SecretManual.rtf

{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Calibri Light;}{\f1\fnil\fcharset0 Calibri;}{\f2\fnil Calibri;}{\f3\fnil\fcharset0 Consolas;}}
{\colortbl ;\red90\green90\blue90;\red47\green84\blue150;\red192\green192\blue192;\red13\green13\blue13;\red255\green242\blue204;}
{\*\generator Riched20 10.0.22000}\viewkind4\uc1 
\pard\sl240\slmult1\expndtw-10\f0\fs56\lang9 SECRET/SecretEngine\par

\pard\sa160\sl259\slmult0\cf1\expndtw15\f1\fs22 Command line file encryption tool and development library\par

\pard\keep\keepn\sb240\sl259\slmult0\cf2\expndtw0\f0\fs32 About SECRET\par

\pard\sa160\sl259\slmult0\cf0\f1\fs22\par
SECRET is a command line encryption tool for Windows. It comes as a standalone binary file which does not need installation. Copy the file to some path and run it from there. Note that you will need .NET 6 installed for SECRET to work.\par
SECRET is very easy to use and can handle encryption of very large files. It supports all file types. SECRET also allows you to encrypt directories with ease, even recursively. \par

\pard\keep\keepn\sb240\sl259\slmult0\cf2\f0\fs26 Examples:\fs32\par

\pard\sa160\sl259\slmult0\cf1\expndtw15\f1\fs22\par
\cf0\expndtw0 Note that SECRET has built-in help function which you can call by using SECRET.exe \f2\endash\f1 help.\par

\pard\keep\keepn\sb40\sl259\slmult0\cf2\f0\fs26 File encryption:\par

\pard\sa160\sl259\slmult0\cf0\f1\fs22\par
\highlight3 SECRET.exe encrypt -f  \rdblquote /path/to/some/file.txt\rdblquote  \f2\endash\f1 delete\cf4\highlight0\par
This example would encrypt file.txt, rename it to file.txt.secret and after the encryption delete the original file (file.txt)\par

\pard\keep\keepn\sb40\sl259\slmult0\cf2\f0\fs26 File decryption:\par

\pard\sa160\sl259\slmult0\cf0\f1\fs22\par
\highlight3 SECRET.exe decrypt -f  \rdblquote /path/to/some/file.txt.secret\rdblquote  \f2\endash\f1 delete\highlight0\par
\cf4 This example would decrypt file.txt.secret, rename it to file.txt and after the encryption delete the original encrypted file (file.txt.secret)\par

\pard\keep\keepn\sb40\sl259\slmult0\cf2\f0\fs26 Directory encryption:\par

\pard\sa160\sl259\slmult0\cf0\f1\fs22\par
\highlight3 SECRET.exe encrypt -d  \rdblquote /path/to/some/test-dir\rdblquote  --recursive\highlight0\par
Here we\rquote re encrypting directory test-dir with \f2\endash\f1 recursive flag. So all directories under test-dir will be encrypted too. How SECRET works is that it goes through all the files in the directory and encrypting them one by one. Without \f2\endash\f1 delete flag SECRET will leave original files intact, useful for testing and for cases where you do want to keep the original files too.\par
Decrypting directory would work the same way but calling decrypt instead of encrypt subcommand.\par
\page\cf2\f0\fs26 Getting the password:\fs32\par
\cf0\f1\fs22\par
By default, SECRET will ask for the password via a password prompt in the command line. However, this is not very useful if you want to run SECRET as a part of some script. For example, a backup script where SECRET would encrypt your backups.\par
By setting an environment variable called SECRET_MASTER_KEY, if found, SECRET will use value that variable instead of prompting for it.\par

\pard\keep\keepn\sb240\sl259\slmult0\cf2\f0\fs32 About SecretEngine\par
\cf0\f1\fs22 SecretEngine is reliable, yet easy to use, file encryption library for .NET. It takes care of the nasty details so you can provide secure solutions easily.\par
SecretEngine supports both 32 bit and 64 bit. It's compiled for .NET Standard 2.1 which means is compatible for .NET 5 or later.\par

\pard\sa160\sl259\slmult0\cf4\par

\pard\keep\keepn\sb240\sl259\slmult0\cf2\f0\fs32 Technical details\par

\pard\sa160\sl259\slmult0\cf0\f1\fs22\line Under the hood SecretEngine uses Advanced Encryption Standard (AES) in CBC mode with 256bit keys. 128 bit cryptographically random initialization vector (IV) is used.\par
For key derivation PBKDF2 function is used. Key derivation is configured to use 200000 iterations. Also, 256 bit cryptographically random salt is applied.\par
For authentication HMAC with SHA256 is used. SecretEngine uses encrypt-then-HMAC which is the preferred way for data authentication. This means that data is first encrypted and then HMACSHA256 is computed for the encrypted data. Verification of the HMAC is done in timing safe manner before attempting to decrypt the data.\par

\pard\keep\keepn\sb240\sl259\slmult0\cf2\f0\fs32 Code examples\par

\pard\sa160\sl259\slmult0\cf0\f1\fs22\par
SecretEngine is very easy to use and is designed to prevent misuse. Just with couple of lines of code you can successfully encrypt a file or even files in any directory (given that you have sufficient permissions).\par
This code example shows how to encrypt individual files as well as directories.\par
\par
\cf2\highlight5\f3\fs20 Crypto cryptoEngine = new Crypto();\par
CryptoKey key = new CryptoKey("your-secure-password");\par
bool deleteOriginal = true;\par
string error;\par
\par
//Encrypting a single file\par
if(!cryptoEngine.EncryptFile("/path/to/some/file", key, deleteOriginal))\par
         error = cryptoEngine.LastErrorMessage;\par
//Decrypting a single file\par
if(!cryptoEngine.DecryptFile("/path/to/some/file.secret", key, deleteOriginal))\par
         error = cryptoEngine.LastErrorMessage;\par
\par
//Encrypting directory recursively\par
bool recursive = true;\par
//In this tuple item1 (bool) indicates if the file encryption was OK.\par
//Second item (item2) is the filename(full path) to the processed file\par
List<Tuple<bool, string>> files;\par
files = cryptoEngine.EncryptDirectory("/path/to/some/dir", key, recursive,       deleteOriginal);\par
\par
foreach (var t in files)\par
\{\par
        if (t.Item1 == false)\par
        \{\par
\tab Console.WriteLine("Failed to encrypt file " + t.Item2 + ".");\par
        \}\par
\}\par
//DecryptDirectory() works exactly the same way.\par
\cf4\highlight0\f1\fs22\par
\cf0 If you need support or even custom functionality for SecretEngine, do not hesitate to contact.  Fastest way to reach me is to send an email niko@byteptr.com.\par
}