 Okay. Shall we start? Sorry for the small delay. I thought I would give you a demo, what I was actually about to talk about was on Windows. Unfortunately, I managed to lock myself out of BitLocker. So, that plan exploded. So, but this is absolutely on-topic because the talks about lockdown encryption security, sometimes it's a bit too secure. So, you can't access even your legitimate data anymore. Anyway. So, one slide about me. Just anybody who might not know me. My name is Thorsten Birns. I work for CIB. We do consulting around LibreOffice. We also do LTS versions and lots of other cool things. I'm with the project since many years. I'm also active on the document foundation board, et cetera. And beyond that, I'm out there and advocating for open source and open standards. Right. So, credits. This is mostly not my work. So, I'd like to highlight the people who did the actual work. My colleagues, Vasili, Sasha and Samuel. The work itself, I will talk about here mostly. It's an example that it was a customer project. There was very large bank that wanted to use LibreOffice, which is a great thing. The problem is that banking regulations all over the world are sometimes rather strict. And one of the challenges that this bank was facing was the fact that they couldn't let the users arbitrarily access documents, so they needed to put controls under what people could do with Office documents. For example, not let them print or copy that or even take screenshots from it. So, you might know that from PDF. For PDF, it's a suggestion, so readers can obviously ignore that. There's other software where there's like rights management system where there's more of a lockdown here. And in this particular case, there is some from Microsoft, from Microsoft Office. There's a solution called Microsoft RMS, Rights Management Solution, that is pretty effective in locking down what users can do with their documents. And that's actually, there was a requirement, one of the entry requirements for that customer to even be able to employ software on their client machines. So, we went and thought about that and looked a bit into the technology there and figured out that it's actually possible to do that with LibreOffice, so we went ahead. And it's actually right now, so there's a branch where it's implemented, there's a number of patches waiting for integration into the upcoming LibreOffice 7.0. We didn't quite manage 6.4 for that because it was rather involved and lots of API changes and code changes there, so we didn't want to risk that. Right, so that's for the outset. That's essentially what I just told you, but I didn't want to distract you with the slide. The challenge really there is for desktop computers because for on a desktop machine, users usually have a lot of things they can do, they can do copy paste, they can save under a different name and then do things. They can perhaps look at the file system and just take the bits and walk away with them if there's a temporary file. They can take screenshots, et cetera. So, there's a level of control necessary and also a level of lockdown and lockdown support from the operating system that you need and to the best of my knowledge, that is probably only really working to that extent on Windows, at least for client side. You can do a lot more if you have a virtual machine or a virtual desktop solution where the users can't really get at the bits. Well, you can then probably still do screenshots, but I suppose you can do that anyway with a, I mean, just physically take a picture from the screen. Right, so that's how it looks for this Microsoft thing. Basically, what happens is there's a document that's encrypted on the server that gets downloaded by any possible means, mail attachment, shared file system, you name it, downloads. So normally you can't, users can't access that. So if they want to access it, they need to authenticate against this little thing here in the middle, I don't know if I got a mouse. Yes, I do. This guy here, which then talks to the client, a little component on the client, on the desktop machine. And what in the end, this little plug in there needs is a temporary session key. That is not something that the user will get permanently. That's not like public key cryptography. That's some password that the user can always use. It's a temporary session key. The problem with the temporary session key is that if the user can get access to that, it becomes a non-temporary session key. So you really want this whole thing to be controlled or a trustworthy environment where the key and the data cannot get out. So that's why this RMS rights management system requires at least the code that interacts with the system and that decrypts and handles the data to be signed so that the client side can actually assess whether it has been tampered with. So code has to be signed and the extension has to be signed and the user needs to authenticate against the client side, which then talks to the server and then the server says okay, when the trust chain is intact, it will hand out a temporary session key. And the session key then travels all the way back and the extension can then, using the client component that decrypt the document, but then needs to, for that to work, then needs to tell the office to disable certain things like for example, copy paste or printing or saving under a different name. So for that we had to tweak a bit what liberal office can do. There were already are, there were a few things already that could be done in terms of lockdown, but it wasn't far from complete. So the most important part that we had to change was the way that document and decryption works because that had to happen in this client library. And since we wanted to, at least in principle, have this technology agnostic and there are ways to do, cannot prevent the screenshot, but there are ways to at least clone that sort of system for something like GPG and other public key cryptography systems. So we added API for that. There's a very small wrapper extension that maps the API through the RMS system that you could use also. It's really small, it's more or less passing things through an adapter, if you will. And you can do that just the same for other technology, for Mac or for Linux. Right, so this API then, disables or enables, depending on the meter data that gets passed on the features. So that's how it works as a sequence diagram, more or less, again, what I mentioned. The important part really is the integrity here, so that at least the extension needs to be signed. And the session key doesn't really never leaves this kind of lockdown or signed code, so that never really ends up in a liberal office code, for example, so that that stays within this kind of lockdown environment. And liberal office gets the decrypted bits out of the API, plus meter data, what is permitted, what it can do with that or cannot do. So most of that work actually ended up in liberal office and there's a bit of a wrapper on top. Potentially you can do something similar with a GNU PG. The sticking point really is you want to authenticate both the user and you want to authenticate the code. So there has to be some like in other systems, some sort of measuring from the outside that ensures that, so there has to be a separate system component that looks at liberal office and authenticates or asserts that it's intact. So that is something that potentially, depending on somebody coming up and thinking that's a good idea and perhaps funding that, there could be something we can do with that API in place. So time-wise, oh yeah, that's still some time left. So that's the core change that we did that affects essentially how liberal office decrypts and encrypts documents that has some knock on effects that would also permit novel encryption schemes without any core changes. So there's some thinking around changing or adjusting the way that ODF encryption, package encryption works. That's right now with clumsy because ODF is a zip archive essentially and the encryption works like every single item in the zip archive gets encrypted individually, which is not a problem if you have, I don't know, standard writer document and with no images. If you have a large impris document with hundreds of slides and hundreds of images, then every single image gets encrypted and decrypted, which is a drain on your random number generator, on your entropy and it's also really bloody slow because the encryption setup, usually if you use a password that gets some key generation function so it iterates a number of thousands of times over the key to get an encryption key and you need to do that for every single document and it's really, really slow. So with that, there's this now plug in encryption and decryption method available in LibreOffice. Well almost, as I said, the patches are not merged. It's a stack of changes that didn't make LibreOffice 6.4. Okay, so yeah, I would have loved to show you that live the problem is, as I said, that lockdown worked a bit too well. So that's how it looks in Word. The, there's this little, so that obviously I had permission to read this document. I got all the rights here. So I got this little info bar there that tells me what I can do with it. And then there's a tool bar where you can say, well, I want to save that and I want to give this group of users that kind of permission down. Which unfortunately I can't show you because it's just a screenshot. And that's how it looks in LibreOffice. So we tweaked, I mean, among other things we also tweaked about the info bar. So the info bar can now do rather nice, complex things like this here. So multi-line and formatting there and more than one control, et cetera. So that's exactly the same document against exactly the same RMS instance. And it comes up with exactly the right permissions. And so it works transparently in that system. And it's, as I said, it's a small wrapper extension that unfortunately we can't open source that for a number of reasons, one of them is actually it needs to be signed and locked down and being taken aside. Okay, any questions so far? Nicholas. Is it by purpose that you use RMS? I'm sorry, that's the action for that. That's lots of ambiguity. I mean, you just don't have so many combinations of three letters, but in this case it's not on purpose. But this RMS time needs to be answered. Yeah, right. But it's a- It's not part of Windows. It is a, it's an optional component that I believe at least under Windows 10 you can just say this is a package prerequisite and it gets installed. But it's a package component. Yeah, yeah, yeah. You look like you want to ask a question or make a comment. If you have some more, I promise you to come to your session and say, I'm bored, I'm bored, I'm bored. Right. Okay. If there's no further question, thanks for your attention.