gnutls_hpke_open(3) gnutls gnutls_hpke_open(3)

gnutls_hpke_open - API function

#include <gnutls/hpke.h>

int gnutls_hpke_open(gnutls_hpke_context_t ctx, const gnutls_datum_t * aad, const gnutls_datum_t * ciphertext, gnutls_datum_t * plaintext);

The HPKE context to use for opening.
The associated data (AAD) that was authenticated during sealing.
The ciphertext received from the sender.
A pointer to a gnutls_datum_t structure where the resulting plaintext will be stored.

This function performs the opening operation of HPKE. It takes the ciphertext received from the sender and uses the keys and nonces set up in the HPKE context (after decapsulation) to decrypt the ciphertext and verify the authentication tag. If the decryption and authentication are successful, the resulting plaintext is stored in
plaintext . If the decryption or authentication fails, the function securely erases any allocated plaintext and returns an error code.

This function can be used multiple times with the same HPKE context, but the decapsulation function (gnutls_hpke_decap()) must be called once before the first call to this function.


aad should be the same AAD that was provided to gnutls_hpke_seal() on the sender's side.


ciphertext should be the same ciphertext that was generated by gnutls_hpke_seal() on the sender's side.

The function will allocate memory for the plaintext , and the caller is responsible for freeing this memory using gnutls_free() when it is no longer needed.

0 on success, or a negative error code on failure

3.8.13

Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org

Copyright © 2001-2023 Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

3.8.13 gnutls