Aead.DecryptWithTag Method (Byte, Byte, Byte, Byte, Aead.Algorithm, Aead.Opts)

CryptoSys API Library Manual

Aead.DecryptWithTag Method (Byte[], Byte[], Byte[], Byte[], Aead.Algorithm, Aead.Opts)

Decrypt data using specified AEAD algorithm in one-off operation with AAD and options. The authentication tag is expected to be appended to the input ciphertext.

Syntax

[C#]

public static byte[] DecryptWithTag(
	byte[] input,
	byte[] key,
	byte[] iv,
	byte[] aad,
	Aead.Algorithm aeadAlg,
	Aead.Opts opts
)

[VB.NET]

Public Shared Function DecryptWithTag ( _
	input As Byte(), _
	key As Byte(), _
	iv As Byte(), _
	aad As Byte(), _
	aeadAlg As Aead.Algorithm, _
	opts As Aead.Opts _
) As Byte()

Parameters

input: Input data to be decrypted.
key: Key of exact length for algorithm (16 or 32 bytes).
iv: (optional) Initialization Vector (IV) (aka nonce) exactly 12 bytes long. Set as null if already prefixed to input.
aad: Additional authenticated data (optional) - set as null to ignore.
aeadAlg: Type: Aead.Algorithm
Authenticated encryption algorithm.
opts: Type: Aead.Opts
Advanced options. Use Aead.Opts.PrefixIV to expect the IV to be prepended at the start of the input.

Return Value

Plaintext in a byte array, or empty array on error (an empty array may also be the correct result - check General.ErrorCode for details).

Remarks

The input must include the 16-byte tag appended to the ciphertext and may include a 12-byte prefixed IV. The output will either be exactly 16 bytes shorter than the input, or exactly 28 bytes shorter if the Cipher.Opts.PrefixIV option is used. In all cases the tag must be exactly 16 bytes (128 bits). The IV must be 16 bytes (128 bits) for ASCON-128 otherwise 12 bytes (96 bits). If additional authentication data (AAD) was provided during encryption then the exact same AAD data must be provided here.