private static void UsingPassword(string inputFilePath, byte[] passwordBytes)
{
try
{
bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath);
if (fileIsDirectory)
{
DirectoryEncryption.UsingPassword(inputFilePath, passwordBytes);
return;
}
// Derive a unique KEK per file
byte[] salt = Generate.Salt();
byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt);
// Fill the ephemeral public key header with random key (since not in use)
byte[] randomEphemeralPublicKeyHeader = Generate.EphemeralPublicKeyHeader();
string outputFilePath = GetOutputFilePath(inputFilePath);
EncryptFile.Initialize(inputFilePath, outputFilePath, randomEphemeralPublicKeyHeader, salt, keyEncryptionKey);
Utilities.ZeroArray(keyEncryptionKey);
EncryptionSuccessful(inputFilePath, outputFilePath);
}
catch (Exception ex) when(ExceptionFilters.FileAccess(ex))
{
Logging.LogException(ex.ToString(), Logging.Severity.Error);
DisplayMessage.FilePathException(inputFilePath, ex.GetType().Name, "Unable to encrypt the file.");
}
}
public static void UsingPassword(string directoryPath, byte[] passwordBytes)
{
bool overwriteOption = Globals.Overwrite;
try
{
// Always overwrite directories
string backupDirectoryPath = BackupDirectory(directoryPath);
Globals.Overwrite = true;
string[] filePaths = GetFiles(directoryPath, out string newDirectoryPath);
// Generate one salt for the entire directory
byte[] salt = Generate.Salt();
CreateSaltFile(newDirectoryPath, salt);
// Perform password hashing once
byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt);
EncryptEachFileWithPassword(filePaths, salt, keyEncryptionKey);
RenameBackupDirectory(backupDirectoryPath, directoryPath);
}
catch (Exception ex) when(ExceptionFilters.FileAccess(ex))
{
Logging.LogException(ex.ToString(), Logging.Severity.Error);
DisplayMessage.FilePathException(directoryPath, ex.GetType().Name, "Unable to encrypt the directory.");
}
finally
{
Globals.Overwrite = overwriteOption;
}
}
public static void UsingPassword(string directoryPath, byte[] passwordBytes)
{
try
{
string[] filePaths = GetFiles(directoryPath);
string saltFilePath = Path.Combine(directoryPath, Constants.SaltFile);
if (!File.Exists(saltFilePath))
{
throw new FileNotFoundException("No salt file found. Unable to decrypt the directory. Please decrypt these files individually.");
}
byte[] salt = File.ReadAllBytes(saltFilePath);
if (salt.Length != Constants.SaltLength)
{
throw new ArgumentException("Invalid salt length.");
}
byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt);
DecryptEachFileWithPassword(filePaths, keyEncryptionKey);
Finalize(directoryPath, saltFilePath);
}
catch (Exception ex) when(ExceptionFilters.FileAccess(ex))
{
Logging.LogException(ex.ToString(), Logging.Severity.Error);
if (ex is ArgumentException || ex is FileNotFoundException)
{
DisplayMessage.FilePathError(directoryPath, ex.Message);
return;
}
DisplayMessage.FilePathException(directoryPath, ex.GetType().Name, "Unable to decrypt the directory.");
}
}
private static void UsingPassword(string inputFilePath, byte[] passwordBytes)
{
try
{
bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath);
if (fileIsDirectory)
{
DirectoryDecryption.UsingPassword(inputFilePath, passwordBytes);
return;
}
byte[] salt = FileHeaders.ReadSalt(inputFilePath);
byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt);
string outputFilePath = GetOutputFilePath(inputFilePath);
DecryptFile.Initialize(inputFilePath, outputFilePath, keyEncryptionKey);
Utilities.ZeroArray(keyEncryptionKey);
DecryptionSuccessful(inputFilePath, outputFilePath);
}
catch (Exception ex) when(ExceptionFilters.FileAccess(ex))
{
Logging.LogException(ex.ToString(), Logging.Severity.Error);
if (ex is ArgumentException || ex is ArgumentOutOfRangeException)
{
DisplayMessage.FilePathMessage(inputFilePath, ex.Message);
return;
}
DisplayMessage.FilePathException(inputFilePath, ex.GetType().Name, "Unable to decrypt the file.");
}
}
private static void UsingPassword(string inputFilePath, byte[] passwordBytes)
{
try
{
bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath);
if (fileIsDirectory)
{
DirectoryEncryption.UsingPassword(inputFilePath, passwordBytes);
return;
}
// Derive a unique KEK per file
byte[] salt = Generate.Salt();
byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt);
// Fill unused header with random public key
byte[] ephemeralPublicKey = Generate.EphemeralPublicKeyHeader();
string outputFilePath = GetOutputFilePath(inputFilePath);
EncryptFile.Initialize(inputFilePath, outputFilePath, ephemeralPublicKey, salt, keyEncryptionKey);
CryptographicOperations.ZeroMemory(keyEncryptionKey);
EncryptionSuccessful(inputFilePath, outputFilePath);
}
catch (Exception ex) when(ExceptionFilters.Cryptography(ex))
{
DisplayMessage.FilePathException(inputFilePath, ex.GetType().Name, "Unable to encrypt the file.");
}
}
public static byte[] Encrypt(byte[] passwordBytes, byte[] keyAlgorithm, byte[] privateKey)
{
byte[] salt = Generate.Salt();
byte[] key = Argon2.DeriveKey(passwordBytes, salt);
CryptographicOperations.ZeroMemory(passwordBytes);
byte[] nonce = Generate.Nonce();
byte[] additionalData = Arrays.Concat(keyAlgorithm, Constants.PrivateKeyVersion);
byte[] encryptedPrivateKey = XChaCha20BLAKE2b.Encrypt(privateKey, nonce, key, additionalData, TagLength.Medium);
CryptographicOperations.ZeroMemory(privateKey);
CryptographicOperations.ZeroMemory(key);
return(Arrays.Concat(additionalData, salt, nonce, encryptedPrivateKey));
}
private static byte[] Decrypt(byte[] passwordBytes, byte[] privateKey)
{
byte[] keyAlgorithm = GetKeyAlgorithm(privateKey);
byte[] keyVersion = GetKeyVersion(privateKey);
byte[] salt = GetSalt(privateKey);
byte[] nonce = GetNonce(privateKey);
byte[] encryptedPrivateKey = GetEncryptedPrivateKey(privateKey);
byte[] additionalData = Arrays.Concat(keyAlgorithm, keyVersion);
byte[] key = Argon2.DeriveKey(passwordBytes, salt);
CryptographicOperations.ZeroMemory(passwordBytes);
byte[] decryptedPrivateKey = XChaCha20BLAKE2b.Decrypt(encryptedPrivateKey, nonce, key, additionalData, TagLength.Medium);
CryptographicOperations.ZeroMemory(key);
return(decryptedPrivateKey);
}
public static byte[] Encrypt(byte[] passwordBytes, byte[] privateKey, byte[] keyAlgorithm)
{
byte[] salt = Generate.Salt();
byte[] key = Argon2.DeriveKey(passwordBytes, salt);
Utilities.ZeroArray(passwordBytes);
byte[] nonce = Generate.Nonce();
byte[] additionalData = Utilities.ConcatArrays(keyAlgorithm, Constants.PrivateKeyVersion);
byte[] keyCommitmentBlock = ChunkHandling.GetKeyCommitmentBlock();
privateKey = Utilities.ConcatArrays(keyCommitmentBlock, privateKey);
byte[] encryptedPrivateKey = SecretAeadXChaCha20Poly1305.Encrypt(privateKey, nonce, key, additionalData);
Utilities.ZeroArray(privateKey);
Utilities.ZeroArray(key);
return(Utilities.ConcatArrays(additionalData, salt, nonce, encryptedPrivateKey));
}
private static byte[] Decrypt(byte[] passwordBytes, byte[] privateKey)
{
byte[] keyAlgorithm = GetKeyAlgorithm(privateKey);
byte[] keyVersion = GetKeyVersion(privateKey);
byte[] salt = GetSalt(privateKey);
byte[] nonce = GetNonce(privateKey);
byte[] additionalData = Utilities.ConcatArrays(keyAlgorithm, keyVersion);
byte[] encryptedPrivateKey = GetEncryptedPrivateKey(privateKey);
byte[] key = Argon2.DeriveKey(passwordBytes, salt);
Utilities.ZeroArray(passwordBytes);
byte[] decryptedPrivateKey = SecretAeadXChaCha20Poly1305.Decrypt(encryptedPrivateKey, nonce, key, additionalData);
Utilities.ZeroArray(key);
ChunkHandling.ValidateKeyCommitmentBlock(decryptedPrivateKey);
return(ChunkHandling.RemoveKeyCommitmentBlock(decryptedPrivateKey));
}
public static void UsingPassword(string directoryPath, byte[] passwordBytes)
{
try
{
string[] filePaths = GetFiles(ref directoryPath);
// Generate one salt for all files in directory
byte[] salt = Generate.Salt();
CreateSaltFile(directoryPath, salt);
// Perform password hashing once
byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt);
EncryptEachFileWithPassword(filePaths, salt, keyEncryptionKey);
}
catch (Exception ex) when(ExceptionFilters.FileAccess(ex))
{
Logging.LogException(ex.ToString(), Logging.Severity.Error);
DisplayMessage.FilePathException(directoryPath, ex.GetType().Name, "Unable to encrypt the directory.");
}
}
private static void UsingPassword(string inputFilePath, byte[] passwordBytes)
{
try
{
bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath);
if (fileIsDirectory)
{
DirectoryDecryption.UsingPassword(inputFilePath, passwordBytes);
return;
}
using var inputFile = new FileStream(inputFilePath, FileMode.Open, FileAccess.Read, FileShare.Read, Constants.FileStreamBufferSize, FileOptions.RandomAccess);
byte[] ephemeralPublicKey = FileHeaders.ReadEphemeralPublicKey(inputFile);
byte[] salt = FileHeaders.ReadSalt(inputFile);
byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt);
string outputFilePath = GetOutputFilePath(inputFilePath);
DecryptFile.Initialize(inputFile, outputFilePath, ephemeralPublicKey, keyEncryptionKey);
CryptographicOperations.ZeroMemory(keyEncryptionKey);
DecryptionSuccessful(inputFilePath, outputFilePath);
}
catch (Exception ex) when(ExceptionFilters.Cryptography(ex))
{
FileException(inputFilePath, ex);
}
}
