mihaimdinca,
Before we dig into extending this code I would suggest using the native Office 2007 or newer encryption.
For most things the encryption in Office-2007 and newer is usually enough to protect the file contents - if you go this route make sure to use the "*.xlsx" format as it uses the newer security providers. If you use the 2003 *.XLS office files the encryption used there is much weaker and has some known exploits.
This is the part of what I've stripped out of a native Excel2013 encrypted file. As you can see, this file is using a decent encryption "out of the box"
AES
16bit blocks
256bit key
- maybe not military grade; however, it should do for the average user.
- <encryption xmlns="http://schemas.microsoft.com/office/2006/encryption"
-
xmlns:p="http://schemas.microsoft.com/office/2006/keyEncryptor/password"
-
xmlns:c="http://schemas.microsoft.com/office/2006/keyEncryptor/certificate">
-
<keyData saltSize="16"
-
blockSize="16"
-
keyBits="256"
-
hashSize="64"
-
cipherAlgorithm="AES"
-
cipherChaining="ChainingModeCBC"
-
hashAlgorithm="SHA512"
No matter what you use for encryption, the password is everything. With an 11 character mixed-case-alphanumeric-symbol password it will take a fairly significant length of time to brute-force the password (
https://www.grc.com/haystack.htm - for example using "1!W@r1(hmAn" as a password would take around 1.8 years with a fairly massive CPU or array which most people do not have so you're looking at a century to brute force the password ) at which point the data most likely isn't worth protecting.
Of course, if you need something a bit stronger then we can go from there...
1
