3

I'm trying to find a way to password protect an Excel file (.xlsm) beyond the built-in password encryption options.

Ideally:

  1. Enter the password
  2. File works for a week(/other period of time)
  3. After a week, file requires password again

The file is used consistently, so I don't think that encrypting a .zip or similar would solve my problem.

There are VBA options to do this, but they can be easily circumvented by restricting macro security or similar.

Help! Thanks!

MotS
  • 33
  • 1
  • 3

5 Answers5

4

A file is just a collection of bytes. It cannot do something to itself on its own.

You need an access restricting application, or use what is available.

Because it is an excel document, any weird solution you come up with can be circumvented just by saving it locally unprotected or copy pasting.

But if you still want to at least try, even if it isn't perfect, try using access controls through sharepoint. You can hand out temporary access or manually turn it off for someone/everyone after a certain period of time.

Andrew Hoffman
  • 1,987
  • 14
  • 17
  • 1
    +1 for the Sharepoint suggestion. This is probably the most efficient method, and most easily-manageable. The only downside is that it may not apply to the OP's particular situation. – Chris Cirefice Jul 01 '14 at 17:45
4

It's impossible to protect some file for some time. Intrinsically, the file doesn't have any property that will allow it to know whether it's January, 1st, 2010 or 30-Feb-2050 (if February will have 30 days in 2050).

What "could" know the time is the program opening it. In your case, Excel. But a program itself doesn't know about time either. It would need to know the specific time from some source, verify it the time was reached or not, and act accordingly.

That leads to some problems:

1 - It must be impossible to change the program, or that time restriction would be circumvented. Doing some research about tamper-resistant software will show you that it's hard to do it: DVD protection, Blu-ray protection, and many other kinds of data protection, have failed. Perhaps digital tokens, used to store private-keys, are the only ones that haven't being defeated yet, but I'm not sure.

2 - Your program must get the time from a reliable source. How you assure that your source is reliable or not is another problem. Atomic clock? Adjusted by who ?

3 - The communication between your program and the clock must also be secure.

4 - Once open, you have to assure that it will be impossible to "save" the file content to any other archive. And that includes taking pictures or memorizing the information and typing it again in another excel worksheet.

woliveirajr
  • 4,462
  • 2
  • 17
  • 26
  • Would it be possible to encrypt a file and also put a privacy screen over the information so people could not take pictures as you mentioned? – MotS Jul 01 '14 at 17:54
  • it would be much harder than that. If someone is able to see a file, he is also able to take a photo or film it. – woliveirajr Jul 01 '14 at 17:55
  • 1
    @MOTS If the file is really important, that would attract attention from people who really want it, consider it impossible. If you want to protect against a 5 year old boy who wants it, perhaps you can... :) It really depends on the resources of your enemy. – woliveirajr Jul 01 '14 at 17:57
  • Like @woliveirajr said, if the people accessing the document aren't computer savvy, then restricting access to read-only in either sharepoint or google docs' spreadsheet, and no-download option if one is available. That way there is no password to manage, and access is determined by you manually. – Andrew Hoffman Jul 01 '14 at 18:35
  • "3 - The communication between your program and the clock must also be secure." -- not necessarily a requirement. What is required is that the application can verify that time came from a trusted source and hasn't been modified. – u2702 Jul 08 '14 at 16:22
2

This is exactly what Microsoft's IRM (Information Rights Management) product is designed to address.

However, as pointed out by others, the file on its own cannot achieve what you are trying to do, so you will need some infrastructure, which MSFT calls the Rights Management Server (with the delightful irony of being Rich Stallman's initials). And this will allow the document to test whether or not a particular system/user can access the content in the file.

0

Please note that Microsoft Office IRM is not intended to secure a document. It's intended to manage rights, but does not use strong encryption and should not be exclusively used for sensitive documents (it's like a lock on a filing cabinet - you could pick it easily, but it's there to let you know you shouldn't). There is no feature currently in office that does what you need.

Source: I am a developer for Office.

P.S. There are some issues with implementing this securely, but it's not impossible.

akirilov
  • 141
  • 3
-1

Files do not work, so inside a file this never can be done. But you could of course develop an application which could do this. However, at any time a user can access/read a file, he/she can copy it in some way outside of the influence of the protecting application. . In the end, the easiest way to accomplish the functionality you desire is to (time-based) authorize a person to a document and make sure he/she cannot copy it while accessing.