public void AgileEncryption() { int maxKeyLen = Cipher.GetMaxAllowedKeyLength("AES"); Assume.That(maxKeyLen == 2147483647, "Please install JCE Unlimited Strength Jurisdiction Policy files for AES 256"); FileStream file = POIDataSamples.GetDocumentInstance().GetFile("bug53475-password-is-pass.docx"); String pass = "******"; NPOIFSFileSystem nfs = new NPOIFSFileSystem(file); // Check the encryption details EncryptionInfo infoExpected = new EncryptionInfo(nfs); Decryptor decExpected = Decryptor.GetInstance(infoExpected); bool passed = decExpected.VerifyPassword(pass); Assert.IsTrue(passed, "Unable to Process: document is encrypted"); // extract the payload Stream is1 = decExpected.GetDataStream(nfs); byte[] payloadExpected = IOUtils.ToByteArray(is1); is1.Close(); long decPackLenExpected = decExpected.GetLength(); Assert.AreEqual(decPackLenExpected, payloadExpected.Length); is1 = nfs.Root.CreateDocumentInputStream(Decryptor.DEFAULT_POIFS_ENTRY); ///is1 = new BoundedInputStream(is1, is1.Available() - 16); // ignore pAdding block ///throw new NotImplementedException(BoundedInputStream); byte[] encPackExpected = IOUtils.ToByteArray(is1); is1.Close(); // listDir(nfs.Root, "orig", ""); nfs.Close(); // check that same verifier/salt lead to same hashes byte[] verifierSaltExpected = infoExpected.Verifier.Salt; byte[] verifierExpected = decExpected.GetVerifier(); byte[] keySalt = infoExpected.Header.KeySalt; byte[] keySpec = decExpected.GetSecretKey().GetEncoded(); byte[] integritySalt = decExpected.GetIntegrityHmacKey(); // the hmacs of the file always differ, as we use PKCS5-pAdding to pad the bytes // whereas office just uses random bytes // byte integrityHash[] = d.IntegrityHmacValue; POIFSFileSystem fs = new POIFSFileSystem(); EncryptionInfo infoActual = new EncryptionInfo( EncryptionMode.Agile , infoExpected.Verifier.CipherAlgorithm , infoExpected.Verifier.HashAlgorithm , infoExpected.Header.KeySize , infoExpected.Header.BlockSize , infoExpected.Verifier.ChainingMode ); Encryptor e = Encryptor.GetInstance(infoActual); e.ConfirmPassword(pass, keySpec, keySalt, verifierExpected, verifierSaltExpected, integritySalt); Stream os = e.GetDataStream(fs); IOUtils.Copy(new MemoryStream(payloadExpected), os); os.Close(); MemoryStream bos = new MemoryStream(); fs.WriteFileSystem(bos); nfs = new NPOIFSFileSystem(new MemoryStream(bos.ToArray())); infoActual = new EncryptionInfo(nfs.Root); Decryptor decActual = Decryptor.GetInstance(infoActual); passed = decActual.VerifyPassword(pass); Assert.IsTrue(passed, "Unable to Process: document is encrypted"); // extract the payload is1 = decActual.GetDataStream(nfs); byte[] payloadActual = IOUtils.ToByteArray(is1); is1.Close(); long decPackLenActual = decActual.GetLength(); is1 = nfs.Root.CreateDocumentInputStream(Decryptor.DEFAULT_POIFS_ENTRY); ///is1 = new BoundedInputStream(is1, is1.Available() - 16); // ignore pAdding block ///throw new NotImplementedException(BoundedInputStream); byte[] encPackActual = IOUtils.ToByteArray(is1); is1.Close(); // listDir(nfs.Root, "copy", ""); nfs.Close(); AgileEncryptionHeader aehExpected = (AgileEncryptionHeader)infoExpected.Header; AgileEncryptionHeader aehActual = (AgileEncryptionHeader)infoActual.Header; CollectionAssert.AreEqual(aehExpected.GetEncryptedHmacKey(), aehActual.GetEncryptedHmacKey()); Assert.AreEqual(decPackLenExpected, decPackLenActual); CollectionAssert.AreEqual(payloadExpected, payloadActual); CollectionAssert.AreEqual(encPackExpected, encPackActual); }