func Decrypt(key []byte, ct []byte) (msg []byte, err error) {
msg, err = symmetric.Decrypt(key, ct)
if err != nil {
return
}
h := msg[:hash.HashLen]
msg = msg[hash.HashLen:]
if !bytes.Equal(h, hash.New(msg).Digest()) {
err = ErrInvalidMessage
}
return
}
// Absolute Base64-encoded decryption function. The input ciphertext
// should be base64-encoded.
func AbsDecrypt(key []byte, ct []byte) (pt []byte, err error) {
rawkey, err := decodeKey(key)
if err != nil {
return
}
rawct, err := DecodeBase64(ct)
if err != nil {
return
}
rawct = trim(rawct)
pt, err = symmetric.Decrypt(rawkey, rawct)
return
}
func decrypt(w http.ResponseWriter, upload *Upload) {
salt := upload.Data[:hash.SaltLength]
enc := upload.Data[hash.SaltLength:]
key := hash.DeriveKeyWithSalt(upload.Password, salt)
if key == nil {
serverError(w, "failed to generate key")
return
}
dec, err := symmetric.Decrypt(key.Key, enc)
if err != nil {
serverError(w, "encryption failure: "+err.Error())
return
}
w.Header().Add("content-type", "application/octet-stream")
w.Header().Add("content-disposition", "attachment; filename="+upload.Name)
w.Write(dec)
}