[Open XML] Use Powershell to secure and exchange your Open XML documents
First, let’s create a profile in order to use PowerTools each time you open a PS console. This is a completely optional step, it’s just for your convenience.
Creating a PowerShell profile
- To check if your profile is already set or not, use: test-path $PROFILE
- If the previous command returns false, then use the command: new-item –path $PROFILE –itemtype file – force
- Once your profile file is created, edit it with notepad (or another text editor) : notepad $PROFILE
- Add the command you think you need each time you use PowerShell (specific key stroke, snapin, etc), for example in our case : Set-ExecutionPolicy unrestricted; Add-PSSnapin OpenXml.PowerTools;
- Save the file
Using PowerTools to lock your documents (read-only)
To lock a WordprocessingML document in read-only mode, use the Lock-OpenXmlDocument cmdlet. This feature is use to prevent people to modify your document (be careful, this command doesn’t add a password protection, just a section lock). Here is an excerpt from the man (Get-Help command with –Detailed argument) :
SUMMARY
Locks one or more Wordprocessing documents.
SYNTAX
Lock-OpenXmlDocument [[-SuppressBackups]] [[-PassThru]] [-Document <OpenXmlPackage[]>] [[-Path] <String[]>] [-WhatI
f] [-Confirm] [<CommonParameters>]
DETAILED DESCRIPTION
The Lock-OpenXmlDocument cmdlet sets a lock inside one or more Wordprocessing documents to prevent them from being edited.
ARGUMENTS
-SuppressBackups
Use this switch to avoid generating backup files for documents specified by the Path parameter. It has no affect on objects piped into this command.
-Document <OpenXmlPackage[]>
Specifies the item(s) from the pipeline that will be modified by this command.
-Path <String[]>
Specifies the path to the item(s) to lock. Wildcards are permitted. If you specify multiple paths, use commas to separate the paths.
-------------- Example 1 --------------
C:\PS>Lock-OpenXmlDocument -Path test1.docx,test2.docx
Sets a lock on test1.docx and test2.docx that prevents them from being modified.
Like the example, run the following command (assuming MyDoc.docx is an existing document in the current directory) to lock the specified file:
lock-OpenXmlDocument -Path 'MyDoc.docx'
Here’ the result :
Sign your documents
The need to sign a document seems obvious today, however Open XML is one of the first office document file format to be ready for this feature. Signing a document is a proof that the document is emitted by the person who said he’s the author and that the document has not been altered during the transport over the wire.
The cmdlet Add-OpenXmlDigitalSignature sign a document by taking the paths of the document to sign and the certificate to use:
Add-OpenXmlDigitalSignature -Path MyDoc.docx' -Certificate 'MyCertificate.pfx'
You can’t use a password protected certificate (hope that this ’bug’ will be resolved soon).
If you want to generate a certificate, use the following commands:
makecert –sv MyKey.pvk –n “CN=<your name>” MyCertificate.cer (when ask for password, don’t enter anything and confirm the “no password protection”)
pvk2pfx –pvk MyKey.pvk –spc MyCertificate.cer –pfx MyCertificate.pfx
Pipelining the cmdlets
So far we have seen how to lock and digital sign a document independently. Now, what about pipelining both cmdlets to lock and sign the document at the same time :
lock-OpenXmlDocument –Path “MyDoc.docx” | Add-OpenXmlDigitalSignature –Certificate “MyCertificate.pfx”
With this kind of command line you can lock and sign every Open XML documents you want to exchange with third parties outside your company. Some feature are still missing in PowerTools like personal information removal but these missing cmdlets will come soon with the new PowerTools team (Eric this is for you !). Oh yes, I forgot to tell you, I recently join the PowerTools virtual dev team (and this is really a great team with talented people), so stay tune !
Ce post vous a plu ? Ajoutez le dans vos favoris pour ne pas perdre de temps à le retrouver le jour où vous en aurez besoin :
