LibreOffice Document Protection

Jan 25, 2023 | Data Protection, Secure Business Data

In this blog article we show you how to encrypt and control permissions on the content in files of the LibreOffice office suite both in ODF format (.odt, .ods, etc.) as in MS-Office format (.docx, .xlsx, etc.).

TABLE OF CONTENTS

LibreOffice: The Open Source alternative to MS-Office

LibreOffice is an office suite developed by the community, powered by the non-profit organization “The Document Foundation“. In addition to being the home of LibreOffice, this organization is behind “The Document Liberation Project“, a community formed by software developers who have come together with the aim of freeing users from the blocking of content from manufacturers, providing powerful tools for the conversion of proprietary file formats to open formats (ODF: Open Document Format).

LibreOffice is free and “open source”, based on its origins in the OpenOffice project, and is the successor to this project that is being developed more actively.

LibreOffice supports a wide number of formats such as Microsoft Word (.doc, .docx), MS-Excel (.xls, xlsx), MS-PowerPoint (. ppt, . pptx) and MS-Publisher. Within the LibreOffice suite we can find:

  • Writer: Word processor similar to MS-Word.
  • Calc: Spreadsheets as an alternative to MS-Excel.
  • Impress: MS-PowerPoint presentation generator.
  • Draw: Diagram generator.
  • Math: Editor of mathematical formulas.
  • Base: Databases similar to MS-Access.
  • Charts: For the generation of graphs of cakes, bars, etc.
  • Etc.

LibreOffice natively uses a  completely open and standardized ISO format  called ODF, “Open Document Format), being able to export documents to many formats including PDF.  Typical extensions of ODF files are .odt (text documents), .odt (spreadsheets), .odp (slideshow), .odg (graphics or drawings).

How to protect LibreOffice files?

Tools of the LibreOffice suite give the possibility to protect the content against modifications by setting a password. This feature available in Writer is like the one available in MS-Word.

To activate protection, you need to work with sections. If the section does not exist, it must be created through “Insert -> Section”. If they already exist, simply go “Format -> Sections -> Edit”. To use a password protection, it is necessary to select the option “Protect” and “With password”. The password must be typed twice and contain at least 5 characters.

In LibreOffice Calc there is also the option to protect cells against modifications.

However, as explained from LibreOffice, these functions are not intended as a security solution, but simply to prevent accidental modifications.

Encryption and permission control in LibreOffice

We present below a new functionality in SealPath that allows you to encrypt and control permissions in the LibreOffice suite.

Until now, SealPath supported for LibreOffice the transparent encryption option that allows:

  • Encryption of LibreOffice formats such as .odt, .ods, etc.
  • Transparent opening with a double-click on the file.
  • Identity control of who is opening the file.
  • Access blocking in case of not having permissions.
  • Tracking of accesses to protected files and blocked access attempts.
  • Revocation of access to protected files

However, if the user had permissions, once the file was opened, he could copy and extract content, print, etc. That is, there was no permission control.

From the new version of SealPath Desktop and integrated with SealPath Security Sandbox, the control of LibreOffice formats is total, allowing:

  • Encryption of LibreOffice formats such as .odt, .ods, etc.
  • Transparent opening with a double-click on the file.
  • Identity control of who is opening the file.
  • Access blocking in case of not having permissions.
  • Control of print, copy, and paste, edit, etc.
  • Tracking of accesses to protected files and blocked access attempts.
  • Revocation of access to protected files.

As with other formats (MS-Office, PDF, CAD, etc.), LibreOffice files travel with SealPath’s embedded protection once they have been protected. If we have given a user permissions to “View only” on a Writer file, the user can open the file, and view the content but not modify it, print, copy or paste or even take screenshots of the content.

This does not happen only for files in ODF format (.odt, .ods, etc.) but the user can open protected MS-Office documents (.docx, .xlsx, etc.) with the LibreOffice suite.

How does it work?

We must follow the following steps:

1. Configure the protection or security policy.

The owner of the documentation configures which users, user groups or domains, can open the protected file and with what permissions (View, Edit, Print, Copy and Paste). It is also possible to set expiration dates, watermarks, etc.

2. Protect the file with the selected policy

Just drag the files you want to protect to the policy in SealPath Desktop to protect them. Once protected, the “SP” icon will appear on the file visually indicating that it is protected. It is also possible to protect it automatically through folder protection, in a Cloud repository, etc. through SealPath for File Servers.

3. Double-click on the file to open it

Users must have SealPath Lite/Desktop installed with SealPath Security Sandbox to open the files. They only have to double-click on the file and it will open if the user has permissions. The user can see a “permission bar” that tells him if he/she can View, Edit, Print, etc.

In case you do not have permissions on the file, you will be will see a message telling that you cannot open it.

It is also possible to control text extractions, printouts, and screenshots on the protected file.

It is possible to open the file from within LibreOffice, if you have used the SealPath “Launcher” to launch the LibreOffice application.

4. Real-time access revocation

By removing a user from the policy’s permission list, the user will stop opening the protected file. It is also possible to revoke access by file, domain, group, etc.

5. Real-time access traceability

The user will be able to see who has accessed their protected LibreOffice files, if someone has tried to access without permissions, etc. This can be seen by both the user and the administrator for all documents in the organization.

Mixed use of MS-Office and LibreOffice in an organization

In many organizations, mainly in the field of Public Administration, we find part of users who use MS-Office and another part that uses LibreOffice.

Through SealPath the files can be protected in these organizations so that if a user has protected an MS-Office file, it can be opened by a user who has LibreOffice.

Similarly, if a user has LibreOffice on his computer and protects a file both in MS-Office format (eg. docx, .xlsx, etc.) as in ODF format (eg. .odt, .ods, etc.), this file can be opened in the same organization by a user who has MS-Office on his computer.

Executive Summary

SealPath is a leading data-centric cybersecurity solution that allows you to have an organization’s most sensitive files protected and under control in any location. With this new version of SealPath Desktop, users will be able to work with LibreOffice files in ODF format in the same way that MS-Office users work with Office formats. The new version also allows users with LibreOffice and users with MS-Office to be within the organization and all protected files can be exchanged.


Want a demo of this solution? Contact us here.