in image/image.go [720:746]
func Decrypt(img Image, privEncKey sec.PrivEncKey) (Image, error) {
dup := img.Clone()
tlvs := dup.RemoveTlvsIf(func(tlv ImageTlv) bool {
return ImageTlvTypeIsSecret(tlv.Header.Type)
})
if len(tlvs) != 1 {
return dup, errors.Errorf(
"failed to decrypt image: wrong count of \"secret\" TLVs; "+
"have=%d want=1", len(tlvs))
}
cipherSecret := tlvs[0].Data
plainSecret, err := privEncKey.Decrypt(cipherSecret)
if err != nil {
return img, err
}
body, err := sec.EncryptAES(dup.Body, plainSecret, nil)
if err != nil {
return img, err
}
dup.Body = body
return dup, nil
}