Function decrypt_eql
pub async fn decrypt_eql<'a, C>(
cipher: Arc<ScopedCipher<C>>,
ciphertexts: impl IntoIterator<Item = EqlCiphertext>,
opts: &EqlDecryptOpts<'a>,
) -> Result<Vec<Plaintext>, EqlError>Expand description
Decrypts multiple EQL storage payloads back to plaintext.
This is the main decryption entry point for the EQL system. It takes encrypted EQL payloads
(as retrieved from the database) and decrypts them using ZeroKMS, returning the original
plaintext values. Accepts both EqlCiphertext::Encrypted (root scalar) and
EqlCiphertext::SteVec (structured) payloads — for the SteVec variant the root entry’s
ciphertext (sv[0].c) is used.
§Arguments
cipher- The scoped cipher for performing cryptographic operationsciphertexts- An iterator of encrypted EQL storage payloads to decryptopts- Decryption options including keyset ID, lock context, and service token
§Returns
A vector of decrypted encryption::Plaintext values, one for each input ciphertext, in the
same order.
§Errors
Returns EqlError if:
- An
EqlCiphertext::SteVecpayload has an emptysvarray (no root entry) - Decryption fails (e.g., wrong keyset, tampered data)
- The ZeroKMS service is unavailable
- The decrypted data cannot be parsed as plaintext
§Examples
let opts = EqlDecryptOpts::default();
let plaintexts = decrypt_eql(cipher, ciphertexts, &opts).await?;