Microsoft Office documents encryption

Encrypt with password

This is a short post just for showing how you can protect your documents created with Microsoft Word, Excel and PowerPoint.

People love working with Microsoft Office documents. I think it’s a matter of simplicity and habit. So, one of my tasks is to give the user a safe way to protect their documents. We can use special tools for encrypting documents at byte level or hardware encryption or any other kind of tools but all of them will fail if they are not easy enough to implement.

Some Microsoft office programs have a feature called “Encrypt with password”. This isn’t neater the typical protect document functionality that just prompts you for a password if you want to open a document (although it requires a password) nor the previous protect with password that used RC4 40-bit encryption. This is a complete encryption functionality that encrypts the whole document using the password as the key. This feature is available since Microsoft Office 2007 using AES for the encryption algorithm and by default 128 bits.

If you want to encrypt a document just go to the File menu, click on Info, then Document protect and finally Encrypt with password. A box will be shown and you just have to type and confirm a strong password. Be careful because as this is an encryption mechanism that will encrypt at byte level your file if you lost the password it can take years to decrypt your file in case it was feasible.

By default office programs don’t force a strong password to be typed but if you want users to always type a strong password you have to write some keys into the windows registry. You can read the details of these keys in this article but here is a extract.

HKEY_CURRENT_USERSoftwareMicrosoftOffice14.0CommonSecurityPasswordComplexity 
HKEY_CURRENT_USERSoftwarePoliciesMicrosoftOffice14.0CommonSecurityPasswordComplexity

	* Value name: PolicyLevel
	* Value type: DWORD
	* Value data: [ 0 | 1 | 2 | 3 ]
	* Use 0 to for no complexity (default), 1 for minimum length, 2 for minimum length plus requiring 3 of 4 character groups, and 3 for all these checks plus enforcing Windows domain password rules.


	* Value name: MinLength
	* Value type: DWORD
	* Specifies the minimum length of password required.

Well, this is all for now.