public static bool EncryptFileAndEmbedExpireTime(string fileName, string passPhrase, DateTime expireTimeUtc, out string lastError) { bool ret = false; lastError = string.Empty; try { if (!File.Exists(fileName)) { lastError = fileName + " doesn't exist."; return(false); } byte[] encryptionKey = Utils.GetKeyByPassPhrase(passPhrase); byte[] iv = Utils.GetRandomIV(); ret = FilterAPI.AESEncryptFile(fileName, (uint)encryptionKey.Length, encryptionKey, (uint)iv.Length, iv, false); if (!ret) { lastError = "Encrypt file " + fileName + " failed with error:" + FilterAPI.GetLastErrorMessage(); return(ret); } FileStream fs = new FileStream(fileName, FileMode.Append, FileAccess.Write, FileShare.Read); long fileSize = fs.Length; BinaryWriter bw = new BinaryWriter(fs); bw.Write(FilterAPI.MESSAGE_SEND_VERIFICATION_NUMBER); bw.Write(fileSize); bw.Write(iv); bw.Write(expireTimeUtc.ToFileTimeUtc()); fs.Close(); FileAttributes attributes = File.GetAttributes(fileName) | FileAttributes.ReadOnly; File.SetAttributes(fileName, attributes); } catch (Exception ex) { ret = false; lastError = "EncryptFileAndEmbedExpireTime " + fileName + " failed with error:" + ex.Message; } return(ret); }
/// <summary> /// Create an encrypted file with embedded access control policy, distribute the encrypted file via internet, /// only the authorized users and processes can access the encrypted file. /// </summary> /// <param name="fileName"></param> /// <param name="passPhrase"></param> /// <param name="policy"></param> /// <param name="lastError"></param> /// <returns></returns> public static bool EncryptFileWithEmbeddedPolicy(string fileName, string passPhrase, AESAccessPolicy policy, out string lastError) { bool ret = false; FileStream fs = null; lastError = string.Empty; try { if (!File.Exists(fileName)) { lastError = fileName + " doesn't exist."; return(false); } FileAttributes attributes = File.GetAttributes(fileName); attributes = (~FileAttributes.ReadOnly) & attributes; File.SetAttributes(fileName, attributes); byte[] encryptionKey = Utils.GetKeyByPassPhrase(passPhrase); byte[] iv = Utils.GetRandomIV(); //encrypt the file with encryption key and a random iv key. ret = FilterAPI.AESEncryptFile(fileName, (uint)encryptionKey.Length, encryptionKey, (uint)iv.Length, iv, false); if (!ret) { lastError = "Encrypt file " + fileName + " failed with error:" + FilterAPI.GetLastErrorMessage(); return(ret); } fs = new FileStream(fileName, FileMode.Append, FileAccess.Write, FileShare.Read); long fileSize = fs.Length; MemoryStream ms = new MemoryStream(); BinaryWriter bw = new BinaryWriter(ms); bw.Write(AES_VERIFICATION_KEY); bw.Write(policy.AESFlags); bw.Write(iv.Length); bw.Write(iv); bw.Write(policy.ExpireTime); bw.Write(policy.AccessFlags); bw.Write(fileSize); bw.Write(policy.LengthOfIncludeProcessNames); policy.OffsetOfIncludeProcessNames = (uint)ms.Length + 7 * 4; bw.Write(policy.OffsetOfIncludeProcessNames); bw.Write(policy.LengthOfExcludeProcessNames); policy.OffsetOfExcludeProcessNames = policy.OffsetOfIncludeProcessNames + policy.LengthOfIncludeProcessNames; bw.Write(policy.OffsetOfExcludeProcessNames); bw.Write(policy.LengthOfIncludeUserNames); policy.OffsetOfIncludeUserNames = policy.OffsetOfExcludeProcessNames + policy.LengthOfExcludeProcessNames; bw.Write(policy.OffsetOfIncludeUserNames); bw.Write(policy.LengthOfExcludeUserNames); policy.OffsetOfExcludeUserNames = policy.OffsetOfIncludeUserNames + policy.LengthOfIncludeUserNames; bw.Write(policy.OffsetOfExcludeUserNames); byte[] strBuffer; if (policy.LengthOfIncludeProcessNames > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.IncludeProcessNames); bw.Write(strBuffer); } if (policy.LengthOfExcludeProcessNames > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.ExcludeProcessNames); bw.Write(strBuffer); } if (policy.LengthOfIncludeUserNames > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.IncludeUserNames); bw.Write(strBuffer); } if (policy.LengthOfExcludeUserNames > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.ExcludeUserNames); bw.Write(strBuffer); } uint sizeOfAESData = (uint)ms.Length + 4; byte[] AESBuffer = ms.ToArray(); //encrypt the access policy except the sizeOfAESData; FilterAPI.AESEncryptDecryptBuffer(AESBuffer, 0, encryptionKey, FilterAPI.DEFAULT_IV_TAG); //append the access policy to the encrypted file. fs.Write(AESBuffer, 0, AESBuffer.Length); fs.Write(BitConverter.GetBytes(sizeOfAESData), 0, 4); //set the encrypted file to readonly here. attributes = File.GetAttributes(fileName) | FileAttributes.ReadOnly; File.SetAttributes(fileName, attributes); } catch (Exception ex) { ret = false; lastError = "EncryptFileAndEmbedExpireTime " + fileName + " failed with error:" + ex.Message; } finally { if (null != fs) { fs.Close(); } } return(ret); }