Workbook security
Six layers wrapped around
one compiled EXE.
Password-only protection on a workbook is reverse-engineered in minutes. XLS Padlock stacks an encrypted container, formula encryption, VBA compilation, hardware locking, optional dongle support, and online validation on top of the same file. Each layer defeats a different class of attack.
Six layers, each defeating a different attack.
-
Encrypted container
Your XLSX, XLSM, or XLSB is encrypted and embedded inside the EXE. The compiled workbook never lands on disk in plaintext.
Learn more -
Formula encryption
Sensitive formulas are replaced with cryptic runtime calls. Cell values still compute, but the formula bar shows nothing copyable.
Learn more -
VBA compilation
VBA modules compile to bytecode. The original source is removed; the VBA editor cannot reveal what is inside.
Learn more -
Hardware-locked activation
You set how many machines each license may activate. Per-user keys, manual revocation, online or offline activation, deactivation and transfer.
Learn more -
Optional dongle protection
Tie the workbook to a USB hardware dongle when machine fingerprint is not enough. No dongle plugged in, no workbook running.
Learn more -
Online validation
Issue trial-period keys, revoke compromised activations from your dashboard, and validate against a server you control. Activation responses are Ed25519 signed, so a man-in-the-middle cannot forge them even over HTTPS.
Learn more
What the compiled EXE enforces at runtime.
- Anti-debugger probes block live inspection from common debuggers
- Integrity check verifies the EXE has not been patched at startup
- Save Storage encrypts user edits with AES-256-CTR and an HMAC-SHA256 tamper check
- Microsoft 365 cloud surfaces are blocked: Add-ins flyout, Automate tab, and Copilot
- Excel sheet protection still applies on top of XLS Padlock protection
- Formula Bar can be hidden so opaque calls are not even visible
- Clipboard restrictions stop selecting and copying protected ranges
- Print and Save-As can be disabled per workbook
- Trial limits (date, run count) enforced inside the compiled bytecode
The cryptographic primitives behind each layer.
Concrete primitives behind the six layers, for security reviewers and procurement audits.
- Workbook container
- Per-entry encrypted keystream, HMAC-SHA256 integrity
- Save Storage
- AES-256-CTR, HMAC-SHA256, HKDF keys
- Formula payload
- Encrypted, runtime-evaluated
- VBA modules
- Compiled to bytecode
- EXE signature
- Authenticode, SHA-256
- Cert support
- PFX, USB token, Azure, ECC
- Hardware fingerprint
- Multi-factor (CPU, disk, MAC, Windows ID), SHA-256 (enhanced fingerprint)
- Activation transport
- HTTPS, Ed25519-signed responses
Where each control beats the Excel default.
| Control | Plain Excel | XLS Padlock EXE |
|---|---|---|
| Excel password on workbook | Breakable in minutes | Replaced by an encrypted container inside the EXE |
| Excel password on VBA project | Breakable in seconds | Replaced by bytecode, no source |
| Hide formula bar | Cosmetic only | Formula is encrypted, not just hidden |
| Restrict copy / paste | Easy to bypass | Enforced by the EXE runtime |
| Per-machine binding | Not available | Hardware-locked activation included |
| Revoke a leaked copy | Not possible | Manual revocation, online validation |
You stay in control.
XLS Padlock is a one-time purchase, not a middleman between you and your buyers. Everything the protection depends on stays yours.
Shipping since 2013 from G.D.G. Software. A desktop tool you can build a business on.
- The workbook
- Your .xlsx never leaves your machine. You compile it yourself into a standalone EXE.
- The keys
- You generate, count, and revoke activation keys. No per-copy fee, no royalties on your sales.
- The server
- Activations validate against a PHP server you host and own, not ours.
- The customer
- You sell directly. The buyer relationship and the full revenue stay with you.