Ringlord Technologies Products

Decrypting Open Document Format (ODF) Files

The document below teaches you how to decrypt password protected Open Document Format (ODF) files using Java.1

In particular, this works around an issue with the standard Java crypto library's PBEKeySpec, which requires a UTF-8 encoded char[]-based password. Alas, ODF documents are encrypted by digesting the user-entered password with SHA1, which produces an arbitrary binary password, therefore making it impossible to use the standard Java crypto library for this process.

Our document provides a version of Matthias Gärtner's PBKDF2 class and all remaining knowledge for decrypting ODF documents. Thanks also go to Steven Elliot for an excellent analysis of the processes and caveats involved, not to mention his oodecr software.

Note that if you have lost your password for an encrypted document, there is very little you can do to recover it: OpenDocument uses a 128-bit cryptographic cipher (Blowfish, designed by security expert Bruce Schneier) which, as of the time of this writing, has remained unbroken and secure. To break such ciphers you need thousands of years of time on super-computers.

So, if you lost your password you have two options: Ask professional code breakers (like the National Security Agency (NSA) of the US Government) to help you crack the code; or think back to the time when you chose the lost password to see if you can recall the mood that contributed to your choice of passwords.

In the latter case, you might find our tool ODFind useful; it can prompt you repeatedly and quickly to enter and re-enter a password to an encrypted ODF document until you either hit on the right one or you give up …

Description:How to decrypt password protected Open Document Format (ODF) files (such as used by OpenOffice.org) using Java.
Documentation:Decrypting ODF Files.odt (26.5KiB)
Decrypting ODF Files.pdf (116.7KiB)
__________
1  That means you have to be a programmer.

All content is copyright © Ringlord Technologies unless otherwise stated. We do encourage deep linking to our site's pages but forbid direct reference to images, software or other non-pages stored here; likewise, do not embed our content in frames or other constructs that may mislead the reader about the content ownership. Play nice, yes?