private static void UsingPublicKey(string inputFilePath, byte[] sharedSecret, byte[] recipientPublicKey)
{
try
{
bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath);
if (fileIsDirectory)
{
DirectoryEncryption.UsingPublicKey(inputFilePath, sharedSecret, recipientPublicKey);
return;
}
// Derive a unique KEK per file
(byte[] ephemeralSharedSecret, byte[] ephemeralPublicKey) = KeyExchange.GetEphemeralSharedSecret(recipientPublicKey);
byte[] salt = Generate.Salt();
byte[] keyEncryptionKey = Generate.KeyEncryptionKey(sharedSecret, ephemeralSharedSecret, salt);
string outputFilePath = GetOutputFilePath(inputFilePath);
EncryptFile.Initialize(inputFilePath, outputFilePath, ephemeralPublicKey, salt, keyEncryptionKey);
Utilities.ZeroArray(keyEncryptionKey);
EncryptionSuccessful(inputFilePath, outputFilePath);
}
catch (Exception ex) when(ExceptionFilters.FileAccess(ex))
{
Logging.LogException(ex.ToString(), Logging.Severity.Error);
DisplayMessage.FilePathException(inputFilePath, ex.GetType().Name, "Unable to encrypt the file.");
}
}
private static void UsingPrivateKey(string inputFilePath, byte[] sharedSecret, byte[] recipientPrivateKey)
{
try
{
bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath);
if (fileIsDirectory)
{
DirectoryDecryption.UsingPrivateKey(inputFilePath, sharedSecret, recipientPrivateKey);
return;
}
byte[] ephemeralPublicKey = FileHeaders.ReadEphemeralPublicKey(inputFilePath);
byte[] ephemeralSharedSecret = KeyExchange.GetSharedSecret(recipientPrivateKey, ephemeralPublicKey);
byte[] salt = FileHeaders.ReadSalt(inputFilePath);
byte[] keyEncryptionKey = Generate.KeyEncryptionKey(sharedSecret, ephemeralSharedSecret, salt);
string outputFilePath = GetOutputFilePath(inputFilePath);
DecryptFile.Initialize(inputFilePath, outputFilePath, keyEncryptionKey);
Utilities.ZeroArray(keyEncryptionKey);
DecryptionSuccessful(inputFilePath, outputFilePath);
}
catch (Exception ex) when(ExceptionFilters.FileAccess(ex))
{
Logging.LogException(ex.ToString(), Logging.Severity.Error);
if (ex is ArgumentException || ex is ArgumentOutOfRangeException)
{
DisplayMessage.FilePathMessage(inputFilePath, ex.Message);
return;
}
DisplayMessage.FilePathException(inputFilePath, ex.GetType().Name, "Unable to decrypt the file.");
}
}
private static void UsingPassword(string inputFilePath, byte[] passwordBytes)
{
try
{
bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath);
if (fileIsDirectory)
{
DirectoryEncryption.UsingPassword(inputFilePath, passwordBytes);
return;
}
// Derive a unique KEK per file
byte[] salt = Generate.Salt();
byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt);
// Fill the ephemeral public key header with random key (since not in use)
byte[] randomEphemeralPublicKeyHeader = Generate.EphemeralPublicKeyHeader();
string outputFilePath = GetOutputFilePath(inputFilePath);
EncryptFile.Initialize(inputFilePath, outputFilePath, randomEphemeralPublicKeyHeader, salt, keyEncryptionKey);
Utilities.ZeroArray(keyEncryptionKey);
EncryptionSuccessful(inputFilePath, outputFilePath);
}
catch (Exception ex) when(ExceptionFilters.FileAccess(ex))
{
Logging.LogException(ex.ToString(), Logging.Severity.Error);
DisplayMessage.FilePathException(inputFilePath, ex.GetType().Name, "Unable to encrypt the file.");
}
}
private static void UsingPassword(string inputFilePath, byte[] passwordBytes)
{
try
{
bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath);
if (fileIsDirectory)
{
DirectoryDecryption.UsingPassword(inputFilePath, passwordBytes);
return;
}
byte[] salt = FileHeaders.ReadSalt(inputFilePath);
byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt);
string outputFilePath = GetOutputFilePath(inputFilePath);
DecryptFile.Initialize(inputFilePath, outputFilePath, keyEncryptionKey);
Utilities.ZeroArray(keyEncryptionKey);
DecryptionSuccessful(inputFilePath, outputFilePath);
}
catch (Exception ex) when(ExceptionFilters.FileAccess(ex))
{
Logging.LogException(ex.ToString(), Logging.Severity.Error);
if (ex is ArgumentException || ex is ArgumentOutOfRangeException)
{
DisplayMessage.FilePathMessage(inputFilePath, ex.Message);
return;
}
DisplayMessage.FilePathException(inputFilePath, ex.GetType().Name, "Unable to decrypt the file.");
}
}
private static void UsingPassword(string inputFilePath, byte[] passwordBytes)
{
try
{
bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath);
if (fileIsDirectory)
{
DirectoryEncryption.UsingPassword(inputFilePath, passwordBytes);
return;
}
// Derive a unique KEK per file
byte[] salt = Generate.Salt();
byte[] keyEncryptionKey = Argon2.DeriveKey(passwordBytes, salt);
// Fill unused header with random public key
byte[] ephemeralPublicKey = Generate.EphemeralPublicKeyHeader();
string outputFilePath = GetOutputFilePath(inputFilePath);
EncryptFile.Initialize(inputFilePath, outputFilePath, ephemeralPublicKey, salt, keyEncryptionKey);
CryptographicOperations.ZeroMemory(keyEncryptionKey);
EncryptionSuccessful(inputFilePath, outputFilePath);
}
catch (Exception ex) when(ExceptionFilters.Cryptography(ex))
{
DisplayMessage.FilePathException(inputFilePath, ex.GetType().Name, "Unable to encrypt the file.");
}
}
private static void UsingPublicKey(string inputFilePath, byte[] sharedSecret, byte[] recipientPrivateKey)
{
try
{
bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath);
if (fileIsDirectory)
{
DirectoryDecryption.UsingPublicKey(inputFilePath, sharedSecret, recipientPrivateKey);
return;
}
using var inputFile = new FileStream(inputFilePath, FileMode.Open, FileAccess.Read, FileShare.Read, Constants.FileStreamBufferSize, FileOptions.RandomAccess);
byte[] ephemeralPublicKey = FileHeaders.ReadEphemeralPublicKey(inputFile);
byte[] ephemeralSharedSecret = KeyExchange.GetSharedSecret(recipientPrivateKey, ephemeralPublicKey);
byte[] salt = FileHeaders.ReadSalt(inputFile);
byte[] keyEncryptionKey = Generate.KeyEncryptionKey(sharedSecret, ephemeralSharedSecret, salt);
string outputFilePath = GetOutputFilePath(inputFilePath);
DecryptFile.Initialize(inputFile, outputFilePath, ephemeralPublicKey, keyEncryptionKey);
CryptographicOperations.ZeroMemory(keyEncryptionKey);
DecryptionSuccessful(inputFilePath, outputFilePath);
}
catch (Exception ex) when(ExceptionFilters.Cryptography(ex))
{
FileException(inputFilePath, ex);
}
}
public static void GetFilePaths(bool encryption, string[] filePaths, byte[] passwordBytes)
{
NullChecks.StringArray(filePaths);
Globals.SuccessfulCount = 0;
Globals.TotalCount = filePaths.Length;
foreach (string filePath in filePaths)
{
bool?fileIsDirectory = FileHandling.IsDirectory(filePath);
if (fileIsDirectory != null)
{
if (fileIsDirectory == false)
{
CallEncryption(encryption, filePath, passwordBytes);
}
else
{
DirectoryEncryption(encryption, filePath, passwordBytes);
}
}
}
}
private static void UsingPrivateKey(string inputFilePath, byte[] privateKey)
{
try
{
bool fileIsDirectory = FileHandling.IsDirectory(inputFilePath);
if (fileIsDirectory)
{
DirectoryEncryption.UsingPrivateKey(inputFilePath, privateKey);
return;
}
// Derive a unique KEK per file
byte[] ephemeralSharedSecret = KeyExchange.GetPrivateKeySharedSecret(privateKey, out byte[] ephemeralPublicKey);
byte[] salt = Generate.Salt();
byte[] keyEncryptionKey = Generate.KeyEncryptionKey(ephemeralSharedSecret, salt);
string outputFilePath = GetOutputFilePath(inputFilePath);
EncryptFile.Initialize(inputFilePath, outputFilePath, ephemeralPublicKey, salt, keyEncryptionKey);
CryptographicOperations.ZeroMemory(keyEncryptionKey);
EncryptionSuccessful(inputFilePath, outputFilePath);
}
catch (Exception ex) when(ExceptionFilters.Cryptography(ex))
{
DisplayMessage.FilePathException(inputFilePath, ex.GetType().Name, "Unable to encrypt the file.");
}
}
