pub fn decrypt_dpapi_blob(
blob: &DpapiBlob,
master_key: &[u8],
entropy: Option<&[u8]>,
) -> Result<Vec<u8>, DpapiError>Expand description
Decrypt a DPAPI blob with the provided master-key bytes (and optional entropy).
Implements impacket’s DPAPI_BLOB.decrypt:
keyHash = SHA1(master_key); sessionKey = HMAC_H(keyHash, salt[||entropy])
where H is SHA1 for algId 0x8004 and SHA512 for 0x8009/0x800e;
the cipher key is deriveKey(sessionKey); the IV is all zeros. The trailing
Sign HMAC is verified (either impacket integrity formula) before returning.