MIT Kerberos Documentation

krb5_k_decrypt - Decrypt data using a key (operates on opaque key).

krb5_error_code krb5_k_decrypt(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data * cipher_state, const krb5_enc_data * input, krb5_data * output)

[in] context - Library context

[in] key - Encryption key

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

[inout] cipher_state - Cipher state; specify NULL if not needed

[in] input - Encrypted data

[out] output - Decrypted data

  • 0 Success; otherwise - Kerberos error codes

This function decrypts the data block input and stores the output into output . The actual decryption key will be derived from key and usage if key derivation is specified for the encryption type. If non-null, cipher_state specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation.


The caller must initialize output and allocate at least enough space for the result. The usual practice is to allocate an output buffer as long as the ciphertext, and let krb5_c_decrypt() trim output->length . For some enctypes, the resulting output->length may include padding bytes.