private static void UsingPassword(string inputFilePath, byte[] passwordBytes) { try { bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath); if (fileIsDirectory) { DirectoryEncryption.UsingPassword(inputFilePath, passwordBytes); return; } // Derive a unique KEK per file byte[] salt = Generate.Salt(); byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt); // Fill the ephemeral public key header with random key (since not in use) byte[] randomEphemeralPublicKeyHeader = Generate.EphemeralPublicKeyHeader(); string outputFilePath = GetOutputFilePath(inputFilePath); EncryptFile.Initialize(inputFilePath, outputFilePath, randomEphemeralPublicKeyHeader, salt, keyEncryptionKey); Utilities.ZeroArray(keyEncryptionKey); EncryptionSuccessful(inputFilePath, outputFilePath); } catch (Exception ex) when(ExceptionFilters.FileAccess(ex)) { Logging.LogException(ex.ToString(), Logging.Severity.Error); DisplayMessage.FilePathException(inputFilePath, ex.GetType().Name, "Unable to encrypt the file."); } }
public static void UsingPassword(string directoryPath, byte[] passwordBytes) { bool overwriteOption = Globals.Overwrite; try { // Always overwrite directories string backupDirectoryPath = BackupDirectory(directoryPath); Globals.Overwrite = true; string[] filePaths = GetFiles(directoryPath, out string newDirectoryPath); // Generate one salt for the entire directory byte[] salt = Generate.Salt(); CreateSaltFile(newDirectoryPath, salt); // Perform password hashing once byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt); EncryptEachFileWithPassword(filePaths, salt, keyEncryptionKey); RenameBackupDirectory(backupDirectoryPath, directoryPath); } catch (Exception ex) when(ExceptionFilters.FileAccess(ex)) { Logging.LogException(ex.ToString(), Logging.Severity.Error); DisplayMessage.FilePathException(directoryPath, ex.GetType().Name, "Unable to encrypt the directory."); } finally { Globals.Overwrite = overwriteOption; } }
public static void UsingPassword(string directoryPath, byte[] passwordBytes) { try { string[] filePaths = GetFiles(directoryPath); string saltFilePath = Path.Combine(directoryPath, Constants.SaltFile); if (!File.Exists(saltFilePath)) { throw new FileNotFoundException("No salt file found. Unable to decrypt the directory. Please decrypt these files individually."); } byte[] salt = File.ReadAllBytes(saltFilePath); if (salt.Length != Constants.SaltLength) { throw new ArgumentException("Invalid salt length."); } byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt); DecryptEachFileWithPassword(filePaths, keyEncryptionKey); Finalize(directoryPath, saltFilePath); } catch (Exception ex) when(ExceptionFilters.FileAccess(ex)) { Logging.LogException(ex.ToString(), Logging.Severity.Error); if (ex is ArgumentException || ex is FileNotFoundException) { DisplayMessage.FilePathError(directoryPath, ex.Message); return; } DisplayMessage.FilePathException(directoryPath, ex.GetType().Name, "Unable to decrypt the directory."); } }
private static void UsingPassword(string inputFilePath, byte[] passwordBytes) { try { bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath); if (fileIsDirectory) { DirectoryDecryption.UsingPassword(inputFilePath, passwordBytes); return; } byte[] salt = FileHeaders.ReadSalt(inputFilePath); byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt); string outputFilePath = GetOutputFilePath(inputFilePath); DecryptFile.Initialize(inputFilePath, outputFilePath, keyEncryptionKey); Utilities.ZeroArray(keyEncryptionKey); DecryptionSuccessful(inputFilePath, outputFilePath); } catch (Exception ex) when(ExceptionFilters.FileAccess(ex)) { Logging.LogException(ex.ToString(), Logging.Severity.Error); if (ex is ArgumentException || ex is ArgumentOutOfRangeException) { DisplayMessage.FilePathMessage(inputFilePath, ex.Message); return; } DisplayMessage.FilePathException(inputFilePath, ex.GetType().Name, "Unable to decrypt the file."); } }
private static void UsingPassword(string inputFilePath, byte[] passwordBytes) { try { bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath); if (fileIsDirectory) { DirectoryEncryption.UsingPassword(inputFilePath, passwordBytes); return; } // Derive a unique KEK per file byte[] salt = Generate.Salt(); byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt); // Fill unused header with random public key byte[] ephemeralPublicKey = Generate.EphemeralPublicKeyHeader(); string outputFilePath = GetOutputFilePath(inputFilePath); EncryptFile.Initialize(inputFilePath, outputFilePath, ephemeralPublicKey, salt, keyEncryptionKey); CryptographicOperations.ZeroMemory(keyEncryptionKey); EncryptionSuccessful(inputFilePath, outputFilePath); } catch (Exception ex) when(ExceptionFilters.Cryptography(ex)) { DisplayMessage.FilePathException(inputFilePath, ex.GetType().Name, "Unable to encrypt the file."); } }
public static byte[] Encrypt(byte[] passwordBytes, byte[] keyAlgorithm, byte[] privateKey) { byte[] salt = Generate.Salt(); byte[] key = Argon2.DeriveKey(passwordBytes, salt); CryptographicOperations.ZeroMemory(passwordBytes); byte[] nonce = Generate.Nonce(); byte[] additionalData = Arrays.Concat(keyAlgorithm, Constants.PrivateKeyVersion); byte[] encryptedPrivateKey = XChaCha20BLAKE2b.Encrypt(privateKey, nonce, key, additionalData, TagLength.Medium); CryptographicOperations.ZeroMemory(privateKey); CryptographicOperations.ZeroMemory(key); return(Arrays.Concat(additionalData, salt, nonce, encryptedPrivateKey)); }
private static byte[] Decrypt(byte[] passwordBytes, byte[] privateKey) { byte[] keyAlgorithm = GetKeyAlgorithm(privateKey); byte[] keyVersion = GetKeyVersion(privateKey); byte[] salt = GetSalt(privateKey); byte[] nonce = GetNonce(privateKey); byte[] encryptedPrivateKey = GetEncryptedPrivateKey(privateKey); byte[] additionalData = Arrays.Concat(keyAlgorithm, keyVersion); byte[] key = Argon2.DeriveKey(passwordBytes, salt); CryptographicOperations.ZeroMemory(passwordBytes); byte[] decryptedPrivateKey = XChaCha20BLAKE2b.Decrypt(encryptedPrivateKey, nonce, key, additionalData, TagLength.Medium); CryptographicOperations.ZeroMemory(key); return(decryptedPrivateKey); }
public static byte[] Encrypt(byte[] passwordBytes, byte[] privateKey, byte[] keyAlgorithm) { byte[] salt = Generate.Salt(); byte[] key = Argon2.DeriveKey(passwordBytes, salt); Utilities.ZeroArray(passwordBytes); byte[] nonce = Generate.Nonce(); byte[] additionalData = Utilities.ConcatArrays(keyAlgorithm, Constants.PrivateKeyVersion); byte[] keyCommitmentBlock = ChunkHandling.GetKeyCommitmentBlock(); privateKey = Utilities.ConcatArrays(keyCommitmentBlock, privateKey); byte[] encryptedPrivateKey = SecretAeadXChaCha20Poly1305.Encrypt(privateKey, nonce, key, additionalData); Utilities.ZeroArray(privateKey); Utilities.ZeroArray(key); return(Utilities.ConcatArrays(additionalData, salt, nonce, encryptedPrivateKey)); }
private static byte[] Decrypt(byte[] passwordBytes, byte[] privateKey) { byte[] keyAlgorithm = GetKeyAlgorithm(privateKey); byte[] keyVersion = GetKeyVersion(privateKey); byte[] salt = GetSalt(privateKey); byte[] nonce = GetNonce(privateKey); byte[] additionalData = Utilities.ConcatArrays(keyAlgorithm, keyVersion); byte[] encryptedPrivateKey = GetEncryptedPrivateKey(privateKey); byte[] key = Argon2.DeriveKey(passwordBytes, salt); Utilities.ZeroArray(passwordBytes); byte[] decryptedPrivateKey = SecretAeadXChaCha20Poly1305.Decrypt(encryptedPrivateKey, nonce, key, additionalData); Utilities.ZeroArray(key); ChunkHandling.ValidateKeyCommitmentBlock(decryptedPrivateKey); return(ChunkHandling.RemoveKeyCommitmentBlock(decryptedPrivateKey)); }
public static void UsingPassword(string directoryPath, byte[] passwordBytes) { try { string[] filePaths = GetFiles(ref directoryPath); // Generate one salt for all files in directory byte[] salt = Generate.Salt(); CreateSaltFile(directoryPath, salt); // Perform password hashing once byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt); EncryptEachFileWithPassword(filePaths, salt, keyEncryptionKey); } catch (Exception ex) when(ExceptionFilters.FileAccess(ex)) { Logging.LogException(ex.ToString(), Logging.Severity.Error); DisplayMessage.FilePathException(directoryPath, ex.GetType().Name, "Unable to encrypt the directory."); } }
private static void UsingPassword(string inputFilePath, byte[] passwordBytes) { try { bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath); if (fileIsDirectory) { DirectoryDecryption.UsingPassword(inputFilePath, passwordBytes); return; } using var inputFile = new FileStream(inputFilePath, FileMode.Open, FileAccess.Read, FileShare.Read, Constants.FileStreamBufferSize, FileOptions.RandomAccess); byte[] ephemeralPublicKey = FileHeaders.ReadEphemeralPublicKey(inputFile); byte[] salt = FileHeaders.ReadSalt(inputFile); byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt); string outputFilePath = GetOutputFilePath(inputFilePath); DecryptFile.Initialize(inputFile, outputFilePath, ephemeralPublicKey, keyEncryptionKey); CryptographicOperations.ZeroMemory(keyEncryptionKey); DecryptionSuccessful(inputFilePath, outputFilePath); } catch (Exception ex) when(ExceptionFilters.Cryptography(ex)) { FileException(inputFilePath, ex); } }