open<T> function

T open<T>({
  1. required Uint8List msgToOpen,
  2. required Object? msgToAuth,
  3. required SecretKey recipient,
  4. required PublicKey sender,
  5. required Uint8List domain,
  6. int? maxDriftSecs,
})

Decrypts and verifies a sealed message.

Uses the current system time for drift checking.

  • msgToOpen: The serialized COSE_Encrypt0 structure
  • msgToAuth: The same additional authenticated data used during sealing
  • recipient: The xHPKE secret key to decrypt with
  • sender: The xDSA public key to verify the signature against
  • domain: Application domain for HPKE key derivation
  • maxDriftSecs: Signatures more in the past or future are rejected

Returns the CBOR-decoded payload if decryption and verification succeed.

Implementation

T open<T>({
  required Uint8List msgToOpen,
  required Object? msgToAuth,
  required xhpke.SecretKey recipient,
  required xdsa.PublicKey sender,
  required Uint8List domain,
  int? maxDriftSecs,
}) =>
    _decode(
          ffi.coseOpen(
            msgToOpen: msgToOpen,
            msgToAuth: _encode(msgToAuth),
            recipient: recipient.inner,
            sender: sender.inner,
            domain: domain,
            maxDriftSecs: maxDriftSecs != null
                ? BigInt.from(maxDriftSecs)
                : null,
          ),
        )
        as T;