TryDecrypt Method
TryDecrypt(ReadOnlyMemory<Byte>, out Memory<Byte>)
Try to decrypt the data using the given key. If the key is correct,
this will set the return true
and return the plaintext in the
out argument (decrypted and decompressed).
public bool TryDecrypt(ReadOnlyMemory<byte> largeBlobKey, out Memory<byte> plaintext)
Parameters
Type | Name | Description |
---|---|---|
System.ReadOnlyMemory<System.Byte> | largeBlobKey | The key to use to decrypt. |
System.Memory<System.Byte> | plaintext | An output argument. A new object containing the plaintext if the
decryption succeeds, or an empty |
Returns
A boolean, true
if the data is successfully decrypted using
the given key, and false
otherwise.
Remarks
Because the data is encrypted using AES-GCD, the ciphertext contains both the encrypted data and an "authentication tag". While any key will be able to decrypt the data and produce a result (some result), only the correct key will be able to authenticate the tag. Hence, this method will be able to determine whether the key provided was the correct key and the decrypted data is the correct data.
If the method is able to decrypt using the key, it will then decompress the decrypted data.
When reading a Large Blob Array, you will likely obtain the large
blob data from the YubiKey, resulting in a
SerializedLargeBlobArray object. At that point, each of
the entries contain only the encrypted data. You will then obtain the
LargeBlobKey
from the target credential, and use it to try to
decrypt the data of each entry in the Large Blob Array.
Note that the plaintext returned is a Memory
object, not a
ReadOnlyMemory
object. This is so you can overwrite it for
security reasons if you want.