Security & Cryptography
Private

Lain Vault: Recursive Cryptographic API

C#ASP.NET CoreSystem.Security.CryptographyILogger

A RESTful API engineered for recursive directory encryption, providing absolute payload and metadata obfuscation via AES-256 CBC.

Tech Stack

C#ASP.NET CoreSystem.Security.CryptographyILogger

System Metrics

Rapid in-memory cryptographic transformations executed by buffering entire file payloads directly into RAM prior to cipher application
Deterministic, synchronous filesystem traversal leveraging ASP.NET Core's threaded request handling

Why Did I Build This?

"Standard encryption utilities typically leave filesystem metadata (filenames, extensions, and directory topologies) exposed, which can leak critical contextual information. I engineered this API to provide absolute deniability. By recursively traversing a target path and applying cryptographic mutations to both the file payloads and the structural metadata, the system leaves zero trace of the original context."

Architecture & Decisions

Built on ASP.NET Core, the API exposes `/encrypt` and `/decrypt` endpoints receiving JSON payloads (target paths, exclusions, raw keys/IVs). The cryptographic engine utilizes the `Aes` class configured for Cipher Block Chaining (CBC) with PKCS7 padding. To enforce strict block cipher constraints, raw keys and IVs are forcefully resized to 32 bytes (256-bit) and 16 bytes (128-bit) respectively via `Array.Resize`. File payloads are read entirely into memory (`ReadAllBytes`) and mutated via `CryptoStream` over a `MemoryStream`. Metadata obfuscation is achieved by encrypting directory and file names, encoding them to Base64, and sanitizing the output for filesystem compatibility (replacing `/` and `+`).

Key Features

  • 01.Military-grade AES-256 CBC payload encryption utilizing PKCS7 block padding
  • 02.Complete topological obfuscation: recursive encryption of all filenames and directory structures into sanitized, URL-safe Base64 strings
  • 03.Dynamic Key/IV length enforcement to prevent cryptographic runtime exceptions during API invocations
  • 04.Configurable file exclusion arrays to prevent locking critical system or application files during traversal
Note: Due to the dual-use nature of recursive filesystem encryption APIs (i.e., operational similarities to ransomware execution topologies), the source code is kept strictly private and is available for demonstration upon request only.