pub fn decrypt(envelope: &Envelope, my_sk: &StaticSecret) -> Result<String>Expand description
Decrypt an Envelope using the recipient’s static X25519 secret
key (my_sk). Returns the original UTF-8 plaintext.
Mirrors encrypt: derives the AEAD key from the shared secret via
HKDF-SHA256 and reconstructs the same version+ephemeral-pubkey AAD, so
any header tampering surfaces as an authentication failure.
§Errors
- Returns
Errwhen the AEAD verification fails (tampered ciphertext, swapped header, wrong recipient key, truncated nonce, etc.). - Returns
Errwhen the decrypted bytes are not valid UTF-8 — the write path always feeds&str, so a UTF-8 failure on read is a corruption signal.