CipherDecryptAEAD(Byte, Byte, Byte, Byte, AeadAlgorithm, CipherOpts) Method

Decrypt data using the AES-GCM authenticated encryption algorithm with AAD and options.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.30549 (23.1.0.0)

Syntax

public static byte[] DecryptAEAD(
	byte[] input,
	byte[] key,
	byte[] iv,
	byte[] aad,
	AeadAlgorithm aeadAlg,
	CipherOpts opts
)

Public Shared Function DecryptAEAD ( 
	input As Byte(),
	key As Byte(),
	iv As Byte(),
	aad As Byte(),
	aeadAlg As AeadAlgorithm,
	opts As CipherOpts
) As Byte()

Parameters

input Byte: Input data to be decrypted.
key Byte: Key of exact length for algorithm (16, 24 or 32 bytes).
iv Byte: Initialization Vector (IV) (aka nonce) exactly 12 bytes long, if not provided in input.
aad Byte: Additional authenticated data (optional) - set as null to ignore.
aeadAlg AeadAlgorithm: Authenticated encryption algorithm.
opts CipherOpts: Advanced options. Use Cipher.Opts.PrefixIV to expect the IV to be prepended at the start of the input.

Return Value

Byte
Plaintext in a byte array, or empty array on error (an empty array may also be the correct result - check General.ErrorCode for details).

Remarks

The input must include the 16-byte tag appended to the ciphertext and may include a 12-byte prefixed IV. The output will either be exactly 16 bytes shorter than the input, or exactly 28 bytes shorter if the Cipher.Opts.PrefixIV option is used. In all cases the IV must be exactly 12 bytes (96 bits) and the tag must be exactly 16 bytes (128 bits). If additional authentication data (AAD) was provided during encryption then the exact same AAD data must be provided here.

Reference

Cipher Class

DecryptAEAD Overload

CryptoSysPKI Namespace