fscrypt | Go tool for managing Linux filesystem encryption | Encryption library

I could not find a way to do this using the users password, so I ended up using the "raw_key" protector.

So, I've managed to finally solve this with a lot of help from @Jason (refer to comments).

In my question I posted, the FileEncrypt method is taking a file (whose path you pass into the method as a parameter), opening it and reading it using the file stream fsIn, encrypting it using the crypto stream cs and then writing the encrypted file out to some location using the file stream fsCrypt. To upload it to Firebase Storage, I passed in the path to some folder in my phone to the file stream that writes out the encrypted file. This results in the encrypted file being saved into that folder. I then get the file stream to this encrypted file that's now saved in my phone and pass it to the UploadFile method as a parameter which then uploads it to Firebase Storage. Methods below:

There is a 4th optional parameter to the constructor of CryptoStream, at the moment it is being disposed by default. You can pass true as an extra parameter to leave it open.

See here: https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.cryptostream.-ctor?view=netframework-4.8#System_Security_Cryptography_CryptoStream__ctor_System_IO_Stream_System_Security_Cryptography_ICryptoTransform_System_Security_Cryptography_CryptoStreamMode_System_Boolean_

You want to use XmlSerializer kinda like this to get some configuration object from stream. It doesn't matter wether the source stream is a FileStream, NetworkStream or even the CryptoStream itself. So there is no need to work with a byte buffer.

Note the following code is adapted from your code. I stripped the try catch from it to just only show the core code needed for the deserialization.

You are reading exactly one byte at a time. This generates a lot of overhead.

To speed up your processing, start using more bytes at once or call the internal copy function:

You call encrypted = msEncrypt.ToArray(); too early on your encryption, it must be after the the end of the using statement for csEncrypt so all data gets flushed out to the memory stream.

Also in your decryption you are starting way to early in the file

fsCrypt.Seek(fsCrypt.Length - 376, SeekOrigin.Begin); should likey be fsCrypt.Seek(fsCrypt.Length - 32, SeekOrigin.Begin); if your salt.Length was 32 when you wrote it out.

Lastly you also don't trim the salt off before you pass it to mem so you are passing the salt data in to the stream along with the cyphertext and it makes your message too long.