tested version: calligra-sheets-3.0.1-16.fc27.x86_64 ODF 1.1 allowed these attributes to set passwords to "protect" spreadsheet documents and sheets, and did not specify in any way what their string value means. ODF 1.2 part 1 says about them: 19.851 text:protection-key-digest-algorithm ... The password shall be provided as a sequence of bytes in UTF-8 encoding. ... Consumers shall support http://www.w3.org/2000/09/xmldsig#sha1, which is the default, and http://www.w3.org/2000/09/xmldsig#sha256. bugs vs. ODF 1.2: 1. apparently the implementation uses UTF-16 little-endian encoding for the password, at least LibreOffice 5.4 can verify the password and it only uses UTF-16 2. only SHA1 is supported, not the mandatory SHA256 verifying the above variants in addition to the currently implemented one would be nice i guess. see LO bug https://bugs.documentfoundation.org/show_bug.cgi?id=115483 and LO fix http://cgit.freedesktop.org/libreoffice/core/commit/?id=398275ba9f4d65bebcc78864e70eee6212a84397 for inspiration, particularly SvPasswordHelper::CompareHashPassword which does all verification in one place.
Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version? If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!