Function decrypt_key 

pub fn decrypt_key(
    encrypted: &EncryptedKey,
    passphrase: &str,
) -> Result<SecretKey, StoreError>

Decrypt a secret key with a passphrase.

Arguments

• encrypted - The encrypted key container
• passphrase - The passphrase used during encryption

Returns

The decrypted SecretKey.

Errors

Returns StoreError::InvalidFormat if:

• The version byte is not recognized
• The ciphertext length is invalid

Returns StoreError::DecryptionFailed if:

• The passphrase is incorrect
• The ciphertext has been tampered with
• The authentication tag verification fails

Security

• ChaCha20-Poly1305 provides authenticated decryption, so any tampering with the ciphertext will be detected
• Error messages are intentionally generic to avoid leaking information
• The derived encryption key is zeroized after use

Example

use txgate_crypto::keys::SecretKey;
use txgate_crypto::encryption::{encrypt_key, decrypt_key};

let original = SecretKey::generate();
let encrypted = encrypt_key(&original, "passphrase").expect("encryption failed");

let decrypted = decrypt_key(&encrypted, "passphrase").expect("decryption failed");
assert_eq!(original.as_bytes(), decrypted.as_bytes());