Process an authenticated decryption operation. Opcode: 18 (0x0012)


key_nameStringName of the key to use for the operation
algAeadThe AEAD algorithm to compute
nonceVector of unsigned bytesNonce or IV to use
additional_dataVector of unsigned bytesAdditional data that has been authenticated but not encrypted
ciphertextVector of unsigned bytesData that has been authenticated and encrypted
  • key_name must allow the usage flag decrypt.
  • nonce must be appropriate for the selected algorithm.
  • For algorithms where the encrypted data and the authentication tag are defined as separate inputs, ciphertext must contain the encrypted data followed by the authentication tag.


plaintextVector of unsigned bytesBuffer containing the decrypted data

Specific response status codes

  • PsaErrorInvalidSignature: The ciphertext is not authentic.
  • PsaErrorNotPermitted: The key does not have the decrypt flag, or it does not permit the requested algorithm.
  • PsaErrorInvalidArgument: The key is not compatible with alg.
  • PsaErrorNotSupported: alg is not supported.


Authenticates and decrypts the given data using the given AEAD algorithm. Process an authenticated decryption operation.



Copyright 2020 Contributors to the Parsec project.