// TODO: Add progress bar. private static async Task EncryptAsync(EncryptedFileHeader EncryptedFileHeader) { const string encryptedFileExtension = ".encrypted"; var inputPathIsFile = File.Exists(EncryptedFileHeader.Filename); if (!inputPathIsFile && !Directory.Exists(EncryptedFileHeader.Filename)) { throw new Exception($"{EncryptedFileHeader.Filename} input path does not exist."); } ThreadsafeConsole.WriteLine(inputPathIsFile ? "InputPath is a file." : "InputPath is a directory."); // TODO: Support encrypting entire directories using System.IO.Compression.ZipFile class. if (!inputPathIsFile) { throw new NotSupportedException("Encrypting directories is not supported."); } // Get password from user. // TODO: Hide and confirm password. ThreadsafeConsole.WriteLine(); ThreadsafeConsole.Write("Enter password: "******"Output filename is {outputFilename}."); var encryptionStart = _stopwatch.Elapsed; await using (var inputFileStream = File.Open(EncryptedFileHeader.Filename, FileMode.Open, FileAccess.Read, FileShare.Read)) await using (var outputFileStream = File.Open(outputFilename, FileMode.CreateNew, FileAccess.Write, FileShare.None)) { // Generate key from password and random salt. using (var random = new RNGCryptoServiceProvider()) { random.GetBytes(EncryptedFileHeader.Salt); } using (var keyDerivation = KeyDerivation.Create(EncryptedFileHeader.KeyDerivationAlgorithm, password, EncryptedFileHeader.Salt, EncryptedFileHeader.KeyDerivationIterations)) using (var cipher = Cipher.Create(EncryptedFileHeader.CipherAlgorithm)) { var key = keyDerivation.GetBytes(EncryptedFileHeader.KeyLength); ThreadsafeConsole.WriteLine($"Encryption key (derived from password and a random salt) is {Convert.ToBase64String(key)}."); // Create cipher and generate initialization vector. // Generate a new initialization vector for each encryption to prevent identical plaintexts from producing identical ciphertexts when encrypted using the same key. cipher.GenerateIV(); EncryptedFileHeader.InitializationVector = new byte[cipher.IV.Length]; cipher.IV.CopyTo(EncryptedFileHeader.InitializationVector, 0); ThreadsafeConsole.WriteLine($"Cipher initialization vector is {Convert.ToBase64String(EncryptedFileHeader.InitializationVector)}."); // Write integer length of encrypted file header followed by the the header bytes. var fileHeaderBytes = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(EncryptedFileHeader)); await outputFileStream.WriteAsync(BitConverter.GetBytes(fileHeaderBytes.Length)); await outputFileStream.WriteAsync(fileHeaderBytes); // Create encrypting output stream. var buffer = new byte[cipher.BlockSize]; using (var encryptor = cipher.CreateEncryptor(key, EncryptedFileHeader.InitializationVector)) await using (var cryptoStream = new CryptoStream(outputFileStream, encryptor, CryptoStreamMode.Write)) { // To limit memory usage, repeatedly read a small block from input stream and write it to the encrypted output stream. int bytesRead; while ((bytesRead = await inputFileStream.ReadAsync(buffer, 0, buffer.Length)) > 0) { await cryptoStream.WriteAsync(buffer, 0, bytesRead); } } } } var encryptionDuration = _stopwatch.Elapsed - encryptionStart; ThreadsafeConsole.WriteLine($"Wrote encrypted file to {outputFilename}."); ThreadsafeConsole.WriteLine($"Encryption took {encryptionDuration.TotalSeconds.ToString(_elapsedSecondsFormat)} seconds."); }
// Encryption arguments = -i "C:\Users\Erik\Temp\Test.pdf" -o encrypt -c aescng -kd rfc2898 -kdi 1000 -kl 32 -sl 16 private static EncryptedFileHeader ParseCommandLine(IReadOnlyList <string> Arguments) { if (Arguments.Count % 2 != 0) { throw new ArgumentException("Invalid number of arguments. Arguments must be passed in a pair: -argumentName argumentValue or /argumentName argumentValue."); } var encryptedFileHeader = new EncryptedFileHeader(); for (var index = 0; index < Arguments.Count; index++) { var argumentName = Arguments[index]; index++; var argumentValue = Arguments[index]; switch (argumentName?.ToLower()) { case "-i": case "/i": case "-input": case "/input": encryptedFileHeader.Filename = argumentValue; break; case "-o": case "/o": case "-operation": case "/operation": encryptedFileHeader.Operation = Enum.Parse <Operation>(argumentValue, true); break; case "-c": case "/c": case "-cipher": case "/cipher": encryptedFileHeader.CipherAlgorithm = argumentValue; break; case "-kd": case "/kd": case "-keyderivation": case "/keyderivation": encryptedFileHeader.KeyDerivationAlgorithm = argumentValue; break; case "-kdi": case "/kdi": case "-kditerations": case "/kditerations": if (int.TryParse(argumentValue, out var keyDerivationIterations)) { encryptedFileHeader.KeyDerivationIterations = keyDerivationIterations; } break; case "-kl": case "/kl": case "-keylength": case "/keylength": if (int.TryParse(argumentValue, out var keyLength)) { encryptedFileHeader.KeyLength = keyLength; } break; case "-sl": case "/sl": case "-saltlength": case "/saltlength": if (int.TryParse(argumentValue, out var saltLength)) { encryptedFileHeader.Salt = new byte[saltLength]; } break; default: throw new ArgumentException($"{argumentName} not supported."); } } // Validate arguments. if (encryptedFileHeader.Filename.IsNullOrEmpty()) { throw new ArgumentException("Specify an input path via -i argument."); } // ReSharper disable once ConvertIfStatementToSwitchStatement // ReSharper disable once ConvertIfStatementToSwitchExpression if (encryptedFileHeader.Operation == Operation.Unknown) { throw new ArgumentException("Specify an operation via -o argument."); } if (encryptedFileHeader.Operation == Operation.Encrypt) { if (encryptedFileHeader.CipherAlgorithm is null) { throw new ArgumentException("Specify a cipher via -c argument."); } if (encryptedFileHeader.KeyDerivationAlgorithm is null) { throw new ArgumentException("Specify a key derivation algorithm via -kd argument."); } if (encryptedFileHeader.KeyDerivationIterations <= 0) { throw new ArgumentException("Specify key derivation iterations via -kdi argument"); } if (encryptedFileHeader.KeyLength <= 0) { throw new ArgumentException("Specify a key length in bytes via -kl argument."); } if (encryptedFileHeader.Salt.Length <= 0) { throw new ArgumentException("Specify a salt length via -sl argument."); } } return(encryptedFileHeader); }