// TODO: Add progress bar.
private static async Task EncryptAsync(EncryptedFileHeader EncryptedFileHeader)
{
const string encryptedFileExtension = ".encrypted";
var inputPathIsFile = File.Exists(EncryptedFileHeader.Filename);
if (!inputPathIsFile && !Directory.Exists(EncryptedFileHeader.Filename))
{
throw new Exception($"{EncryptedFileHeader.Filename} input path does not exist.");
}
ThreadsafeConsole.WriteLine(inputPathIsFile ? "InputPath is a file." : "InputPath is a directory.");
// TODO: Support encrypting entire directories using System.IO.Compression.ZipFile class.
if (!inputPathIsFile)
{
throw new NotSupportedException("Encrypting directories is not supported.");
}
// Get password from user.
// TODO: Hide and confirm password.
ThreadsafeConsole.WriteLine();
ThreadsafeConsole.Write("Enter password: "******"Output filename is {outputFilename}.");
var encryptionStart = _stopwatch.Elapsed;
await using (var inputFileStream = File.Open(EncryptedFileHeader.Filename, FileMode.Open, FileAccess.Read, FileShare.Read))
await using (var outputFileStream = File.Open(outputFilename, FileMode.CreateNew, FileAccess.Write, FileShare.None))
{
// Generate key from password and random salt.
using (var random = new RNGCryptoServiceProvider()) { random.GetBytes(EncryptedFileHeader.Salt); }
using (var keyDerivation = KeyDerivation.Create(EncryptedFileHeader.KeyDerivationAlgorithm, password, EncryptedFileHeader.Salt, EncryptedFileHeader.KeyDerivationIterations))
using (var cipher = Cipher.Create(EncryptedFileHeader.CipherAlgorithm))
{
var key = keyDerivation.GetBytes(EncryptedFileHeader.KeyLength);
ThreadsafeConsole.WriteLine($"Encryption key (derived from password and a random salt) is {Convert.ToBase64String(key)}.");
// Create cipher and generate initialization vector.
// Generate a new initialization vector for each encryption to prevent identical plaintexts from producing identical ciphertexts when encrypted using the same key.
cipher.GenerateIV();
EncryptedFileHeader.InitializationVector = new byte[cipher.IV.Length];
cipher.IV.CopyTo(EncryptedFileHeader.InitializationVector, 0);
ThreadsafeConsole.WriteLine($"Cipher initialization vector is {Convert.ToBase64String(EncryptedFileHeader.InitializationVector)}.");
// Write integer length of encrypted file header followed by the the header bytes.
var fileHeaderBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(EncryptedFileHeader));
await outputFileStream.WriteAsync(BitConverter.GetBytes(fileHeaderBytes.Length));
await outputFileStream.WriteAsync(fileHeaderBytes);
// Create encrypting output stream.
var buffer = new byte[cipher.BlockSize];
using (var encryptor = cipher.CreateEncryptor(key, EncryptedFileHeader.InitializationVector))
await using (var cryptoStream = new CryptoStream(outputFileStream, encryptor, CryptoStreamMode.Write))
{
// To limit memory usage, repeatedly read a small block from input stream and write it to the encrypted output stream.
int bytesRead;
while ((bytesRead = await inputFileStream.ReadAsync(buffer, 0, buffer.Length)) > 0)
{
await cryptoStream.WriteAsync(buffer, 0, bytesRead);
}
}
}
}
var encryptionDuration = _stopwatch.Elapsed - encryptionStart;
ThreadsafeConsole.WriteLine($"Wrote encrypted file to {outputFilename}.");
ThreadsafeConsole.WriteLine($"Encryption took {encryptionDuration.TotalSeconds.ToString(_elapsedSecondsFormat)} seconds.");
}
// Encryption arguments = -i "C:\Users\Erik\Temp\Test.pdf" -o encrypt -c aescng -kd rfc2898 -kdi 1000 -kl 32 -sl 16
private static EncryptedFileHeader ParseCommandLine(IReadOnlyList <string> Arguments)
{
if (Arguments.Count % 2 != 0)
{
throw new ArgumentException("Invalid number of arguments. Arguments must be passed in a pair: -argumentName argumentValue or /argumentName argumentValue.");
}
var encryptedFileHeader = new EncryptedFileHeader();
for (var index = 0; index < Arguments.Count; index++)
{
var argumentName = Arguments[index];
index++;
var argumentValue = Arguments[index];
switch (argumentName?.ToLower())
{
case "-i":
case "/i":
case "-input":
case "/input":
encryptedFileHeader.Filename = argumentValue;
break;
case "-o":
case "/o":
case "-operation":
case "/operation":
encryptedFileHeader.Operation = Enum.Parse <Operation>(argumentValue, true);
break;
case "-c":
case "/c":
case "-cipher":
case "/cipher":
encryptedFileHeader.CipherAlgorithm = argumentValue;
break;
case "-kd":
case "/kd":
case "-keyderivation":
case "/keyderivation":
encryptedFileHeader.KeyDerivationAlgorithm = argumentValue;
break;
case "-kdi":
case "/kdi":
case "-kditerations":
case "/kditerations":
if (int.TryParse(argumentValue, out var keyDerivationIterations))
{
encryptedFileHeader.KeyDerivationIterations = keyDerivationIterations;
}
break;
case "-kl":
case "/kl":
case "-keylength":
case "/keylength":
if (int.TryParse(argumentValue, out var keyLength))
{
encryptedFileHeader.KeyLength = keyLength;
}
break;
case "-sl":
case "/sl":
case "-saltlength":
case "/saltlength":
if (int.TryParse(argumentValue, out var saltLength))
{
encryptedFileHeader.Salt = new byte[saltLength];
}
break;
default:
throw new ArgumentException($"{argumentName} not supported.");
}
}
// Validate arguments.
if (encryptedFileHeader.Filename.IsNullOrEmpty())
{
throw new ArgumentException("Specify an input path via -i argument.");
}
// ReSharper disable once ConvertIfStatementToSwitchStatement
// ReSharper disable once ConvertIfStatementToSwitchExpression
if (encryptedFileHeader.Operation == Operation.Unknown)
{
throw new ArgumentException("Specify an operation via -o argument.");
}
if (encryptedFileHeader.Operation == Operation.Encrypt)
{
if (encryptedFileHeader.CipherAlgorithm is null)
{
throw new ArgumentException("Specify a cipher via -c argument.");
}
if (encryptedFileHeader.KeyDerivationAlgorithm is null)
{
throw new ArgumentException("Specify a key derivation algorithm via -kd argument.");
}
if (encryptedFileHeader.KeyDerivationIterations <= 0)
{
throw new ArgumentException("Specify key derivation iterations via -kdi argument");
}
if (encryptedFileHeader.KeyLength <= 0)
{
throw new ArgumentException("Specify a key length in bytes via -kl argument.");
}
if (encryptedFileHeader.Salt.Length <= 0)
{
throw new ArgumentException("Specify a salt length via -sl argument.");
}
}
return(encryptedFileHeader);
}