Skip to main content

decrypt_local_state_key

Function decrypt_local_state_key 

Source
pub fn decrypt_local_state_key(
    blob_bytes: &[u8],
    master_key: &[u8],
) -> Result<[u8; 32], DpapiError>
Expand description

Decrypt a Chrome/Edge Local State cookie key from its DPAPI blob bytes.

blob_bytes is the inner DPAPI blob (post parse_local_state_encrypted_key). master_key is the 64-byte user master key (from masterkey.rs). Parses the blob, decrypts it with the master key (no entropy), and requires the recovered plaintext to be exactly the 32-byte AES-256 cookie key.

A wrong/absent master key fails the blob’s Sign-HMAC and returns a DpapiError — it never returns garbage or a fabricated key. A plaintext of the wrong length is rejected with DpapiError::UnexpectedKeyLength.