My small business has old .pub newsletters we need to reopen — what are the odds?

Very high for Publisher 2003 and earlier files (near 100% with our guaranteed service). For Publisher 2007 and 2010 files, around 55-70% using dictionary attacks with a targeted wordlist built around your organisation's name, address and people. For Publisher 2013+ the rate drops to 30-50%. Newsletters and marketing materials tend to have lighter passwords than internal corporate files because the creators were focused on design rather than security, which helps our recovery rates.

Microsoft Publisher .pub

Microsoft Publisher Password Recovery

Q: Is Microsoft Publisher still supported?

Publisher is still included in the perpetual-licence Office 2021 LTSC and some Microsoft 365 Business subscriptions, but Microsoft has announced that it will retire Publisher in October 2026 — it will disappear from Microsoft 365 at that point. Publisher was always Windows-only; a native Mac version never shipped. Users on Mac and Linux have historically relied on LibreOffice Draw or commercial tools like Affinity Publisher to open .pub files.

Q: What encryption does a .pub file use?

It depends on the Publisher version that wrote the file. Publisher 2003 and earlier used an OLE2 compound document with either a weak 'password to open' flag (no real encryption) or RC4 40-bit. Publisher 2007 introduced the OOXML encryption envelope with AES-128 + SHA-1 (hashcat mode 9400). Publisher 2010 moved to AES-128 + SHA-1 at 100,000 iterations (mode 9500). Publisher 2013+ upgraded to AES-128 + SHA-512 at 100,000 iterations (mode 9600). Publisher 2019+ uses AES-256 within the same 9600 mode.

Q: Can LibreOffice Draw open password-protected .pub files?

Only in narrow cases. LibreOffice uses the libmspub filter, which reads older .pub files (Publisher 97 through 2003) and may display the contents even when a 'password to open' flag is set — because the filter does not honour the flag the same way Publisher does. However, for files with actual RC4 40-bit encryption or any 2007+ AES file, LibreOffice cannot decrypt without the password. Always try opening the file in LibreOffice Draw first as a quick bypass check; it costs nothing and sometimes just works.

Q: Is there a Mac way to recover a .pub password?

Yes — the recovery workflow itself is OS-agnostic once you have the hash. office2john.py runs on macOS (requires python3). hashcat runs on Apple Silicon via Metal compute shaders (hashcat 6.2.6+) or on Apple's CPUs. You do not need Windows to recover the password; you only need it to reopen the unlocked file, because Publisher itself is Windows-only. After recovery many users open the .pub file in LibreOffice Draw on Mac to extract text and images.

Microsoft Publisher is the forgotten Office application — the desktop-publishing tool that has shipped quietly since 1991, never left Windows, never gained the prominence of Word or PowerPoint, and will finally be retired from Microsoft 365 in October 2026. For small businesses, churches, schools, community clubs and independent newsletter producers, Publisher has been indispensable, and thousands of organisations still have .pub archives that cannot be opened because the password is lost. This guide covers every Publisher version from Publisher 97 through Publisher 2021, the differences between weak legacy obfuscation and modern AES, the LibreOffice Draw bypass trick that sometimes works on older files without any cryptographic effort at all, and the realistic path to recovery when the file is genuinely encrypted.

The Publisher Family Tree

Publisher has gone through more quiet revisions than almost any Office application. The file format has tracked the encryption pipeline of the rest of Office but lagged behind by one version — a quirk that helps recovery. The family tree matters because the version written into the file determines what recovery method applies.

Publisher version	Year	Encryption	Attack
Publisher 97 / 98 / 2000	1996-1999	XOR obfuscation / "open-only" flag	Instant, LibreOffice bypass or free tool
Publisher 2002 / 2003	2001-2003	OLE2 + RC4 40-bit	Guaranteed recovery, 100%
Publisher 2007	2006	OOXML AES-128 SHA-1 (50K)	hashcat -m 9400, 55-70%
Publisher 2010	2010	OOXML AES-128 SHA-1 (100K)	hashcat -m 9500, 45-65%
Publisher 2013 / 2016	2013-2015	OOXML AES-128 SHA-512 (100K)	hashcat -m 9600, 30-50%
Publisher 2019 / 2021 / 365	2018-2024	OOXML AES-256 SHA-512 (100K)	hashcat -m 9600, 25-45%
October 2026 onward	—	Publisher discontinued	Legacy files only

Try LibreOffice Draw first — it is free and takes 30 seconds

If you are on Publisher 97, 98, 2000 or a 2002/2003 file without full encryption, LibreOffice Draw (a free download from libreoffice.org) uses the community-maintained libmspub filter to read .pub files. The filter does not honour Publisher's "password to open" flag on legacy files in the same way Publisher does, which means a file locked with a pre-encryption password may open without any prompt at all. Always try this before buying any tool or uploading anywhere. If it works you are done; if the file asks for a password in LibreOffice too, you are looking at real encryption and need the hash-extraction path below.

Why Publisher Gets Password-Protected

Publisher's user base is overwhelmingly small-to-medium sized organisations producing print-ready marketing materials in-house: church newsletters, school fundraiser flyers, restaurant menus, club annual reports, realtor property packages, community event programmes. The password is most often set to prevent accidental edits by non-original authors rather than to protect sensitive information. That matters because the passwords chosen in this context tend to be light — organisational names, acronyms, the author's first name, a year, an ampersand or exclamation. Our hit rate on Publisher files is consequently higher than on comparable-era Word/Excel corporate files, even though the underlying cryptography is identical.

A second common scenario: a design freelancer delivered a .pub file to a client, set a password so the client could not modify the deliverable, and either charged extra for the "unlocked" version or moved on without the client noticing. Years later the client wants to reuse the artwork, the freelancer is unreachable, and the only copy of the newsletter is the locked .pub. These are routine enterprise queries for us and almost always recover on Phase 1 dictionary because the passwords are simple business English.

Identifying Publisher Version from the File

The quickest way to identify what flavour of .pub you are looking at is to open the first few kilobytes in a hex editor. All Publisher versions share the OLE2 Compound Document header (D0 CF 11 E0 A1 B1 1A E1) but the internal streams differ.

# Quickly list internal streams using Python + olefile
pip install olefile
python3 <<'PY'
import olefile
ol = olefile.OleFileIO("brochure.pub")
for path in ol.listdir():
    print("/".join(path))
PY

# Publisher 2003 and earlier streams typically contain:
#   'Quill96 Story Group Class'
#   'SummaryInformation'
#   'Contents'   (the actual layout, encrypted with RC4 if set)
#
# Publisher 2007+ encrypted files contain:
#   'EncryptionInfo'
#   'EncryptedPackage'
# (same names as Word/Excel/PowerPoint 2007+)

If you see EncryptionInfo and EncryptedPackage, the file is Publisher 2007 or later and the recovery workflow is identical to Office 2007+ AES. If you see Quill96, the file is Publisher 2003 or earlier and may be legacy-RC4 or merely flag-protected.

Recovery Workflow for Publisher 2007+

For any Publisher file from 2007 onwards, the path is exactly the path documented for Word, Excel and PowerPoint. Because the .pub uses the same Office encryption envelope as Word/Excel/PowerPoint of the same vintage, the office2john.py extractor and the hashcat Office modes apply unchanged.

# 1. Extract hash
git clone https://github.com/openwall/john
cd john/run
python3 office2john.py ../../../newsletter.pub > hash.txt

# 2. Inspect the hash to identify the sub-version
cat hash.txt
# e.g. newsletter.pub:$office$*2013*100000*128*16*a3b2...

# 3. Choose hashcat mode
#    $office$*2007*  -> -m 9400
#    $office$*2010*  -> -m 9500
#    $office$*2013*  -> -m 9600  (also covers 2016/2019/2021)

# 4. Run dictionary + rules
hashcat -m 9600 -a 0 hash.txt rockyou.txt -r rules/T0XlC.rule

# 5. Escalate to targeted wordlist
# Build from organisation name, city, year, people names
cat org_dict.txt | sort -u > targeted.txt
hashcat -m 9600 -a 0 hash.txt targeted.txt         -r rules/best64.rule -r rules/OneRule.rule

The targeted wordlist makes the biggest practical difference. A 500-word list built around an organisation — its name, abbreviations, founders, city, founding year, slogan — combined with rule mutations (OneRuleToRuleThemAll, T0XlC, d3ad0ne) generates tens of millions of candidates that statistically cover the passwords typical small organisations actually set.

Recovery Workflow for Publisher 2003 and Earlier

Three paths exist for legacy .pub files, in order of preference.

1. LibreOffice Draw bypass

Download and install LibreOffice. Drag the .pub into LibreOffice Draw. If it opens, the file was flag-protected and you are done. Export to .pdf or .odg for editing.

2. Free OLE2 password tool

For files that use true RC4 40-bit encryption (Publisher 2002/2003 with password-set), the same tools that unlock Office 97-2003 work. The key space is only 2⁴⁰ which is small enough that pre-computed tables exist for near-instant decryption regardless of the password string.

3. Our guaranteed recovery service

Publisher 2002/2003 files are on our guaranteed recovery list with the same $34.99 release price after proof, turnaround in hours. Upload on the home page — the free check runs first at no cost. If it is a legacy RC4 file we always recover.

Publisher retirement in October 2026

Microsoft has officially announced that Publisher will be removed from Microsoft 365 in October 2026. Perpetual-licence Office 2021 LTSC customers will keep Publisher until end of support, but the application will receive no further updates. If you are reading this in 2026 or later, plan now to export your .pub archive to PDF or import it into alternatives like Affinity Publisher, Adobe InDesign, Scribus (free) or LucidPress. Export requires that you open each file first — which means unlocking password-protected ones before the deadline while Publisher is still available to open them.

Publisher Never Shipped for Mac

A recurring support question: "Is there Publisher for Mac?" No — Microsoft never released a Mac version of Publisher, and never will. Mac users who receive .pub files from Windows colleagues have three options: open the file in LibreOffice Draw on Mac (works for most files, may break complex layouts), use a commercial third-party reader, or get the sender to export to PDF before transmitting. For Mac users with a forgotten password on a .pub file they own, the recovery workflow itself still runs on macOS — office2john.py is pure Python, hashcat has Apple Silicon support — so the Mac limitation only applies to reopening the unlocked file, not to cracking it.

If you need to reopen a recovered .pub on a Mac, Affinity Publisher ($69 one-time, Mac + Windows + iPad) imports .pub files directly. LibreOffice Draw is free but handles only a subset of Publisher features faithfully. Scribus is another free option. None of these reproduce Publisher's layout exactly for complex documents, so be prepared for some manual cleanup.

Realistic Recovery Expectations

Across the 600+ Publisher recovery jobs we have processed in the last two years, the success pattern is clear:

Publisher 97-2003: near 100% recovery. Either LibreOffice bypass, free tool, or our guaranteed RC4 attack. Passwords are irrelevant on guaranteed.
Publisher 2007-2010: 55-70% recovery on Phase 1 dictionary (rockyou + T0XlC), another 10-15% on Phase 2 targeted wordlist. Final 15-35% requires mask attacks or remain unrecovered.
Publisher 2013-2016: 30-50% on Phase 1+2, another 5-10% on Phase 3 (full rockyou + OneRule). 40-60% remain unrecovered within a 24-hour budget.
Publisher 2019-2021: 25-45%. Identical to modern Office 2019 recovery characteristics.

The headline is that a .pub from a small business or community organisation is far more likely to recover than a random corporate .docx, because the password-selection habits of the Publisher user base skew toward dictionary-friendly strings.

Upload your .pub file for a free check

We run every uploaded .pub against a 140M common-password dictionary at no cost. If it hits, we quote a standard Tier-1 recovery. If the file is Publisher 2003 or earlier, we always recover at the fixed guaranteed price. See the full list of supported file types.

Upload .pub file for free check

Common Misunderstandings

"Publisher uses special encryption because it is for design."

No — Publisher uses the identical encryption pipeline as Word and Excel of the same era. There is nothing unique about .pub cryptographically.

"I need Publisher to open my .pub. I do not have it anymore."

LibreOffice Draw, Affinity Publisher and Scribus all open .pub files with varying fidelity. For just extracting text and images, LibreOffice is fine.

"Can I open a Publisher 2003 password-protected .pub in Publisher 2019?"

Yes, Publisher 2019 reads every older .pub format. But it will still ask for the password if one was set. Recovery workflow is unchanged.

"The file opens but I cannot edit text."

That is not password protection — Publisher does not support read-only-via-password the way Word does. It is more likely that the text frames are set as "locked" (a design-time property, not cryptographic). Unlock via right-click → Format → Lock anchor.

Frequently Asked Questions

Is Microsoft Publisher still supported?

Publisher is included in Office 2021 LTSC and some Microsoft 365 Business plans, but will be retired from Microsoft 365 in October 2026. Publisher has always been Windows-only; no Mac version exists.

What encryption does a .pub file use?

Publisher 2003 and earlier: weak OLE2 with XOR or RC4 40-bit. Publisher 2007+: standard Office OOXML envelope with AES-128 SHA-1 (2007), AES-128 SHA-1 100K (2010), AES-128 SHA-512 100K (2013+), AES-256 SHA-512 100K (2019+).

Can LibreOffice Draw open password-protected .pub files?

For Publisher 97-2003 files with the 'open-only' flag, often yes — LibreOffice's libmspub filter does not always honour the flag. For files with real RC4 or AES encryption, LibreOffice cannot decrypt. Always try LibreOffice Draw first as a free bypass check.

Is there a Mac way to recover a .pub password?

Yes. office2john.py runs on macOS. Hashcat has Apple Silicon support. You can perform the entire recovery on Mac. You will still need Windows or LibreOffice Draw to open the unlocked file, because Publisher itself is Windows-only.

What are the recovery odds for my file?

Near 100% for Publisher 2003 and earlier. 55-70% for Publisher 2007/2010. 30-50% for Publisher 2013/2016. 25-45% for Publisher 2019+. Small-organisation Publisher passwords tend to be dictionary-friendly, helping rates.

Related Guides

Planning for Publisher's retirement

With Publisher leaving Microsoft 365 in October 2026, organisations with .pub archives should migrate now. The sensible sequence is: unlock all password-protected .pub files first, export each to high-resolution PDF for archival, then optionally re-import into an alternative like Affinity Publisher or Scribus for future edits. Waiting until after Publisher is gone means you have a more limited set of tools to open the originals — LibreOffice Draw works for most files but struggles with complex layouts.