Ringlord Technologies Products
Decrypting Open Document Format (ODF) Files
The document below teaches you how to decrypt password protected Open Document Format (ODF) files using Java.1
In particular, this works around an issue with the standard Java
crypto library's PBEKeySpec, which requires a UTF-8 encoded
char[]-based password. Alas, ODF documents are encrypted
by digesting the user-entered password with SHA1, which produces an
arbitrary binary password, therefore making it impossible to use only
the standard Java crypto library for this process.
Our document provides a version of Matthias
Gärtner's PBKDF2 class and all remaining knowledge for
decrypting ODF documents. Thanks also go to Steven Elliot for an excellent analysis of the
processes and caveats involved, not to mention his oodecr
software.
| Description: | How to decrypt password protected Open Document Format (ODF) files (such as used by OpenOffice.org) using Java. |
| Documentation: | Decrypting ODF Files.odt (27.0KiB) Decrypting ODF Files.pdf (113.1KiB) |
Lost Your Password?
If you have lost your password for an encrypted document, there is virtually nothing that you can do to recover it: OpenDocument uses a 128-bit cryptographic cipher (Blowfish, designed by security expert Bruce Schneier) which, as of the time of this writing, has remained unbroken and secure. This is not secret decoder ring junk, but serious crypto, the kind that, on average, requires thousands of years of time on super-computers to break.
That said, you have two options, and only the first is likely to be of any real value:
- Put yourself back into the mindset when you chose the lost password, in hopes of recalling what set of circumstances or ideas, dreams, wishes, etc. might have played a role in the password that you picked.
- Ask a professional code breaker (like someone at the National Security Agency (NSA) of the US Federal Government) to help you crack the code … yeah, good luck with that :-P
If you do want to give #1 a try (and why not, you have no other option), then you might find our ODFind tool useful: Its purpose is to search for text in OpenDocument files; when it encounters an encrypted document, it will prompt you for a password (over and over again if you don't give it one that works). Nothing can magically recover an encrypted document for you, but at least ODFind makes it as easy/fast as possible to type passwords over and over again as you try a bunch of them.
Apache ODF Toolkit
Of interest to programmers might be also the Apache ODF Toolkit. It doesn't decrypt anything, but does provide for a means to get at the meta-data for a document (and everything else, too). If you don't want to roll your own XML parsing to retrieve the salt, initialization vector, etc. for an encrypted document, then have a look at the Apache Foundation's ODF Toolkit!
__________1 That means you have to be a programmer.
All content is copyright © Ringlord Technologies unless otherwise stated. We do encourage deep linking to our site's pages but forbid direct reference to images, software or other non-pages stored here; likewise, do not embed our content in frames or other constructs that may mislead the reader about the content ownership. Play nice, yes?