Practical phppptx
Protect, encrypt and sign
Premium licenses of phppptx includes methods to encrypt and sign PPTX files created from scratch either with phppptx or MS PowerPoint, LibreOffice or any other program or library.
The goal of encrypting an PPTX file is to avoid unauthorized users accessing the contents of the file.
In order to open an encrypted presentation the user must write the correct password beforehand.
MS PowerPoint files encrypted with the PowerPoint interface, even if preserving the .pptx extension, use the Binary Compound File standard of Microsoft (although after decryption they are converted to standard PowerPoint files).
The code to encrypt a PPTX is as simple as using the encrypt method included in CryptoPptx:
Whenever the user tries to open the PowerPoint presentation, a password must be prompted in order to read the presentation.
The Digital Signature feature signs PPTX files.
It is out of the scope of this introduction to explain in detail what a digital signature is (have a look at this Wikipedia article for more detailed information). In a few words, it is a way to prove the "authenticity and integrity of a file": you can be sure that the digitally signed file has been created by the person that says so and that has not been altered afterwards.
In order to digitally sign a PPTX in a web server you need a Digital Certificate emitted by a recognized Certification Authority or CA for short (you may generate your own certificates for testing but it is not recommended to use them unless you are going to distribute your documents on a controlled environment).
- This method directly signs the PPTX which path has been set in the setPptx() method. If you wish to maintain an unsigned version of the file, please, first make a copy of it as the previous sample code does.
- You need to include the path to your RSA private key in the setPrivateKey() method indicating the password if required.
- The setPrivateKey() method only admits pem format. If you want to use pfx format you should first transform it to pem.
- You should include the path to your digital certificate in the set X509Certificate() method. In many cases it may be the same as the one to the private key but not necessarily so (it may also be, for example, a .crt file).
- You may include in the setSignatureComments() method a string with a brief explanation of your reasons to sign the document .
- Be aware that the private key should never be accesible directly via web without posing a critical security risk.