public static byte[] ComputeAdditionalData(long fileLength)
{
long chunkCount = Utilities.RoundUp(fileLength, Constants.FileChunkSize);
byte[] ciphertextLength = BitConverter.GetBytes(chunkCount * Constants.TotalChunkLength);
return(Utilities.ConcatArrays(Constants.KryptorMagicBytes, Constants.EncryptionVersion, ciphertextLength));
}
public static byte[] KeyEncryptionKey(byte[] sharedSecret, byte[] ephemeralSharedSecret, byte[] salt)
{
byte[] inputKeyingMaterial = Utilities.ConcatArrays(sharedSecret, ephemeralSharedSecret);
byte[] keyEncryptionKey = Blake2.KeyDerivation(inputKeyingMaterial, salt, Constants.EncryptionKeyLength);
Utilities.ZeroArray(ephemeralSharedSecret);
Utilities.ZeroArray(inputKeyingMaterial);
return(keyEncryptionKey);
}
public static (string publicKey, string privateKey) GenerateSigningKeyPair()
{
char[] password = PasswordPrompt.EnterNewPassword();
byte[] passwordBytes = Password.Hash(password);
using var keyPair = PublicKeyAuth.GenerateKeyPair();
byte[] publicKey = Utilities.ConcatArrays(Constants.Ed25519KeyHeader, keyPair.PublicKey);
byte[] encryptedPrivateKey = PrivateKey.Encrypt(passwordBytes, keyPair.PrivateKey, Constants.Ed25519KeyHeader);
return(ConvertKeys(publicKey, encryptedPrivateKey));
}
public static void SignFile(string filePath, string comment, bool preHashed, byte[] privateKey)
{
byte[] preHashedHeader = BitConverter.GetBytes(preHashed);
byte[] fileSignature = ComputeFileSignature(filePath, preHashed, privateKey);
byte[] commentBytes = Encoding.UTF8.GetBytes(comment);
// Sign the entire signature file
byte[] signatureFileBytes = Utilities.ConcatArrays(Constants.SignatureMagicBytes, Constants.SignatureVersion, preHashedHeader, fileSignature, commentBytes);
byte[] globalSignature = ComputeGlobalSignature(signatureFileBytes, privateKey);
CreateSignatureFile(filePath, preHashedHeader, fileSignature, commentBytes, globalSignature);
}
public static byte[] GetAdditionalData(string inputFilePath)
{
byte[] magicBytes = FileHeaders.ReadMagicBytes(inputFilePath);
byte[] formatVersion = FileHeaders.ReadFileFormatVersion(inputFilePath);
FileHeaders.ValidateFormatVersion(inputFilePath, formatVersion, Constants.EncryptionVersion);
long fileLength = FileHandling.GetFileLength(inputFilePath);
int headersLength = FileHeaders.GetHeadersLength();
byte[] ciphertextLength = BitConverter.GetBytes(fileLength - headersLength);
return(Utilities.ConcatArrays(magicBytes, formatVersion, ciphertextLength));
}
public static byte[] Encrypt(byte[] passwordBytes, byte[] privateKey, byte[] keyAlgorithm)
{
byte[] salt = Generate.Salt();
byte[] key = Argon2.DeriveKey(passwordBytes, salt);
Utilities.ZeroArray(passwordBytes);
byte[] nonce = Generate.Nonce();
byte[] additionalData = Utilities.ConcatArrays(keyAlgorithm, Constants.PrivateKeyVersion);
byte[] keyCommitmentBlock = ChunkHandling.GetKeyCommitmentBlock();
privateKey = Utilities.ConcatArrays(keyCommitmentBlock, privateKey);
byte[] encryptedPrivateKey = SecretAeadXChaCha20Poly1305.Encrypt(privateKey, nonce, key, additionalData);
Utilities.ZeroArray(privateKey);
Utilities.ZeroArray(key);
return(Utilities.ConcatArrays(additionalData, salt, nonce, encryptedPrivateKey));
}
private static byte[] Decrypt(byte[] passwordBytes, byte[] privateKey)
{
byte[] keyAlgorithm = GetKeyAlgorithm(privateKey);
byte[] keyVersion = GetKeyVersion(privateKey);
byte[] salt = GetSalt(privateKey);
byte[] nonce = GetNonce(privateKey);
byte[] additionalData = Utilities.ConcatArrays(keyAlgorithm, keyVersion);
byte[] encryptedPrivateKey = GetEncryptedPrivateKey(privateKey);
byte[] key = Argon2.DeriveKey(passwordBytes, salt);
Utilities.ZeroArray(passwordBytes);
byte[] decryptedPrivateKey = SecretAeadXChaCha20Poly1305.Decrypt(encryptedPrivateKey, nonce, key, additionalData);
Utilities.ZeroArray(key);
ChunkHandling.ValidateKeyCommitmentBlock(decryptedPrivateKey);
return(ChunkHandling.RemoveKeyCommitmentBlock(decryptedPrivateKey));
}
public static bool VerifySignature(string signatureFilePath, string filePath, byte[] publicKey)
{
using var signatureFile = new FileStream(signatureFilePath, FileMode.Open, FileAccess.Read, FileShare.Read, Constants.FileStreamBufferSize, FileOptions.RandomAccess);
// Verify the global signature
byte[] magicBytes = GetMagicBytes(signatureFile);
byte[] formatVersion = GetFormatVersion(signatureFile);
FileHeaders.ValidateFormatVersion(signatureFilePath, formatVersion, Constants.SignatureVersion);
byte[] preHashedHeader = GetPreHashedHeader(signatureFile);
byte[] fileSignature = GetFileSignature(signatureFile);
_commentBytes = GetCommentBytes(signatureFile);
byte[] signatureFileBytes = Utilities.ConcatArrays(magicBytes, formatVersion, preHashedHeader, fileSignature, _commentBytes);
bool validGlobalSignature = VerifyGlobalSignature(signatureFile, signatureFileBytes, publicKey);
if (!validGlobalSignature)
{
return(false);
}
// Verify the file signature
bool preHashed = BitConverter.ToBoolean(preHashedHeader);
byte[] fileBytes = GetFileBytes(filePath, preHashed);
return(PublicKeyAuth.VerifyDetached(fileSignature, fileBytes, publicKey));
}
public static byte[] GetEd25519PublicKey(byte[] privateKey)
{
byte[] publicKey = PublicKeyAuth.ExtractEd25519PublicKeyFromEd25519SecretKey(privateKey);
return(Utilities.ConcatArrays(Constants.Ed25519KeyHeader, publicKey));
}
public static byte[] GetCurve25519PublicKey(byte[] privateKey)
{
byte[] publicKey = ScalarMult.Base(privateKey);
return(Utilities.ConcatArrays(Constants.Curve25519KeyHeader, publicKey));
}
public static byte[] PrependKeyCommitmentBlock(byte[] plaintextChunk)
{
return(Utilities.ConcatArrays(_keyCommitmentBlock, plaintextChunk));
}