pub fn open_envelope<D, P>(
secret_keys: &D,
public_keys: &P,
envelope: &Envelope,
salts: &Salts,
) -> Result<OpenedEnvelope, CryptError>where
D: PublicKeyDecrypter<CredentialVault>,
P: ParticipantPublicKeys,Expand description
Open and authenticate an envelope.
This function performs the complete envelope opening process:
- Trial decryption of [
CredentialVault]s to find the matching one - Decryption of the [
MessageVaultPassport] using the [Credentials] key - Authentication of both the
Credentialsand the verifying keys - MAC verification for additional security
To open an envelope, a participant must:
- Successfully decrypt one of the
CredentialVaults - Verify that
Credentialssignatures are valid - The included verifying keys have a valid MAC
All checks must pass for the envelope to be considered authentic.