Why Did I Build This?
"Standard encryption utilities typically leave filesystem metadata (filenames, extensions, and directory topologies) exposed, which can leak critical contextual information. I engineered this API to provide absolute deniability. By recursively traversing a target path and applying cryptographic mutations to both the file payloads and the structural metadata, the system leaves zero trace of the original context."
Architecture & Decisions
Built on ASP.NET Core, the API exposes `/encrypt` and `/decrypt` endpoints receiving JSON payloads (target paths, exclusions, raw keys/IVs). The cryptographic engine utilizes the `Aes` class configured for Cipher Block Chaining (CBC) with PKCS7 padding. To enforce strict block cipher constraints, raw keys and IVs are forcefully resized to 32 bytes (256-bit) and 16 bytes (128-bit) respectively via `Array.Resize`. File payloads are read entirely into memory (`ReadAllBytes`) and mutated via `CryptoStream` over a `MemoryStream`. Metadata obfuscation is achieved by encrypting directory and file names, encoding them to Base64, and sanitizing the output for filesystem compatibility (replacing `/` and `+`).
Key Features
- 01.Military-grade AES-256 CBC payload encryption utilizing PKCS7 block padding
- 02.Complete topological obfuscation: recursive encryption of all filenames and directory structures into sanitized, URL-safe Base64 strings
- 03.Dynamic Key/IV length enforcement to prevent cryptographic runtime exceptions during API invocations
- 04.Configurable file exclusion arrays to prevent locking critical system or application files during traversal