private static byte[] GetPolicyBuffer(long fileSize, DRPolicyData policy, byte[] iv, byte[] encryptionKey) { MemoryStream ms = new MemoryStream(); BinaryWriter bw = new BinaryWriter(ms); bw.Write(AES_VERIFICATION_KEY); bw.Write((uint)(policy.AESFlags)); bw.Write(iv.Length); bw.Write(iv); bw.Write(encryptionKey.Length); if (encryptionKey.Length < 32) { //the struture always keep 32 bytes for encryption key. Array.Resize(ref encryptionKey, 32); } bw.Write(encryptionKey); bw.Write(policy.CreationTime); bw.Write(policy.ExpireTime); bw.Write((uint)policy.AccessFlags); bw.Write(fileSize); bw.Write(policy.LengthOfIncludeProcessNames); //the first offset lenght = current position + 13*4 // sizeof(OffsetOfIncludeProcessNames) + sizeof(OffsetOfExcludeProcessNames) + sizeof(LengthOfExcludeProcessNames) // + sizeof(OffsetOfIncludeUserNames) + sizeof(LengthOfIncludeUserNames) + sizeof(OffsetOfExcludeUserNames) + sizeof(LengthOfExcludeUserNames) // + sizeof(OffsetOfAccountName) + sizeof(LengthOfAccountName) + sizeof(OffsetOfComputerIds) + sizeof(LengthOfComputerIds) // + sizeof(LengthOfUserPassword) + sizeof(OffsetOfUserPassword) policy.OffsetOfIncludeProcessNames = (uint)ms.Length + 13 * 4; bw.Write(policy.OffsetOfIncludeProcessNames); bw.Write(policy.LengthOfExcludeProcessNames); policy.OffsetOfExcludeProcessNames = policy.OffsetOfIncludeProcessNames + policy.LengthOfIncludeProcessNames; bw.Write(policy.OffsetOfExcludeProcessNames); bw.Write(policy.LengthOfIncludeUserNames); policy.OffsetOfIncludeUserNames = policy.OffsetOfExcludeProcessNames + policy.LengthOfExcludeProcessNames; bw.Write(policy.OffsetOfIncludeUserNames); bw.Write(policy.LengthOfExcludeUserNames); policy.OffsetOfExcludeUserNames = policy.OffsetOfIncludeUserNames + policy.LengthOfIncludeUserNames; bw.Write(policy.OffsetOfExcludeUserNames); bw.Write(policy.LengthOfAccountName); policy.OffsetOfAccountName = policy.OffsetOfExcludeUserNames + policy.LengthOfExcludeUserNames; bw.Write(policy.OffsetOfAccountName); bw.Write(policy.LengthOfComputerIds); policy.OffsetOfComputerIds = policy.OffsetOfAccountName + policy.LengthOfAccountName; bw.Write(policy.OffsetOfComputerIds); bw.Write(policy.LengthOfUserPassword); policy.OffsetOfUserPassword = policy.OffsetOfComputerIds + policy.LengthOfComputerIds; bw.Write(policy.OffsetOfUserPassword); byte[] strBuffer; if (policy.LengthOfIncludeProcessNames > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.IncludeProcessNames); bw.Write(strBuffer); } if (policy.LengthOfExcludeProcessNames > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.ExcludeProcessNames); bw.Write(strBuffer); } if (policy.LengthOfIncludeUserNames > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.IncludeUserNames); bw.Write(strBuffer); } if (policy.LengthOfExcludeUserNames > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.ExcludeUserNames); bw.Write(strBuffer); } if (policy.LengthOfAccountName > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.AccountName); bw.Write(strBuffer); } if (policy.LengthOfComputerIds > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.ComputerIds); bw.Write(strBuffer); } if (policy.LengthOfUserPassword > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.UserPassword); bw.Write(strBuffer); } byte[] AESBuffer = ms.ToArray(); //encrypt the access policy except the sizeOfAESData; FilterAPI.AESEncryptDecryptBuffer(AESBuffer, 0, null, null); return(AESBuffer); }
/// <summary> /// Create an encrypted file with embedded digital right policy, distribute the encrypted file via internet, /// only the authorized users and processes can access the encrypted file. /// </summary> /// <param name="fileName"></param> /// <param name="passPhrase"></param> /// <param name="policy"></param> /// <param name="lastError"></param> /// <returns></returns> public static bool EncryptFileWithEmbeddedDRPolicy(string sourceFileName, string destFileName, byte[] encryptIV, byte[] encryptKey, DRPolicyData policy, out string lastError) { bool ret = false; FileStream fs = null; lastError = string.Empty; try { if (!File.Exists(sourceFileName)) { lastError = sourceFileName + " doesn't exist."; return(false); } FileInfo fileInfo = new FileInfo(sourceFileName); long fileSize = fileInfo.Length; byte[] AESBuffer = GetPolicyBuffer(fileSize, policy, encryptIV, encryptKey); //encrypt the file with encryption key and a iv key. ret = FilterAPI.AESEncryptFileToFile(sourceFileName, destFileName, (uint)encryptKey.Length, encryptKey, (uint)encryptIV.Length, encryptIV, false); if (!ret) { lastError = "Create encrypt file " + destFileName + " failed with error:" + FilterAPI.GetLastErrorMessage(); return(ret); } fs = new FileStream(destFileName, FileMode.Append, FileAccess.Write, FileShare.Read); //append the DR policy to the encrypted file. fs.Write(AESBuffer, 0, AESBuffer.Length); //append the sizeof the DR policy fs.Write(BitConverter.GetBytes(AESBuffer.Length + 4), 0, 4); } catch (Exception ex) { ret = false; lastError = "Encrypt file " + sourceFileName + " failed with error:" + ex.Message; } finally { if (null != fs) { fs.Close(); } } return(ret); }
private static byte[] ConvertDRPolicyDataToByteArray(DRPolicyData policy) { MemoryStream ms = new MemoryStream(); BinaryWriter bw = new BinaryWriter(ms); bw.Write(AES_VERIFICATION_KEY); bw.Write((uint)(policy.AESFlags)); bw.Write(policy.IVLength); bw.Write(policy.IV); bw.Write(policy.EncryptionKeyLength); bw.Write(policy.EncryptionKey); bw.Write(policy.CreationTime); bw.Write(policy.ExpireTime); bw.Write((uint)policy.AccessFlags); bw.Write(policy.FileSize); bw.Write(policy.LengthOfAuthorizedProcessNames); bw.Write(policy.LengthOfUnauthorizedProcessNames); bw.Write(policy.LengthOfAuthorizedUserNames); bw.Write(policy.LengthOfUnauthorizedUserNames); bw.Write(policy.LengthOfAccountName); bw.Write(policy.LengthOfComputerIds); bw.Write(policy.LengthOfUserPassword); byte[] strBuffer; if (policy.LengthOfAuthorizedProcessNames > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.AuthorizedProcessNames); bw.Write(strBuffer); } if (policy.LengthOfUnauthorizedProcessNames > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.UnauthorizedProcessNames); bw.Write(strBuffer); } if (policy.LengthOfAuthorizedUserNames > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.AuthorizedUserNames); bw.Write(strBuffer); } if (policy.LengthOfUnauthorizedUserNames > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.UnauthorizedUserNames); bw.Write(strBuffer); } if (policy.LengthOfAccountName > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.AccountName); bw.Write(strBuffer); } if (policy.LengthOfComputerIds > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.ComputerIds); bw.Write(strBuffer); } if (policy.LengthOfUserPassword > 0) { strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.UserPassword); bw.Write(strBuffer); } //append the sizeof the DR policy int sizeofDRDataArray = (int)ms.Length + 4;// the size of sizeofDRDataArray takes 4 bytes memory as a int data bw.Write(sizeofDRDataArray); byte[] AESBuffer = ms.ToArray(); return(AESBuffer); }