that depends on various executables. It applies the steps described on my OpenOffice page.

  1. The OpenOffice file is unzipped to a temporary directory.
  2. META-INF/manfiest.xml is consulted for cipher information.
  3. The password is run through the pbkdf2 executable to generate the key.
  4. The openssl executable is used to decrypt content.xml
  5. A gzip file is produced by adding a header and footer to the decrypted content.xml, which is deflate compressed.
  6. The SHA1/1K value is compared to the SHA1 of the first 1024 bytes of the deflated data to see if the password is correct.
  7. The output of gunzip -c of the previously produced gzip file is displayed to the user.

Comments

OpenOffice 2.3

...changed manifest file a bit, and oodecr doesn't work anymore: SHA1/1K does not match. Incorrect password likely.
Wrong salt is read from manifest, change line 195 from
salt_token="$4"
to
salt_token="$5"

Re: OpenOffice 2.3

Thanks for the feedback. I haven't looked at OODecr in a while. I'll keep your change in mind if I come up with another version.