Search Wiki:
This MSDN Code Gallery release contains the Microsoft Office File Format Protectors. They are COM components that enable you to protect and unprotect files in Microsoft Office formats, such as .docx, .xlsx, .doc, and others. These protectors are file handlers that take in parameters and output the protected or unprotected Microsoft Office file, depending on your needs.

It is important to note that although the protectors protect and unprotect files, the calling application is responsible for making calls to AD RMS to encrypt or decrypt the data and acquire the proper licenses. More information on this is included in the documentation.

What is Included With This Release?

This release contains a sample project for use in Visual Studio 2005 that contains the protector components and other supporting code. It also contains a reference document for the protectors.

Two Types of Protectors

There are two protector types: the MsoIrmProtector and the OpcIrmProtector.

MsoIrmProtector supports the following file types: doc, dot, xla, xls, xlt, pps, and ppt

OpcIrmProtector supports the following file types: docm, docx, dotm, dotx, xlam, xlsb, xlsm, xlsx, xltm, xltx, xps, potm, potx, ppsx, ppsm, pptm, pptx, and thmx

Using the Protectors

These protectors can be used in a client or server application that uses the AD RMS client. The documentation assumes that you are familiar with creating applications that use Active Directory Rights Management Services (AD RMS). For information about creating AD RMS applications, see the Active Directory Rights Management Services SDK at the following link:

Before using a protector, you must create an implementation of the I_IrmPolicyInfoRMS and I_IrmCrypt interfaces. The I_IrmPolicyInfoRMS interface contains information, including end-user licenses (EULs) and an issuance license (IL), which is passed to a protector so that the protector can package the data into a rights-managed version of the file. The I_IrmCrypt interface enables the protector to encrypt or decrypt the file. By implementing I_IrmCrypt, you are providing the protector with an encryption or decryption function. You configure this function to use the same document key provided in the issuance license passed in I_IrmPolicyInfoRMS.

Any application that consumes the protectors must implement these two interfaces. For instance, Microsoft Windows SharePoint Services provides file protection and therefore implements these interfaces. You can view its implementation details of the I_IrmCrypt and I_IrmPolicyInfoRMS interfaces on MSDN:

Once you have implemented I_IrmCrypt and I_IrmPolicyInfoRMS, you can use the protectors to protect and unprotect Microsoft Office files. The protectors are COM components that use a COM interface called I_IrmProtector. This interface is described in the I_IrmProtector Interface section of the document included with the protector code sample.

Using the Protectors with 64 Bit Applications

64 bit applications should use the x64 protector binaries. For building x64 versions of the binaries in Visual Studio, change Active Configuration to x64. In Linker Options set Target Machine type to x64. Depending on the use, both the 64 bit and 32 bit binaries may need to be registered on an x64 operating system using %windir%\system32\regsvr32.exe and possibly %windir%\syswow64\regsvr32.exe.

Notes for the MsoIrmProtector

MsoIrmprotector embeds an unencrypted Word document with an appropriate message such as “This document has been rights managed” inside every protected document. This is done so that if the document is opened in a version of Office that does not support protection, such as Office XP, the message appears. In the current implementation of MsoIrmProtector, the HrInit method retrieves three files from disk from a path like the following:
<MsoIrmProtector DLL Path>\<lang Id>\<MsoIrmProtector DLL Name>.<doc,ppt,xls>

For example, in the MsoIrmProtector project, the .dll built is MsoIrmProtector.dll. If it is registered from C:\protectors\MsoIrmProtector.dll, the protector expects the following files to be present on the English (Lang Id: 1033) SKU:

These files must be present for protection and unprotection to succeed. They are included in the sample project in the MsoIrmProtector\templates directory.

Setting Up Microsoft Office in the RMS Pre-Production Hierarchy

Application developers who develop IRM-enabled applications frequently work in the RMS pre-production hierarchy. Included with the protector code sample is a document that provides step-by-step instructions on configuring Office 2007 IRM-enabled applications to function correctly in the pre-production hierarchy.

Additional Resources

If you would like to build your own custom protectors, see the documentation on MSDN:
Last edited Jun 30 2008 at 10:14 PM  by BillHeinson, version 42
Kazushi wrote  May 21 2010 at 5:20 AM  
This is great! I tried to make protector like this. But I could not. Because I didn't know how to authenticate with RMS from server services. The problem was that user login dialogbox is showed.

Page view tracker