Office 2007 SP2 Encryption Settings

Now that we've actually shipped SP2, some of you may be curious about how to use the shiny new encryption. Here's the registry settings:

Registry keys

Base keys (also corresponding Policy keys)

HKCU\Software\Microsoft\Office\12.0\<appname>\Security\Crypto

 
 

Name

Type

Default

Description

CompatMode

DWORD

0

Controls encrypted database compatibility:

  • 0 - Legacy format for new files
  • 1 - NextGen format for new files only
  • 2 - All files saved with NextGen format

Context

String

 

Restrict encryption parameters to those defined in this CNG context

CipherAlgorithm

String

 

Cipher algorithm to use, optional, CNG string

CipherKeyBits

DWORD

 

Number of bits to use when creating the cipher key, rounded down to a multiple of 8, optional

CipherChaining

String

 

Cipher chaining mode to use, optional, CNG string

HashAlgorithm

String

 

Hash algorithm to use, optional, CNG string

RngAlgorithm

String

 

Random number generator algorithm to use, optional, CNG string

SaltBytes

DWORD

16

Bytes of salt to use, optional

PasswordSpinCount

DWORD

100000

Number of times to spin (e.g. rehash) the password verifier, optional

NewKeyOnPwdChange

DWORD

1

If non-zero, a new intermediate key is generated when the password is changed. This will cause any extra key encryptors to be removed on save.

Many thanks to my tester for giving me the information in such a nicely formatted and well documented table. Once you have Office 2010 Technical Preview available to you, the same settings should work there as well. Many more thanks to Dan Jump for carefully implementing our design. Note that if you use the new format, then the converter for Office 2003 and earlier won't be able to read them until we update the converters to understand the new encryption.

Comments

  • Anonymous
    May 20, 2009
    PingBack from http://asp-net-hosting.simplynetdev.com/office-2007-sp2-encryption-settings/

  • Anonymous
    January 04, 2011
    Does Office 2007 encryption protect embedded objects?  This PC World article (www.pcworld.com/.../encryption_does_not_protect_oleembedded_files.html) indicated that back in 1997 Office's encryption did NOT protect embedded files.  Has this been changed? Put differently: If I embed a PDF or an Excel worksheet in a Word 2007 .docx and then encrypt the .docx, is the embedded file also protected? [dcl] Yes - if you're encrypting a docx, or any other OOXML file, embedded objects are protected.

  • Anonymous
    September 03, 2013
    Office 2010 settings are here (example is Access): Windows Registry Editor Version 5.00 [HKEY_CURRENT_USERSoftwareMicrosoftOffice14.0AccessSecurityCrypto] "CipherAlgorithm"="AES" "CipherKeyBits"=dword:00000100