DecryptAndVerify Method

DecryptAndVerify(ReadOnlySpan<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, Span<byte>, ReadOnlySpan<byte>)

Decrypt the ciphertext using AES-GCM with the given keyData, nonce, and associatedData. Verify the authentication tag in the tag Span. Place the resulting decrypted data into the plaintext Span. Return the result of the authentication verification.

bool DecryptAndVerify(ReadOnlySpan<byte> keyData, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> ciphertext, ReadOnlySpan<byte> tag, Span<byte> plaintext, ReadOnlySpan<byte> associatedData)

Parameters

Type	Name	Description
ReadOnlySpan<byte>	keyData	The key data that will be used to decrypt, either 16, 24, or 32 bytes.
ReadOnlySpan<byte>	nonce	The 12-byte "IV". A GCM nonce should be random bytes and should be different for each key.
ReadOnlySpan<byte>	ciphertext	The data to decrypt.
ReadOnlySpan<byte>	tag	The 16-byte authentication tag computed during encryption. This is the value this method will authenticate.
Span<byte>	plaintext	Where the decrypted data will be placed.
ReadOnlySpan<byte>	associatedData	The "extra" data used to compute the authentication tag.

Returns

bool

A boolean, true if the authentication tag is verified and false if it is not.

Exceptions

Type	Condition
CryptographicException	The key data is not a valid length.
ArgumentException	One of the arguments was not valid (e.g. tag is not exactly 16 bytes).

Remarks

The key data must be either 128, 192, or 256 bits (16, 24, or 32 bytes).

The nonce must be exactly 12 bytes, and the tag must be exactly 16 bytes. The plaintext result will be the same length as the ciphertext. Note that this method will throw an exception if plaintext.Length is not exactly ciphertext.Length.

If the input tag matches the tag computed during decryption, this method will return true. If the input tag does not match the tag computed during decryption, this method will return false. In this case, the method will still fill the plaintext buffer with the decrypted data.