officecrypto-tool
Advanced tools
Comparing version 0.0.10 to 0.0.11
{ | ||
"name": "officecrypto-tool", | ||
"version": "0.0.10", | ||
"version": "0.0.11", | ||
"description": "officeCrypto is a library for node.js that can be used to decrypt and encrypt excel files.", | ||
"keywords": [ | ||
"encrypt", | ||
"decrypt" , | ||
"xls", | ||
"encrypt", | ||
"decrypt", | ||
"xls", | ||
"xlsx", | ||
@@ -13,3 +13,3 @@ "cfb", | ||
"ole" | ||
], | ||
], | ||
"private": false, | ||
@@ -32,2 +32,3 @@ "license": "MIT", | ||
"cfb": "^1.2.2", | ||
"crypto-js": "^4.2.0", | ||
"xml2js": "^0.6.0" | ||
@@ -47,5 +48,5 @@ }, | ||
"repository": { | ||
"type": "git", | ||
"url": "git@github.com:zurmokeeper/officecrypto-tool.git" | ||
} | ||
"type": "git", | ||
"url": "git@github.com:zurmokeeper/officecrypto-tool.git" | ||
} | ||
} |
/* eslint-disable valid-jsdoc */ | ||
const crypto = require('crypto'); | ||
const CryptoJS = require('crypto-js'); | ||
@@ -25,3 +26,3 @@ /** | ||
/** | ||
* @desc | ||
* @desc Only node.js is supported. | ||
*/ | ||
@@ -41,2 +42,19 @@ exports.verifyPassword = function verifyPassword(password, salt, keySize, encryptedVerifier, encryptedVerifierHash, algId = 0x00006801, block = 0) { | ||
/** | ||
* @desc Because crypto's front-end compatibility library, crypto-browserify, does not support the rc4 algorithm, | ||
* we have switched to crypto-js to handle the rc4 algorithm for both node.js and the browser side. | ||
* @returns | ||
*/ | ||
exports.verifyPassword = function verifyPassword(password, salt, keySize, encryptedVerifier, encryptedVerifierHash, algId = 0x00006801, block = 0) { | ||
// https://learn.microsoft.com/en-us/openspecs/office_file_formats/ms-offcrypto/fbfe41db-ca02-413a-a3bb-609fa0b25cd3?redirectedfrom=MSDN | ||
const key = convertPasswordToKey(password, salt, keySize, block); | ||
const cipher = CryptoJS.algo.RC4.createDecryptor(CryptoJS.lib.WordArray.create(key)); | ||
const verifier = cipher.finalize(CryptoJS.lib.WordArray.create(encryptedVerifier)); | ||
const verifierHash = cipher.finalize(CryptoJS.lib.WordArray.create(encryptedVerifierHash)); | ||
const hash = CryptoJS.SHA1(verifier); | ||
// console.log([verifierHash, hash]); | ||
return verifierHash.toString(CryptoJS.enc.Hex) === hash.toString(CryptoJS.enc.Hex); | ||
}; | ||
/** | ||
* @desc | ||
@@ -58,5 +76,12 @@ */ | ||
// Only node.js is supported. | ||
// Encrypt/decrypt the chunk and add it to the array | ||
const cipher = crypto.createDecipheriv('rc4', key, ''); | ||
const outputChunk = Buffer.concat([cipher.update(inputChunk), cipher.final()]); | ||
// const cipher = crypto.createDecipheriv('rc4', key, ''); | ||
// const outputChunk = Buffer.concat([cipher.update(inputChunk), cipher.final()]); | ||
// Supports both node.js and browsers. | ||
const cipher = CryptoJS.algo.RC4.createDecryptor(CryptoJS.lib.WordArray.create(key)); | ||
let outputChunk = cipher.finalize(CryptoJS.lib.WordArray.create(inputChunk)); | ||
outputChunk = Buffer.from(outputChunk.toString(CryptoJS.enc.Hex), 'hex'); | ||
outputChunks.push(outputChunk); | ||
@@ -63,0 +88,0 @@ |
@@ -5,2 +5,3 @@ /* eslint-disable valid-jsdoc */ | ||
const crypto = require('crypto'); | ||
const CryptoJS = require('crypto-js'); | ||
@@ -27,13 +28,36 @@ /** | ||
/** | ||
* @desc Only node.js is supported. | ||
* @returns | ||
*/ | ||
// exports.verifyPassword = function verifyPw(password, salt, encryptedVerifier, encryptedVerifierHash) { | ||
// const block = 0; | ||
// const key = convertPasswordToKey(password, salt, block); | ||
// const cipher = crypto.createDecipheriv('rc4', key, ''); | ||
// const verifier = Buffer.concat([cipher.update(encryptedVerifier)]); | ||
// const hash = crypto.createHash('md5').update(verifier).digest(); | ||
// const verifierHash = Buffer.concat([cipher.update(encryptedVerifierHash), cipher.final()]); | ||
// return verifierHash.equals(hash); | ||
// }; | ||
/** | ||
* @desc Because crypto's front-end compatibility library, crypto-browserify, does not support the rc4 algorithm, | ||
* we have switched to crypto-js to handle the rc4 algorithm for both node.js and the browser side. | ||
* @returns | ||
*/ | ||
exports.verifyPassword = function verifyPw(password, salt, encryptedVerifier, encryptedVerifierHash) { | ||
const block = 0; | ||
const key = convertPasswordToKey(password, salt, block); | ||
const cipher = crypto.createDecipheriv('rc4', key, ''); | ||
const verifier = Buffer.concat([cipher.update(encryptedVerifier)]); | ||
const hash = crypto.createHash('md5').update(verifier).digest(); | ||
const cipher = CryptoJS.algo.RC4.createDecryptor(CryptoJS.lib.WordArray.create(key)); | ||
const verifier = cipher.finalize(CryptoJS.lib.WordArray.create(encryptedVerifier)); | ||
const verifierHash = Buffer.concat([cipher.update(encryptedVerifierHash), cipher.final()]); | ||
const hash = CryptoJS.MD5(verifier); | ||
return verifierHash.equals(hash); | ||
const verifierHash = cipher.finalize(CryptoJS.lib.WordArray.create(encryptedVerifierHash)); | ||
return verifierHash.toString(CryptoJS.enc.Hex) === hash.toString(CryptoJS.enc.Hex); | ||
}; | ||
@@ -59,5 +83,12 @@ | ||
// Only node.js is supported. | ||
// Encrypt/decrypt the chunk and add it to the array | ||
const cipher = crypto.createDecipheriv('rc4', key, ''); | ||
const outputChunk = Buffer.concat([cipher.update(inputChunk), cipher.final()]); | ||
// const cipher = crypto.createDecipheriv('rc4', key, ''); | ||
// const outputChunk = Buffer.concat([cipher.update(inputChunk), cipher.final()]); | ||
// Supports both node.js and browsers. | ||
const cipher = CryptoJS.algo.RC4.createDecryptor(CryptoJS.lib.WordArray.create(key)); | ||
let outputChunk = cipher.finalize(CryptoJS.lib.WordArray.create(inputChunk)); | ||
outputChunk = Buffer.from(outputChunk.toString(CryptoJS.enc.Hex), 'hex'); | ||
outputChunks.push(outputChunk); | ||
@@ -64,0 +95,0 @@ |
@@ -223,3 +223,7 @@ /* eslint-disable valid-jsdoc */ | ||
const TableWorkbook = CFB.find(currCfb, tableName); | ||
const tableBlob = TableWorkbook.content; | ||
let tableBlob = TableWorkbook.content; | ||
if (!Buffer.isBuffer(tableBlob)) { | ||
tableBlob = Buffer.from(tableBlob); | ||
CFB.utils.prep_blob(tableBlob, 0); | ||
} | ||
const vMajor = tableBlob.read_shift(2); | ||
@@ -226,0 +230,0 @@ const vMinor = tableBlob.read_shift(2); |
@@ -369,3 +369,6 @@ /* eslint-disable valid-jsdoc */ | ||
let currentUserBlob = CurrentUser.content; | ||
if (!Buffer.isBuffer(currentUserBlob)) currentUserBlob = Buffer.from(currentUserBlob); | ||
if (!Buffer.isBuffer(currentUserBlob)) { | ||
currentUserBlob = Buffer.from(currentUserBlob); | ||
CFB.utils.prep_blob(currentUserBlob, 0); | ||
} | ||
const persistObjectDirectory = constructPersistObjectDirectory(currentUserBlob, powerPointBlob); | ||
@@ -372,0 +375,0 @@ |
805468
3182
3
+ Addedcrypto-js@^4.2.0
+ Addedcrypto-js@4.2.0(transitive)