Plan cryptography and encryption settings for Office 2013
Applies to: Office 2013, Office 365 ProPlus
Summary: Explains the settings that you can use to encrypt data in Office 2013, and provides information about compatibility with previous versions of Office.
Audience: IT Professionals
Office 2013 contains settings that let you control the way that data is encrypted when you use Access 2013, Excel 2013, OneNote 2013, PowerPoint 2013, Project 2013, and Word 2013.
This article discusses cryptography and encryption in Office 2013, describes the settings that you can use to encrypt data, and provides information about compatibility with previous versions of Office. For information about Outlook 2013, see Plan for email messaging cryptography in Outlook 2013.
This article is part of the Guide to Office 2013 security. Use the roadmap as a starting point for articles, downloads, posters, and videos that help you assess Office 2013 security. Are you looking for security information about individual Office 2013 applications? You can find this information by searching for “2013 security” on Office.com. |
As you plan your encryption settings, consider the following:
We recommend that you do not change the default encryption settings unless your organization's security model requires encryption settings that differ from the default settings.
We recommend that you enforce password length and complexity to help ensure that strong passwords are used when you encrypt data. For more information, see Plan password complexity settings for Office 2013.
We recommend that you do not use RC4 encryption. For more information, see Compatibility with previous versions of Office later in this article.
There isn’t an administrative setting that forces users to encrypt documents. However, there is an administrative setting that prevents users from adding passwords to documents and, therefore, prevent documents from being encrypted. For more information, see Cryptography and encryption settings later in this article.
Saving documents in trusted locations doesn’t affect encryption settings. If a document is encrypted and it is saved in a trusted location, a user still must provide a password to open the document.
If you do allow users to password protect documents, and they later forget or lose the password, you can use the DocRecrypt tool to reset or remove the password. For more information, see the Remove or reset file passwords in Office 2013 article.
In this article:
About cryptography and encryption in Office 2010
Cryptography and encryption settings
Compatibility with previous versions of Office
About cryptography and encryption in Office 2010
The encryption algorithms that are available for you to use with Office depend on the algorithms that can be accessed through the APIs (application programming interface) in the Windows operating system. Office 2013, in addition to maintaining support for Cryptography API (CryptoAPI), also includes support for CNG (CryptoAPI: Next Generation), which was first made available in the 2007 Microsoft Office system with Service Pack 2 (SP2).
CNG allows for more agile encryption, where encryption and hashing algorithms that are supported on the host computer can be specified for use during the document encryption process. CNG also allows for better extensibility encryption, where third-party encryption modules can be used.
When Office uses CryptoAPI, the encryption algorithms depend on those that are available in a Crypto Service Provider (CSP), which is part of the Windows operating system. The following registry key contains a list of CSPs that are installed on a computer:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Defaults/Provider
The following CNG encryption algorithms, or any other CNG cipher extension installed on the system, can be used with the 2007 Office system SP2, Office 2010, or Office 2013:
AES, DES, DESX, 3DES, 3DES_112, and RC2
The following CNG hashing algorithms, or any other CNG cipher extension that is installed on the system, can be used with the 2007 Office system SP2, Office 2010, or Office 2013:
MD2, MD4, MD5, RIPEMD-128, RIPEMD-160, SHA-1, SHA256, SHA384, and SHA512
Although there are Office 2013 settings to change how encryption is performed, when you encrypt Open XML Format files (.docx, .xslx, .pptx, and so on) the default values — AES (Advanced Encryption Standard), 128-bit key length, SHA1, and CBC (cipher block chaining) — provide strong encryption and should be fine for most organizations. AES encryption is the strongest industry-standard algorithm that is available and was selected by the National Security Agency (NSA) to be used as the standard for the United States Government. AES encryption is supported on Windows XP SP2, Windows Vista, Windows 7, Windows 8, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012.
Cryptography and encryption settings
The following table lists the encryption algorithm settings you can use with Office versions that access CryptoAPI. This includes Office versions up to and including Office 2013.
Encryption algorithm settings for use with CryptoAPI
Setting | Description |
---|---|
Encryption type for password-protected Office Open XML files |
This setting lets you specify an encryption type for Open XML files from the available cryptographic service providers (CSP). This setting is required when you use a custom COM encryption add-in. This setting is also required if you use the 2007 Office system SP1 or use a version of the Compatibility Pack that is older than the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint File Formats and you want to change the encryption algorithm to something other than the default. |
Encryption type for password-protected Office 97-2003 files |
This setting lets you specify an encryption type for Office 97–2003 (binary) files from the available cryptographic service providers (CSP). The only supported encryption algorithm with this setting is RC4, which, we don’t recommend. |
In Office 2013, if you must change the Encryption type for password-protected Office Open XML files setting, first enable the Specify encryption compatibility setting and select the Use legacy format option. The Specify encryption compatibility setting is available for Access 2013, Excel 2013, PowerPoint 2013, and Word 2013.
The following table lists the settings that are available to change the encryption algorithms when you use Office 2013. These settings apply to Access 2013, Excel 2013, OneNote 2013, PowerPoint 2013, Project 2013, and Word 2013.
Note
All the following settings, except Set parameters for CNG context and Specify CNG random number generator algorithm, are applicable, even when you use a supported operating system for Office 2013, such as Windows XP SP3, which doesn’t include support for CNG. In this case, Office 2013 uses CryptoAPI instead of CNG. These settings apply only when you use Office 2013 for encryption of Open XML files.
Settings that change the encryption algorithm
Setting | Description |
---|---|
Set CNG cipher algorithm |
Lets you configure the CNG cipher algorithm that is used. The default is AES. |
Configure CNG cipher chaining mode |
Lets you configure the cipher chaining mode that is used. The default is Cipher Block Chaining (CBC). |
Set CNG cipher key length |
Lets you configure the number of bits to use when you create the cipher key. The default is 128 bits. |
Specify encryption compatibility |
Lets you specify the compatibility format. The default is Use next generation format. |
Set parameters for CNG context |
Lets you specify the encryption parameters that should be used for the CNG context. To use this setting, a CNG context first has to be created by using CryptoAPI: Next Generation (CNG). For more information, see CNG Cryptographic Configuration Functions. |
Specify CNG hash algorithm |
Lets you specify the hash algorithm that is used. The default is SHA1. |
Set CNG password spin count |
Lets you specify the number of times to spin (rehash) the password verifier. The default is 100000. |
Specify CNG random number generator algorithm |
Lets you configure the CNG random number generator to use. The default is RNG (Random Number Generator). |
Specify CNG salt length |
Lets you specify the number of bytes of salt that should be used. Salt is additional input to the password and hash. The default is 16. |
The following table lists additional CNG settings that can be configured for Excel 2013, PowerPoint 2013, and Word 2013.
Excel 2013, PowerPoint 2013, and Word 2013 specific CHG setting
Setting | Description |
---|---|
Use new key on password change |
Lets you specify if a new encryption key should be used when the password is changed. The default is not to use a new key on password changes. |
You can use the setting that is listed in the following table to prevent users from adding passwords to documents. This prevents users from encrypting documents.
Setting used to prevent users from password protecting a document
Setting | Description |
---|---|
Disable password to open UI |
This setting controls whether Office 2013 users can add passwords to documents. By default users can add passwords. |
Note
For information about how to configure security settings in the Office Customization Tool (OCT) and the Office 2013 Administrative Templates, see Configure security by using OCT or Group Policy for Office 2013.
Compatibility with previous versions of Office
If you have to encrypt Office documents, we recommend that you save the documents as Open XML Format files (.docx, .xlsx, .pptx, and so on) instead of Office 97–2003 format (.doc, .xls, .ppt, and so on). The encryption that is used for binary documents (.doc, .xls, .ppt) uses RC4. It isn’t recommended, as discussed in Security Considerations sections 4.3.2 and 4.3.3 of the Office Document Cryptography Structure Specification. Documents that are saved in the older Office binary formats can only be encrypted by using RC4 to maintain compatibility with older versions of Office. AES, the default and recommended encryption algorithm, is used to encrypt Open XML Format files.
Office 2013, Office 2010, and the 2007 Office system let you save documents as Open XML Format files. In addition, if you have Office XP or Office 2003, you can use the Compatibility Pack to save documents as Open XML Format files.
Documents that are saved as Open XML Format files and encrypted by using Office 2013 can only be read by Office 2013, Office 2007 SP2, and Office 2003 with the Office 2007 SP2 compatibility pack. To ensure compatibility with all previous versions of Office, you can create a registry key (if it doesn’t already exist) under HKCU\Software\Microsoft\Office\14.0\<application>\Security\Crypto\ called CompatMode and disable it by setting it to 0. The values that you can enter for <application> represent the specific Office application that you are configuring this registry key for. For example, you can enter Access, Excel, PowerPoint, or Word. It is important to realize that, when you set CompatMode to 0, Office 2013 uses an Office 2007 compatible encryption format, instead of the enhanced security that is provided by default when you use Office 2013 to encrypt Open XML Format files. If you have to configure this setting for compatibility reasons, we recommend that you also use a third-party encryption module that allows for enhanced security, such as AES encryption.
If your organization uses the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint File Formats to encrypt Open XML Format files, you should review the following information:
By default, the Compatibility Pack uses the following settings to encrypt Open XML Format files:
Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype),AES 128,128 (on the Windows XP Professional operating system).
Microsoft Enhanced RSA and AES Cryptographic Provider,AES 128,128 (on Windows Server 2003 and Windows Vista operating systems).
Users aren’t notified that the Compatibility Pack uses these encryption settings.
The graphical user interface on earlier versions of Office might display incorrect encryption settings for Open XML Format files if the Compatibility Pack is installed.
Users can’t use the graphical user interface in earlier versions of Office to change the encryption settings for Open XML Format files.
Note
For the latest information about policy settings, refer to the Group Policy Administrative Template files (ADMX, ADML) and Office Customization Tool (OCT) files for Office 2013 article.
See also
Guide to Office 2013 security
Overview of security in Office 2013
Configure security by using OCT or Group Policy for Office 2013
Remove or reset file passwords in Office 2013