If you have any problems with this web page, please first read my browser notesbrowser notes [link to ../../Miscellany/Browsers/Browsers.php] and if you still have issues, feel free to e-mail mee-mail me [link to e-mail the author at mailto:Tony@WordArticles.com]

Encryption in Word 2007

Introduction

You have written your document and you want to protect it, hide it from prying eyes, what do you do? You put a password on it, you encrypt it so that only people who know the password can access it. There is nothing new in this; people have been doing this for millennia. Over the years, as people have got smarter, and computers more powerful, more and more complex methods of encryption have been developed. Applications, such as Word, have moved with the times, offering increasingly sophisticated options. Until now.

The Word 2007 User Interface offers fewer encryption options than the Word 2003 one did. If you’re not careful, you may find that the document you had previously strongly encrypted, suddenly has only weak encryption. You won't be told by Word and you probably won't find out until it’s too late. Read on to find out why.

Word 97 and Word 2000

Encryption was basic in Word until the introduction, in Word 97, of a proprietary technique, maintained in Word 2000, that was effective at the time. If you wanted to put a password on a Document in Word 2000 this is where you would do it, in a dialog that hadn't significantly changed since I don't know when:

Word 2000 Save Options showing the Password box

There isn't much to be said about this. One told Word to put a password on a document, and Word did so, encrypting the contents using its own process.

Word 2002 and Word 2003

1997 was a long time ago, and it is possible for you, and easy for an expert, to break the Word 97 encryption now. Word 2002 introduced the option to use other forms of encryption but left the default, for compatibility reasons, as using the Word 97/2000 technique.

In Word 2002, several security-related options were gathered together on a new tab in the Options Dialog: the Security tab. If you wanted to encrypt and password-protect a Document in Word 2002, it would be via this tab that you did it. It had the same textboxes for entry of passwords but it also had an extra "Advanced" button.

Word 2002 Security Options Dialog

If you pressed the Advanced button, you were presented with a choice of Encryption types.

Word 2002 Encryption Types Dialog

The first two methods in the list were the (then) legacy pre- and post-97 techniques, with the default being Office 97/2000 Compatible (as selected above). The rest of the encryption types are a list of what are called Crytographic Services Providers (CSPs), external to Word. If you chose one of them, the Encryption key length and Encrypt Document Properties checkbox would light up, allowing for a little tweaking of the method. If you did choose one of the other methods, of course, earlier versions of Word would not have been able to decrypt your document.

Several CSPs are installed with Windows and third-party ones can be installed should you so wish; the dialogue shown contains the beginning of the list of those commonly available on Windows Vista; more details on this subject can be found in Microsoft’s Knowledge BaseMicrosoft’s Knowledge Base [link to article at http://support.microsoft.com/kb/290112], if you are interested. This is not the place, even if I had the knowledge, to go into great detail about cryptography; suffice to say that all the CSPs offered stronger protection than had previously been available in Word.

It was good practice, recommended by Microsoft, to change the default weak encryption for something stronger. This could be done using Policies or by editing the Registry directly if you knew how. Full details of this are provided on Microsoft’s web siteMicrosoft’s web site [link to article at http://office.microsoft.com/en-us/ork2003/HA011403111033.aspx], but, very briefly, you could specify the CSP to be used and you could allow, or disallow, users the capacity to override the default. Just as with manual selection, specifying a default CSP did mean that your documents could not be opened with versions of Word prior to 2002.

Whatever encryption type you used, whether defaulted or explicitly selected, it became, in effect, a property of the document and would be used for that document until explicitly changed.

Before moving on, it is just worth pointing out that, although Word 2002 used, or could use, different encryption techniques from earlier versions, it still didn't encrypt all the contents of the document file; if a document contained a VBA project, that part of the file remained unencrypted, just as in earlier versions of the product.

Word 2007

Word 2007 is, in many ways, very different from its predecessors and protection of documents is but one area of change. If you create a document in Word 2007 using the new OOXML format, and password-protect, and encrypt it, Word 2007 just gets on with the job; there are no more Advanced options.

The option to add a password to a document has always been available from the Save As dialogue. In Word 95, it was available behind an Options button. In Word 2000, it was available via the Tools dropdown (within the dialogue), by selecting General Options, although it was still the Save Options dialogue that was invoked. In Word 2002 and 2003, the Tools dropdown option to choose was Security Options, and the Security Options dialogue was invoked. Finally, in Word 2007 it’s General Options again, and a new General Options dialogue is invoked, a cut-down version of the earler Security Options.

Word 2007 General Options Dialog

As you can see, some of the security options have been moved elsewhere, and the Advanced button has gone, along with all the choices it offered.

The option to add a password to a document has also always been available without having to save the document under a new name. As you have already seen, this was via the Tools > Options > Save tab until, in Word 2002, the Security tab was added. In Word 2007 you have two choices: if you click on the Office pizza button and select Prepare, you can then select the new Encrypt Document option, which invokes a new dialogue:

Word 2007 Encrypt Document Dialog

Alternatively, the General Options dialogue can be added to the QAT, although it's a bit of a detective operation to discover that it's called Security in the Customization dialogue.

Apart from the chameleon-like dialogue, there are two changes to the encryption process (of Word 2007 format documents) in Word 2007 that I consider significant. Firstly, the default encryption type, or CSP, the Microsoft Enhanced RSA and AES Cryptographic Provider, is stronger than before, and secondly, the VBA project is encrypted along with the rest of the document content. There is another important change (see under Legacy Encryption, below) but its significance is primarily to do with the encryption of older (Word 97-2003 format) documents.

As far as I know, Microsoft do not make any recommendations regarding changing the default, but they do provide a mechanism for doing it. If you are confident with changing the Registry you can, of course, do so yourself; if not you can use the Office Customization ToolOffice Customization Tool [link to article at http://technet.microsoft.com/en-us/library/cc179080(TechNet.10).aspx].

Legacy Encryption

Even if nobody was using versions of Word earlier than Word 2007, there would still be an enormous legacy of documents created in earlier versions, and Word 2007 has to support them. To this end, Word 2007 can read and write documents created in earlier versions, encrypted or not. Word 2007, however, as you have seen, does not have all the same User Interface features as Word 2003 and must, therefore, do some things differently.

Without the option to choose one when editing a Word 97-2003 (.doc) format document, the user simply has to accept whatever encryption type Word 2007 chooses to use. Word 2007, just like Word 2002 and Word 2003, has a built-in default of Office 97/2000 Compatible encryption, and, just as with Word 2002 and Word 2003, there is a way to change the default, either by editing the Registry manually or by using the Office Customization ToolOffice Customization Tool [link to article at http://technet.microsoft.com/en-us/library/cc179080(TechNet.10).aspx].

Unlike the earlier versions, however, — and this is the change referred to earlier — Word 2007 does not consider the encryption type a property of the document. When saving a document, Word 2007 completely ignores the encryption type previously used, the one used to decrypt the document, and encrypts with whatever it has set as its default. Unless the user has overridden it, this will be the very weak built-in default method, potentially much weaker than the one previously used on the document. Word 2007 does not see fit to even warn the user that this may occur, or has occurred.

When you save a encrypted Word 97-2003 (.doc) format document, Word 2007 prompts you so:

Word 2007 Encryption Suggestion

More often than not, it prompts you twice; I haven't been able to work out why, or under what precise circumstances this happens, though. As far as I can see, with my limited knowledge of encryption, this is not necessarily technically true but, regardles of that, it merely suggests you could be better protected and gives no hint at all that, should you refuse the offer (for any number of good reasons), you may actually end up less well protected than you were.

A Last Word

I intend returning to this topic. I am currently investigating what happens when you create a Word 2007 document using the Compatibility Pack in earlier versions of Word, and I have half a mind to try to write an AddIn to bring back the user choice of CSP.