TryDecrypt Method
TryDecrypt(ReadOnlyMemory<byte>, out Memory<byte>)
Try to decrypt the data using the given key. If the key is correct,
this will set the return true and return the plaintext in the
out argument (decrypted and decompressed).
public bool TryDecrypt(ReadOnlyMemory<byte> largeBlobKey, out Memory<byte> plaintext)Parameters
| Type | Name | Description |
|---|---|---|
| ReadOnlyMemory<byte> | largeBlobKey | The key to use to decrypt. |
| Memory<byte> | plaintext | An output argument. A new object containing the plaintext if the
decryption succeeds, or an empty |
Returns
A boolean, true if the data is successfully decrypted using
the given key, and false otherwise.
Remarks
Because the data is encrypted using AES-GCD, the ciphertext contains both the encrypted data and an "authentication tag". While any key will be able to decrypt the data and produce a result (some result), only the correct key will be able to authenticate the tag. Hence, this method will be able to determine whether the key provided was the correct key and the decrypted data is the correct data.
If the method is able to decrypt using the key, it will then decompress the decrypted data.
When reading a Large Blob Array, you will likely obtain the large
blob data from the YubiKey, resulting in a
SerializedLargeBlobArray object. At that point, each of
the entries contain only the encrypted data. You will then obtain the
LargeBlobKey from the target credential, and use it to try to
decrypt the data of each entry in the Large Blob Array.
Note that the plaintext returned is a Memory object, not a
ReadOnlyMemory object. This is so you can overwrite it for
security reasons if you want.