OpenAsync(string password, EncryptionMethod encryptionMethod, ...) currently allows Read/Update modes and ignores encryptionMethod, which contradicts the sync Open(string password, EncryptionMethod) behavior (Read throws; Update throws). This can lead to callers thinking they’re controlling encryption when they aren’t. Align the async overload with the sync contract (only Create mode should accept an encryption method; Read/Update should throw the same exceptions as the sync overload).

Potential stack overflow if the length of password isn't constrained.

Cryptographic code should normally be within a checked block to help avoid edge case misuse.

Can you instead create a shared structure or tuple for all of this? That way you won't have to parse it every time you open a file, and it means you can consolidate all of the validation logic to the initial tuple creation rather than have the logic spread out across lots of different methods: this method, plus WrapWithDecryptionIfNeeded, plus CreateKey.

Why Debug.Assert rather than a proper runtime check?

This should probably use FixedTimeEquals (https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.cryptographicoperations.fixedtimeequals). Consider replacing all uses of SequenceEqual in this class with calls to FixedTimeEquals if appropriate.

Why not use a proper UInt128 field instead? You can use BinaryPrimitives to convert it to and from a little-endian binary representation.