private void EncryptFolder()
{
var folder = GetFolder();
if (string.IsNullOrEmpty(folder))
{
return;
}
var password = ShowPasswordEnter();
if (string.IsNullOrEmpty(password))
{
return;
}
var files = Directory.GetFiles(folder, "*.*", SearchOption.AllDirectories);
// BUG 1: Key derivation should not be performed outside a foreach block that is using its return value.
// Otherwise all operations in this loop have the same encryption key
var keyData = WeakPasswordDerivation.DerivePassword(password);
foreach (var file in files)
{
if (!File.Exists(file))
{
continue;
}
EncryptionCryptoWrapper.EncryptFile(new FileInfo(file), keyData.Key, keyData.Salt);
}
MessageBox.Show("Successfully encrypted");
}
public void EncryptDecryptManual()
{
var message = "This is a secret Message";
var data = WeakPasswordDerivation.DerivePassword("password");
var cipherText = EncryptionCryptoWrapper.EncryptMessage(message, data.Key, Encoding.UTF8);
var decryptedMessage = EncryptionCryptoWrapper.DecryptMessage(cipherText, data.Key, Encoding.UTF8);
Assert.AreEqual(message, decryptedMessage);
}
public void PasswordKeyOnceTheSame()
{
var salt = new byte[] { 88, 144, 21, 224, 8, 102, 122, 218 };
var key = new byte[] { 172, 19, 215, 234, 237, 198, 102, 232 };
var data = WeakPasswordDerivation.DerivePassword("Password");
Assert.AreEqual(WeakCryptoConfig.SaltSizeBytes, data.Salt.Length);
Assert.AreEqual(WeakCryptoConfig.KeySizeBytes, data.Key.Length);
Assert.AreEqual(true, data.Salt.SequenceEqual(salt));
Assert.AreEqual(true, data.Key.SequenceEqual(key));
}
public void EncryptEncryptEqual()
{
var message = "This is a secret Message";
var password = "******";
var cipherText1 =
EncryptionCryptoWrapper.EncryptMessage(message, password, Encoding.UTF8);
var data = WeakPasswordDerivation.DerivePassword(password);
var cipherText2 = EncryptionCryptoWrapper.EncryptMessage(message, data.Key, Encoding.UTF8);
Assert.AreNotEqual(cipherText1, cipherText2);
}
private void OnStartUp(object sender, StartupEventArgs e)
{
var wm = IoC.Get <IWindowManager>();
var passwordModel = IoC.Get <EnterPasswordViewModel>();
var m = new WindowManager();
m.ShowWindow(IoC.Get <MainWindowViewModel>());
wm.ShowDialog(passwordModel);
var hash = WeakPasswordDerivation.StringToHash(passwordModel.Password);
if (hash == null || !hash.Equals(WeakCryptoConfig.Password, StringComparison.InvariantCultureIgnoreCase))
{
Execute.OnUIThread(() => Current.Shutdown());
}
}
private void DecryptFolder()
{
var folder = GetFolder();
if (string.IsNullOrEmpty(folder))
{
return;
}
var password = ShowPasswordEnter();
if (string.IsNullOrEmpty(password))
{
return;
}
var files = Directory.GetFiles(folder, "*.falsecrypt", SearchOption.AllDirectories);
// NOT A BUG for itself: The weakness of using the same key foreach file was caused by the encryption.
// The decryption methods just matches contract the encryption sets
var keyData = WeakPasswordDerivation.DerivePassword(password);
foreach (var file in files)
{
if (!File.Exists(file))
{
continue;
}
try
{
EncryptionCryptoWrapper.DecryptFile(new FileInfo(file), keyData.Key);
}
catch (Exception e)
{
MessageBox.Show("Wrong password");
return;
}
}
MessageBox.Show("Successfully decrypted");
}
