By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,504 Members | 1,212 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,504 IT Pros & Developers. It's quick & easy.

Using Insight Article on AES encyption for Excel File

P: 1
<Moved from the insight article located at
home > topics > microsoft access / vba > insights > aes encryption algorithm for vba and vbscript >


I have a question regarding these algorithms. I've been looking for a solution to encrypt exported spreadsheets from MS Access in order send them to another party where he would unencrypt and import the spreadsheet back to MS ACCESS. I tried the codes you posted. It seems to work well with text files but not with xls files. the file i get after encryption and unencryption seems to be corupted. If you can guide me in solving my problem, i would appreciated.
Feb 12 '17 #1

✓ answered by zmbd

mihaimdinca,
Before we dig into extending this code I would suggest using the native Office 2007 or newer encryption.

For most things the encryption in Office-2007 and newer is usually enough to protect the file contents - if you go this route make sure to use the "*.xlsx" format as it uses the newer security providers. If you use the 2003 *.XLS office files the encryption used there is much weaker and has some known exploits.

This is the part of what I've stripped out of a native Excel2013 encrypted file. As you can see, this file is using a decent encryption "out of the box"
AES
16bit blocks
256bit key
- maybe not military grade; however, it should do for the average user.

Expand|Select|Wrap|Line Numbers
  1. <encryption xmlns="http://schemas.microsoft.com/office/2006/encryption"
  2. xmlns:p="http://schemas.microsoft.com/office/2006/keyEncryptor/password"
  3. xmlns:c="http://schemas.microsoft.com/office/2006/keyEncryptor/certificate">
  4. <keyData saltSize="16" 
  5.    blockSize="16" 
  6.    keyBits="256" 
  7.    hashSize="64" 
  8.    cipherAlgorithm="AES"
  9.    cipherChaining="ChainingModeCBC"
  10.    hashAlgorithm="SHA512"

No matter what you use for encryption, the password is everything. With an 11 character mixed-case-alphanumeric-symbol password it will take a fairly significant length of time to brute-force the password ( https://www.grc.com/haystack.htm - for example using "1!W@r1(hmAn" as a password would take around 1.8 years with a fairly massive CPU or array which most people do not have so you're looking at a century to brute force the password ) at which point the data most likely isn't worth protecting.

Of course, if you need something a bit stronger then we can go from there...

Share this Question
Share on Google+
1 Reply


zmbd
Expert Mod 5K+
P: 5,287
mihaimdinca,
Before we dig into extending this code I would suggest using the native Office 2007 or newer encryption.

For most things the encryption in Office-2007 and newer is usually enough to protect the file contents - if you go this route make sure to use the "*.xlsx" format as it uses the newer security providers. If you use the 2003 *.XLS office files the encryption used there is much weaker and has some known exploits.

This is the part of what I've stripped out of a native Excel2013 encrypted file. As you can see, this file is using a decent encryption "out of the box"
AES
16bit blocks
256bit key
- maybe not military grade; however, it should do for the average user.

Expand|Select|Wrap|Line Numbers
  1. <encryption xmlns="http://schemas.microsoft.com/office/2006/encryption"
  2. xmlns:p="http://schemas.microsoft.com/office/2006/keyEncryptor/password"
  3. xmlns:c="http://schemas.microsoft.com/office/2006/keyEncryptor/certificate">
  4. <keyData saltSize="16" 
  5.    blockSize="16" 
  6.    keyBits="256" 
  7.    hashSize="64" 
  8.    cipherAlgorithm="AES"
  9.    cipherChaining="ChainingModeCBC"
  10.    hashAlgorithm="SHA512"

No matter what you use for encryption, the password is everything. With an 11 character mixed-case-alphanumeric-symbol password it will take a fairly significant length of time to brute-force the password ( https://www.grc.com/haystack.htm - for example using "1!W@r1(hmAn" as a password would take around 1.8 years with a fairly massive CPU or array which most people do not have so you're looking at a century to brute force the password ) at which point the data most likely isn't worth protecting.

Of course, if you need something a bit stronger then we can go from there...
Feb 14 '17 #2

Post your reply

Sign in to post your reply or Sign up for a free account.