1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
use crateparse_identity;
use crateResult;
use crateDecryptError;
use Read;
/// Decrypts an age-encrypted ciphertext using a secret key.
///
/// # Parameters
/// - `ciphertext`: The encrypted data as a byte slice.
/// - `secret_key`: The recipient's secret key in age format (starts with `AGE-SECRET-KEY-1...`).
///
/// # Returns
/// `Ok(Vec<u8>)` with the decrypted plaintext, or an error if the key or ciphertext is invalid.
///
/// # Errors
/// | Condition | Error variant |
/// |-----------|---------------|
/// | Malformed secret key | [`DecryptError::InvalidIdentity`] |
/// | Ciphertext not valid age format | [`DecryptError::InvalidCiphertext`] |
/// | Key does not match / data tampered | [`DecryptError::Failed`] |
/// | I/O error during decryption (rare in memory) | [`DecryptError::Io`] |
///
/// # Panics
/// **No.** All errors are returned as `Err`.
///
/// # Example
/// ```
/// use age_crypto::decrypt;
/// use age_setup::build_keypair;
///
/// # fn main() -> age_crypto::errors::Result<()> {
/// // Generate a fresh key pair
/// let keypair = build_keypair().expect("key generation failed");
/// let pubkey = keypair.public.expose(); // "age1..."
/// let secret = keypair.secret.expose(); // "AGE-SECRET-KEY-1..."
///
/// // Encrypt a test message
/// let plaintext = b"Top secret data";
/// let encrypted = age_crypto::encrypt(plaintext, &[pubkey])?;
///
/// // Decrypt using the secret key
/// let decrypted = decrypt(encrypted.as_bytes(), secret)?;
/// assert_eq!(decrypted, plaintext);
/// # Ok(())
/// # }
/// ```