decrypt static method
Decrypts ciphertext using AES-256-CBC with PKCS#7 padding.
encKey must be exactly 32 bytes.
iv must be exactly 16 bytes.
RETURNS: plaintext bytes.
Throws DecryptionFailedException on any failure (including bad padding). IMPORTANT: Callers must have already verified the HMAC tag.
Implementation
static Uint8List decrypt({
required Uint8List encKey,
required Uint8List iv,
required Uint8List ciphertext,
}) {
_requireKeyIv(encKey, iv);
try {
final key = enc.Key(encKey);
final ivObj = enc.IV(iv);
final aes = enc.AES(
key,
mode: enc.AESMode.cbc,
padding: 'PKCS7',
);
final encrypter = enc.Encrypter(aes);
// The `encrypt` package accepts raw bytes via `Encrypted`.
final decrypted = encrypter.decryptBytes(enc.Encrypted(ciphertext), iv: ivObj);
return Uint8List.fromList(decrypted);
} catch (e, st) {
// On any error, present a generic decryption failure.
throw DecryptionFailedException(cause: e, stackTrace: st);
}
}