2.3.1 EncryptionHeaderFlags

The EncryptionHeaderFlags structure specifies properties of the encryption algorithm used. It MUST be contained within an EncryptionHeader structure (section 2.3.2).

If the fCryptoAPI bit is set and the fAES bit is not set, RC4 encryption MUST be used. If the fAES encryption bit is set, a block cipher that supports ECB mode MUST be used. For compatibility with current implementations, AES encryption with a key length of 128, 192, or 256 bits SHOULD<7> be used.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

A

B

C

D

E

F

Unused

A – Reserved1 (1 bit): A value that MUST be 0 and MUST be ignored.

B – Reserved2 (1 bit): A value that MUST be 0 and MUST be ignored.

C – fCryptoAPI (1 bit): A flag that specifies whether CryptoAPI RC4 or ECMA-376 encryption [ECMA-376] is used. It MUST be 1 unless fExternal is 1. If fExternal is 1, it MUST be 0.

D – fDocProps (1 bit): A value that MUST be 0 if document properties are encrypted. The encryption of document properties is specified in section 2.3.5.4.

E – fExternal (1 bit): A value that MUST be 1 if extensible encryption is used. If this value is 1, the value of every other field in this structure MUST be 0.

F – fAES (1 bit): A value that MUST be 1 if the protected content is an ECMA-376 document [ECMA-376]; otherwise, it MUST be 0. If the fAES bit is 1, the fCryptoAPI bit MUST also be 1.

Unused (26 bits): A value that is undefined and MUST be ignored.