Crypto modes

[nsayer]

You might consider using a different mode than CBC. An authenticating mode, such as CCM would strongly protect against the ciphertext being tampered with. Be aware, however, that the ciphertext will be larger than the plaintext (this is also the case with CBC mode since you have to store the IV).

Also, there is potentially some intelligence potentially available from the size and number of the files. You can attempt to further obfuscate the data by attempting to compress it prior to encrypting it, or padding it with random amounts of random data (although, again, this makes the ciphertext larger). You could also generate random garbage files that are ignored and deleted by the decryption phase. This has the benefit of providing targets for an adversary that would never decrypt properly even with the correct key.

Lastly, I'm not sure I followed the logic fully, but it appears as though the encrypted filename map winds up being identifiable in the encrypted result. This makes it clearly the highest priority target for decryption. You could eliminate the need for it by simply encoding the plaintext file's name in the ciphertext. The process of decryption would extract the filename from the encrypted file and write the plaintext out. The decryption process would just need to make a snapshot of the directory content at the start to avoid attempting to decrypt already decrypted files.

If the pre-encryption file content were, say, a TLV structure of the original file content, its name, any additional metadata, and (perhaps) added junk data for the decrypter to ignore. Then you take that file content and encrypt it with a CCM mode... That, it seems to me, would significantly amplify the strength of your solution.