Encryption — Aspose.Cells FOSS for Python API Reference
aspose-cells-foss supports AES encryption and decryption of XLSX files via the module-level functions encrypt_xlsx and decrypt_xlsx. Two parameter classes configure the cipher algorithm, hash algorithm, and PBKDF2 spin count. The recommended default is AgileEncryptionParameters with AES-256 and SHA-512.
Package: aspose.cells_foss
from aspose.cells_foss import (
CipherAlgorithm, HashAlgorithm,
AgileEncryptionParameters, StandardEncryptionParameters,
encrypt_xlsx, decrypt_xlsx, get_default_encryption_params,
)CipherAlgorithm
CipherAlgorithm is an IntEnum specifying the AES key length. All variants use AES in CBC mode with a 16-byte block size.
| Member | Key bits | alg_id |
|---|---|---|
AES_128 | 128 | — |
AES_192 | 192 | — |
AES_256 | 256 | — |
Properties
| Property | Type | Description |
|---|---|---|
algorithm_name | str | Always "AES". |
key_bits | int | AES key length in bits (128, 192, or 256). |
alg_id | int | Numeric algorithm identifier used in the OOXML encryption record. |
key_bytes | int | Key length in bytes (key_bits // 8). |
block_size | int | Always 16 (AES block size in bytes). |
HashAlgorithm
HashAlgorithm is an IntEnum specifying the hash function used for PBKDF2 key derivation.
| Member | Hash bytes | alg_id |
|---|---|---|
SHA1 | 20 | — |
SHA256 | 32 | — |
SHA384 | 48 | — |
SHA512 | 64 | — |
Properties
| Property | Type | Description |
|---|---|---|
algorithm_name | str | Hash function name (e.g., "SHA-512"). |
hash_bytes | int | Digest length in bytes. |
alg_id | int | Numeric algorithm identifier used in the OOXML encryption record. |
AgileEncryptionParameters
AgileEncryptionParameters configures the Agile Encryption scheme (ECMA-376, part 4), which is the default and recommended format for modern Excel files (Excel 2010+).
Constructor
AgileEncryptionParameters(
cipher_algorithm=CipherAlgorithm.AES_256,
hash_algorithm=HashAlgorithm.SHA512,
spin_count=100000
)| Parameter | Type | Default | Description |
|---|---|---|---|
cipher_algorithm | CipherAlgorithm | AES_256 | AES key length to use. |
hash_algorithm | HashAlgorithm | SHA512 | Hash function for PBKDF2 key derivation. |
spin_count | int | 100000 | Number of PBKDF2 iterations. Higher values increase brute-force resistance at the cost of open/save time. |
Properties
| Property | Type | Description |
|---|---|---|
encryption_type | str | Always "agile". |
cipher_algorithm | CipherAlgorithm | Configured cipher. |
hash_algorithm | HashAlgorithm | Configured hash function. |
spin_count | int | PBKDF2 iteration count. |
salt_size | int | Salt length in bytes (derived from cipher block size). |
block_size | int | Cipher block size in bytes (always 16 for AES). |
key_bits | int | Key length in bits. |
StandardEncryptionParameters
StandardEncryptionParameters configures the Standard Encryption scheme for compatibility with Excel 2007. Prefer AgileEncryptionParameters for new files.
Constructor
StandardEncryptionParameters(
cipher_algorithm=CipherAlgorithm.AES_128,
hash_algorithm=HashAlgorithm.SHA1,
spin_count=50000
)The properties mirror those of AgileEncryptionParameters. The encryption_type property is "standard".
Module Functions
encrypt_xlsx
encrypt_xlsx(
input_path: str,
output_path: str,
password: str,
encryption_params=None
) -> NoneReads the XLSX file at input_path, encrypts it with password using the specified encryption_params, and writes the encrypted file to output_path.
| Parameter | Type | Description |
|---|---|---|
input_path | str | Path to the source XLSX file. |
output_path | str | Destination path for the encrypted file. May be the same as input_path for in-place encryption. |
password | str | Encryption password. |
encryption_params | AgileEncryptionParameters | StandardEncryptionParameters | None | Encryption configuration. When None, get_default_encryption_params() is used (AES-256/SHA-512, 100000 iterations). |
decrypt_xlsx
decrypt_xlsx(
input_path: str,
output_path: str,
password: str
) -> boolDecrypts the XLSX file at input_path using password and writes the plaintext XLSX to output_path. Returns True if decryption succeeded, False if the password was incorrect or the file was not encrypted.
get_default_encryption_params
get_default_encryption_params() -> AgileEncryptionParametersReturns an AgileEncryptionParameters instance configured with AES_256, SHA512, and spin_count=100000. Use this to inspect or clone the library defaults before customizing.
Examples
Encrypt a Workbook
from aspose.cells_foss import Workbook, encrypt_xlsx, AgileEncryptionParameters, CipherAlgorithm, HashAlgorithm
# 1. Build and save an unencrypted workbook
wb = Workbook()
ws = wb.worksheets[0]
ws.cells["A1"].put_value("Confidential data")
wb.save("report.xlsx")
# 2. Encrypt with default AES-256/SHA-512 settings
encrypt_xlsx("report.xlsx", "report_secure.xlsx", password="MyP@ssw0rd!")
# 3. Alternatively, use a lower spin count for faster open/save cycles during development
params = AgileEncryptionParameters(
cipher_algorithm=CipherAlgorithm.AES_256,
hash_algorithm=HashAlgorithm.SHA256,
spin_count=10000,
)
encrypt_xlsx("report.xlsx", "report_dev.xlsx", password="dev_only", encryption_params=params)Decrypt a Workbook
from aspose.cells_foss import decrypt_xlsx, Workbook
success = decrypt_xlsx("report_secure.xlsx", "report_decrypted.xlsx", password="MyP@ssw0rd!")
if success:
wb = Workbook("report_decrypted.xlsx")
print(wb.worksheets[0].cells["A1"].value)
else:
print("Incorrect password or file is not encrypted.")Open an Encrypted File Directly
The Workbook constructor also accepts a password parameter to open encrypted files without a separate decryption step:
from aspose.cells_foss import Workbook
wb = Workbook("report_secure.xlsx", password="MyP@ssw0rd!")
print(wb.worksheets[0].cells["A1"].value)
wb.save("report_updated_secure.xlsx", password="MyP@ssw0rd!")