Skip to main content

decrypt_eql

Function decrypt_eql 

pub async fn decrypt_eql<'a, C>(
    cipher: Arc<ScopedCipher<C>>,
    ciphertexts: impl IntoIterator<Item = EqlCiphertext>,
    opts: &EqlDecryptOpts<'a>,
) -> Result<Vec<Plaintext>, EqlError>
Expand description

Decrypts multiple EQL storage payloads back to plaintext.

This is the main decryption entry point for the EQL system. It takes encrypted EQL payloads (as retrieved from the database) and decrypts them using ZeroKMS, returning the original plaintext values. Accepts both EqlCiphertext::Encrypted (root scalar) and EqlCiphertext::SteVec (structured) payloads — for the SteVec variant the root entry’s ciphertext (sv[0].c) is used.

§Arguments

  • cipher - The scoped cipher for performing cryptographic operations
  • ciphertexts - An iterator of encrypted EQL storage payloads to decrypt
  • opts - Decryption options including keyset ID, lock context, and service token

§Returns

A vector of decrypted encryption::Plaintext values, one for each input ciphertext, in the same order.

§Errors

Returns EqlError if:

  • An EqlCiphertext::SteVec payload has an empty sv array (no root entry)
  • Decryption fails (e.g., wrong keyset, tampered data)
  • The ZeroKMS service is unavailable
  • The decrypted data cannot be parsed as plaintext

§Examples

let opts = EqlDecryptOpts::default();
let plaintexts = decrypt_eql(cipher, ciphertexts, &opts).await?;