public static bool EncryptFileAndEmbedExpireTime(string fileName, string passPhrase, DateTime expireTimeUtc, out string lastError)
{
bool ret = false;
lastError = string.Empty;
try
{
if (!File.Exists(fileName))
{
lastError = fileName + " doesn't exist.";
return(false);
}
byte[] encryptionKey = Utils.GetKeyByPassPhrase(passPhrase);
byte[] iv = Utils.GetRandomIV();
ret = FilterAPI.AESEncryptFile(fileName, (uint)encryptionKey.Length, encryptionKey, (uint)iv.Length, iv, false);
if (!ret)
{
lastError = "Encrypt file " + fileName + " failed with error:" + FilterAPI.GetLastErrorMessage();
return(ret);
}
FileStream fs = new FileStream(fileName, FileMode.Append, FileAccess.Write, FileShare.Read);
long fileSize = fs.Length;
BinaryWriter bw = new BinaryWriter(fs);
bw.Write(FilterAPI.MESSAGE_SEND_VERIFICATION_NUMBER);
bw.Write(fileSize);
bw.Write(iv);
bw.Write(expireTimeUtc.ToFileTimeUtc());
fs.Close();
FileAttributes attributes = File.GetAttributes(fileName) | FileAttributes.ReadOnly;
File.SetAttributes(fileName, attributes);
}
catch (Exception ex)
{
ret = false;
lastError = "EncryptFileAndEmbedExpireTime " + fileName + " failed with error:" + ex.Message;
}
return(ret);
}
/// <summary>
/// Create an encrypted file with embedded access control policy, distribute the encrypted file via internet,
/// only the authorized users and processes can access the encrypted file.
/// </summary>
/// <param name="fileName"></param>
/// <param name="passPhrase"></param>
/// <param name="policy"></param>
/// <param name="lastError"></param>
/// <returns></returns>
public static bool EncryptFileWithEmbeddedPolicy(string fileName, string passPhrase, AESAccessPolicy policy, out string lastError)
{
bool ret = false;
FileStream fs = null;
lastError = string.Empty;
try
{
if (!File.Exists(fileName))
{
lastError = fileName + " doesn't exist.";
return(false);
}
FileAttributes attributes = File.GetAttributes(fileName);
attributes = (~FileAttributes.ReadOnly) & attributes;
File.SetAttributes(fileName, attributes);
byte[] encryptionKey = Utils.GetKeyByPassPhrase(passPhrase);
byte[] iv = Utils.GetRandomIV();
//encrypt the file with encryption key and a random iv key.
ret = FilterAPI.AESEncryptFile(fileName, (uint)encryptionKey.Length, encryptionKey, (uint)iv.Length, iv, false);
if (!ret)
{
lastError = "Encrypt file " + fileName + " failed with error:" + FilterAPI.GetLastErrorMessage();
return(ret);
}
fs = new FileStream(fileName, FileMode.Append, FileAccess.Write, FileShare.Read);
long fileSize = fs.Length;
MemoryStream ms = new MemoryStream();
BinaryWriter bw = new BinaryWriter(ms);
bw.Write(AES_VERIFICATION_KEY);
bw.Write(policy.AESFlags);
bw.Write(iv.Length);
bw.Write(iv);
bw.Write(policy.ExpireTime);
bw.Write(policy.AccessFlags);
bw.Write(fileSize);
bw.Write(policy.LengthOfIncludeProcessNames);
policy.OffsetOfIncludeProcessNames = (uint)ms.Length + 7 * 4;
bw.Write(policy.OffsetOfIncludeProcessNames);
bw.Write(policy.LengthOfExcludeProcessNames);
policy.OffsetOfExcludeProcessNames = policy.OffsetOfIncludeProcessNames + policy.LengthOfIncludeProcessNames;
bw.Write(policy.OffsetOfExcludeProcessNames);
bw.Write(policy.LengthOfIncludeUserNames);
policy.OffsetOfIncludeUserNames = policy.OffsetOfExcludeProcessNames + policy.LengthOfExcludeProcessNames;
bw.Write(policy.OffsetOfIncludeUserNames);
bw.Write(policy.LengthOfExcludeUserNames);
policy.OffsetOfExcludeUserNames = policy.OffsetOfIncludeUserNames + policy.LengthOfIncludeUserNames;
bw.Write(policy.OffsetOfExcludeUserNames);
byte[] strBuffer;
if (policy.LengthOfIncludeProcessNames > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.IncludeProcessNames);
bw.Write(strBuffer);
}
if (policy.LengthOfExcludeProcessNames > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.ExcludeProcessNames);
bw.Write(strBuffer);
}
if (policy.LengthOfIncludeUserNames > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.IncludeUserNames);
bw.Write(strBuffer);
}
if (policy.LengthOfExcludeUserNames > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.ExcludeUserNames);
bw.Write(strBuffer);
}
uint sizeOfAESData = (uint)ms.Length + 4;
byte[] AESBuffer = ms.ToArray();
//encrypt the access policy except the sizeOfAESData;
FilterAPI.AESEncryptDecryptBuffer(AESBuffer, 0, encryptionKey, FilterAPI.DEFAULT_IV_TAG);
//append the access policy to the encrypted file.
fs.Write(AESBuffer, 0, AESBuffer.Length);
fs.Write(BitConverter.GetBytes(sizeOfAESData), 0, 4);
//set the encrypted file to readonly here.
attributes = File.GetAttributes(fileName) | FileAttributes.ReadOnly;
File.SetAttributes(fileName, attributes);
}
catch (Exception ex)
{
ret = false;
lastError = "EncryptFileAndEmbedExpireTime " + fileName + " failed with error:" + ex.Message;
}
finally
{
if (null != fs)
{
fs.Close();
}
}
return(ret);
}