Introduction
Block copy/paste from/to Docx document is a genereal and most needed requirement, here we are trying to do the same with the help of OPENXML api
Welcome again to another security article where you can learn How to disable copy/paste option from Microsoft word document (DOCX) using OpenXML without Interop.
Many times we have a requirement to make our document secure so that no one can edit it or make changes in it or even does not able to copy paste its contents. In order to accomplish such requirement, Microsoft word provide us different types of locking (protection layer) like No changes lock (ReadOnly lock), Comment only lock, form filling lock, section wise locking etc,
To use word protection, Open word file Navigate to Review Tab -> Protect Documents -> Restrict Formatting and Editing option in MS Word 2007+ and choose whatever protection level you want to set.
In this article we will see how to lock a word document so that no one can even copy contents from it. Lets start...!
Background
In my previous article, already i have explained different types of word document and how to protect word documents using C# and Word Interop object, you can check it Here
If you have questions/doubts or introduction about OpenXMl API like. what is it ? why to use it ? from where should i download it ?
you can visit my article about OpenXML API Here
Using the code
To start this application we need following things
- Visual studio 2008+
- C#
- OpenXML API
- Microsoft word 2007+ (Not mandatory)
As we know DOCX documents are nothing but the set of XML tags, in which, DocumentProtection tag is used to put document restriction, When you extract word document, you can find these tag in 'word\settings.xml' file
this tag is explained below
<w:documentProtection w:edit="forms" w:enforcement="1" w:cryptProviderType="rsaFull"
w:cryptAlgorithmClass="hash" w:cryptAlgorithmType="typeAny" w:cryptAlgorithmSid="4"
w:cryptSpinCount="50000" w:hash="0AMSgIVdSif6F5unNC/Lk3rBvr4=" w:salt="m3sJnUyPgf0hUjz+U1Sdxg==" />
in which,
- w:edit attribute ="forms" // Specifies the restriction type (in our case we have 'forms' locking)
- w:enforcement="1" // Specifies if the document must be enforced or not
- w:cryptProviderType="rsaFull" // Indicate which cryptographic provider is used
- w:cryptAlgorithmClass="hash" // Indicate which cryptographic algorithm is used used
- w:cryptAlgorithmType="typeAny" // Indicate the type of algorithm
- w:cryptAlgorithmSid="4" // Indicate specific hashing algorithm with the salt
- w:cryptSpinCount="50000" // Interative counter for hashing algorithm
- w:hash="0AMSgIVdSif6F5unNC/Lk3rBvr4=" // Passowrd hashed value
- w:salt="m3sJnUyPgf0hUjz+U1Sdxg==" // salted password value before hashed
checkout below code snippet, which will highlight how to add above attributes programatically in XML
DocumentFormat.OpenXml.OnOffValue docProtection = new DocumentFormat.OpenXml.OnOffValue(true);
documentProtection.Enforcement = docProtection;
documentProtection.CryptographicAlgorithmClass = CryptAlgorithmClassValues.Hash;
documentProtection.CryptographicProviderType = CryptProviderValues.RsaFull;
documentProtection.CryptographicAlgorithmType = CryptAlgorithmValues.TypeAny;
documentProtection.CryptographicAlgorithmSid = 4;
UInt32 uintVal = new UInt32();
uintVal = (uint)iterations;
documentProtection.CryptographicSpinCount = uintVal;
documentProtection.Hash = Convert.ToBase64String(generatedKey);
documentProtection.Salt = Convert.ToBase64String(arrSalt);
_objDoc.MainDocumentPart.DocumentSettingsPart.Settings.AppendChild(documentProtection);
_objDoc.MainDocumentPart.DocumentSettingsPart.Settings.Save();
_objDoc.Close();
Open XML API has 'DocumentProtectionValues' enum, which Defines the Document Protection Values enumeration, MSDN explains (Here) below enum description
| Code | Description |
| None | No Editing Restrictions. When the item is serialized out as xml, its value is "none". |
| ReadOnly | Allow No Editing. When the item is serialized out as xml, its value is "readOnly". |
| Comments | Allow Editing of Comments. When the item is serialized out as xml, its value is "comments". |
| TrackedChanges | Allow Editing With Revision Tracking. When the item is serialized out as xml, its value is "trackedChanges". |
| Forms | Allow Editing of Form Fields. When the item is serialized out as xml, its value is "forms". |
How it works
when we lock any document with password, it actually create its SALT value and genereate a key using EncryptionMatrix, finally it uses 'HashAlgorithm' class to encrypt it using 'ComputeHash' method, this method will call in number of input interations, at last resultant value will get stored in xml.
That's it, after successful protection, user can not able to copy/paste contents to/from Docx file
Unlock document
If the above tag is excluded from the xml, NO locking is applied on document, same code will be applicable for UnLock document only ENUM gets changed to 'DocumentProtectionValues.None'
Note
- To Block Copy/paste we have used Forms locking technique, but if you use form based template user can copy/paste contents from form fields.
- To run attached demo code you need to have OpenXML API insalled on your machine
- Attached is source code and a protected document word file (protect using sample code)
Points of Interest
This article will not use Word interop automation to lock word documents so no word insallation is mandatory for this article
Open XML Advantages over Interop
- Open XML is an open standard for Word-processing documents, presentations, and spreadsheets that can be freely implemented by multiple applications on different platforms
- The purpose of the Open XML standard is to de-couple documents created by Microsoft Office applications so that they can be manipulated by other applications independent of proprietary formats and without the loss of data.
- As it is light weight, the processing is faster than interop objects
- It has good Interoprability, Backwards Compatibility and Programmability
- As it is Smaller File Size, it is to manage all variety of document stores, including Exchange servers, SharePoint, and of course network file storage.
- It’s a IS29500 standard, free for all to use, and extremely well documented
Hope this article will help you in order to protect your work documents, Queries and suggestions always welcome
Happy Protection
Prasad
