~~NOTOC~~
====== Scenario 7.3: Crittografia file ======

<WRAP round info>
**Categoria:** [[.:start|Crittografia]] \\
**Complessità:** Media \\
**Prerequisiti:** Materiale chiave o password \\
**Tempo stimato:** 15-20 minuti
</WRAP>

----

===== Descrizione =====

Questo scenario descrive la **cifratura sicura di file** con metodi sicuri Post-Quantum. L'implementazione supporta sia la cifratura basata su password che quella basata su chiave.

**Casi d'uso:**
  * Cifratura backup
  * Protezione documenti
  * File di configurazione
  * Archiviazione

----

===== Workflow =====

<mermaid>
flowchart TD
    FILE[File originale] --> COMPRESS[Opzionale: comprimere]
    COMPRESS --> CHUNK[Dividere in chunk]
    CHUNK --> ENCRYPT[AES-256-GCM per chunk]

    subgraph Key Derivation
        PWD[Password] --> KDF[Argon2id]
        KDF --> KEY[Chiave cifratura]
    end

    KEY --> ENCRYPT
    ENCRYPT --> OUTPUT[File cifrato]

    style KEY fill:#e8f5e9
    style OUTPUT fill:#e3f2fd
</mermaid>

----

===== Esempio codice: Cifrare file =====

<code csharp>
using WvdS.Security.Cryptography.X509Certificates.Extensions.PQ;
using System.Security.Cryptography;

using var ctx = PqCryptoContext.Initialize();

// File sorgente
string inputFile = "document.pdf";
string outputFile = "document.pdf.enc";
string password = "MySecurePassword123!";

// Parametri cifratura
var salt = RandomNumberGenerator.GetBytes(32);
var nonce = RandomNumberGenerator.GetBytes(12);

// Derivare chiave da password (Argon2id)
var key = ctx.DeriveKeyArgon2id(
    password: Encoding.UTF8.GetBytes(password),
    salt: salt,
    outputLength: 32,
    iterations: 3,
    memoryKiB: 65536,  // 64 MB
    parallelism: 4
);

// Leggere file
var plaintext = File.ReadAllBytes(inputFile);

// Cifrare con AES-256-GCM
var ciphertext = new byte[plaintext.Length];
var tag = new byte[16];

using var aes = new OpenSslAesGcm(key);
aes.Encrypt(nonce, plaintext, ciphertext, tag);

// Scrivere header + ciphertext
using var output = File.Create(outputFile);
using var writer = new BinaryWriter(output);

// Magic number
writer.Write(Encoding.ASCII.GetBytes("PQENC"));
// Versione
writer.Write((byte)1);
// Salt
writer.Write(salt.Length);
writer.Write(salt);
// Nonce
writer.Write(nonce.Length);
writer.Write(nonce);
// Tag
writer.Write(tag.Length);
writer.Write(tag);
// Ciphertext
writer.Write(ciphertext.Length);
writer.Write(ciphertext);

Console.WriteLine($"File cifrato: {outputFile}");
Console.WriteLine($"  Originale: {plaintext.Length:N0} Bytes");
Console.WriteLine($"  Cifrato: {output.Length:N0} Bytes");
</code>

----

===== Esempio codice: Decifrare file =====

<code csharp>
using var ctx = PqCryptoContext.Initialize();

string encryptedFile = "document.pdf.enc";
string outputFile = "document-decrypted.pdf";
string password = "MySecurePassword123!";

using var input = File.OpenRead(encryptedFile);
using var reader = new BinaryReader(input);

// Verificare magic number
var magic = Encoding.ASCII.GetString(reader.ReadBytes(5));
if (magic != "PQENC")
    throw new InvalidDataException("Formato file non valido");

// Verificare versione
var version = reader.ReadByte();
if (version != 1)
    throw new NotSupportedException($"Versione {version} non supportata");

// Leggere parametri
var saltLen = reader.ReadInt32();
var salt = reader.ReadBytes(saltLen);
var nonceLen = reader.ReadInt32();
var nonce = reader.ReadBytes(nonceLen);
var tagLen = reader.ReadInt32();
var tag = reader.ReadBytes(tagLen);
var ciphertextLen = reader.ReadInt32();
var ciphertext = reader.ReadBytes(ciphertextLen);

// Derivare chiave (stessi parametri!)
var key = ctx.DeriveKeyArgon2id(
    password: Encoding.UTF8.GetBytes(password),
    salt: salt,
    outputLength: 32,
    iterations: 3,
    memoryKiB: 65536,
    parallelism: 4
);

// Decifrare
var plaintext = new byte[ciphertext.Length];

using var aes = new OpenSslAesGcm(key);
aes.Decrypt(nonce, ciphertext, tag, plaintext);

// Salvare
File.WriteAllBytes(outputFile, plaintext);

Console.WriteLine($"File decifrato: {outputFile}");
</code>

----

===== Streaming per file di grandi dimensioni =====

<code csharp>
public class FileEncryptor
{
    private const int ChunkSize = 64 * 1024;  // Chunk da 64 KB

    public void EncryptLargeFile(
        string inputPath,
        string outputPath,
        byte[] key)
    {
        using var ctx = PqCryptoContext.Initialize();
        using var input = File.OpenRead(inputPath);
        using var output = File.Create(outputPath);
        using var writer = new BinaryWriter(output);

        // Scrivere header
        writer.Write(Encoding.ASCII.GetBytes("PQENC"));
        writer.Write((byte)2);  // Versione 2 = Streaming

        // Numero di chunk
        var totalChunks = (int)Math.Ceiling((double)input.Length / ChunkSize);
        writer.Write(totalChunks);

        var buffer = new byte[ChunkSize];
        var chunkIndex = 0;

        while (input.Position < input.Length)
        {
            var bytesRead = input.Read(buffer, 0, ChunkSize);
            var chunk = buffer.AsSpan(0, bytesRead).ToArray();

            // Nonce univoco per chunk (ChunkIndex + Random)
            var nonce = new byte[12];
            BitConverter.GetBytes(chunkIndex).CopyTo(nonce, 0);
            RandomNumberGenerator.Fill(nonce.AsSpan(4));

            var ciphertext = new byte[bytesRead];
            var tag = new byte[16];

            using var aes = new OpenSslAesGcm(key);
            // AAD = Chunk-Index per protezione ordine
            var aad = BitConverter.GetBytes(chunkIndex);
            aes.Encrypt(nonce, chunk, ciphertext, tag, aad);

            // Scrivere chunk
            writer.Write(nonce);
            writer.Write(tag);
            writer.Write(ciphertext.Length);
            writer.Write(ciphertext);

            chunkIndex++;
        }

        Console.WriteLine($"Cifrato: {chunkIndex} chunk");
    }

    public void DecryptLargeFile(
        string inputPath,
        string outputPath,
        byte[] key)
    {
        using var input = File.OpenRead(inputPath);
        using var reader = new BinaryReader(input);
        using var output = File.Create(outputPath);

        // Leggere header
        var magic = Encoding.ASCII.GetString(reader.ReadBytes(5));
        if (magic != "PQENC") throw new InvalidDataException();

        var version = reader.ReadByte();
        if (version != 2) throw new NotSupportedException();

        var totalChunks = reader.ReadInt32();

        for (int i = 0; i < totalChunks; i++)
        {
            var nonce = reader.ReadBytes(12);
            var tag = reader.ReadBytes(16);
            var ciphertextLen = reader.ReadInt32();
            var ciphertext = reader.ReadBytes(ciphertextLen);

            var plaintext = new byte[ciphertextLen];

            using var aes = new OpenSslAesGcm(key);
            var aad = BitConverter.GetBytes(i);
            aes.Decrypt(nonce, ciphertext, tag, plaintext, aad);

            output.Write(plaintext);
        }
    }
}
</code>

----

===== Cifratura ibrida con ML-KEM =====

<code csharp>
public class HybridFileEncryptor
{
    public void EncryptForRecipient(
        string inputPath,
        string outputPath,
        byte[] recipientMlKemPublicKey)
    {
        using var ctx = PqCryptoContext.Initialize();

        // ML-KEM Key Encapsulation
        var pubKey = ctx.ImportPublicKey(recipientMlKemPublicKey);
        var (kemCiphertext, sharedSecret) = ctx.Encapsulate(pubKey);

        // Derivare chiave cifratura file
        var fileKey = ctx.DeriveKey(
            sharedSecret,
            outputLength: 32,
            info: Encoding.UTF8.GetBytes("file-encryption-key")
        );

        // Cifrare file
        var encryptor = new FileEncryptor();
        var tempFile = Path.GetTempFileName();
        encryptor.EncryptLargeFile(inputPath, tempFile, fileKey);

        // Output con KEM ciphertext
        using var output = File.Create(outputPath);
        using var writer = new BinaryWriter(output);

        writer.Write(Encoding.ASCII.GetBytes("PQKEM"));
        writer.Write((byte)1);
        writer.Write(kemCiphertext.Length);
        writer.Write(kemCiphertext);

        // Allegare file cifrato
        using var encryptedContent = File.OpenRead(tempFile);
        encryptedContent.CopyTo(output);

        File.Delete(tempFile);
    }
}
</code>

----

===== Specifica formato file =====

<code>
PQENC v1 (Single-Shot):
+----------------------------------+
| Magic: "PQENC" (5 bytes)         |
| Versione: 0x01 (1 byte)          |
| Lunghezza Salt (4 bytes)         |
| Salt (variabile)                 |
| Lunghezza Nonce (4 bytes)        |
| Nonce (12 bytes)                 |
| Lunghezza Tag (4 bytes)          |
| Tag (16 bytes)                   |
| Lunghezza Ciphertext (4 bytes)   |
| Ciphertext (variabile)           |
+----------------------------------+

PQENC v2 (Streaming):
+----------------------------------+
| Magic: "PQENC" (5 bytes)         |
| Versione: 0x02 (1 byte)          |
| Totale Chunk (4 bytes)           |
+----------------------------------+
| Chunk 0:                         |
|   Nonce (12 bytes)               |
|   Tag (16 bytes)                 |
|   Lunghezza Ciphertext (4 bytes) |
|   Ciphertext (variabile)         |
+----------------------------------+
| Chunk 1: ...                     |
+----------------------------------+
</code>

----

===== Scenari correlati =====

^  Relazione  ^  Scenario  ^  Descrizione  ^
| **Componente** | [[.:key_encapsulation|7.2 Key Encapsulation]] | ML-KEM per destinatario |
| **Correlato** | [[.:hybrid_encryption|7.1 Crittografia ibrida]] | Concetto ibrido |
| **Correlato** | [[it:int:pqcrypt:szenarien:verwaltung:backup|4.4 Backup]] | Cifratura backup |

----

<< [[.:key_encapsulation|← 7.2 Key Encapsulation]] | [[.:start|↑ Panoramica crittografia]] | [[it:int:pqcrypt:szenarien:start|→ Tutti gli scenari]] >>

{{tag>scenario crittografia file aes-gcm argon2id}}

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//