in src/legacy.rs [199:214]
fn try_decrypt_b64(
priv_key: &str,
pub_key: &str,
auth_secret: &str,
block: &AesGcmEncryptedBlock,
) -> Result<String> {
// The AesGcmEncryptedBlock is composed from the `Crypto-Key` & `Encryption` headers, and post body
// The Block will attempt to decode the base64 strings for dh & salt, so no additional action needed.
// Since the body is most likely not encoded, it is expected to be a raw buffer of [u8]
let priv_key_raw = base64::engine::general_purpose::URL_SAFE_NO_PAD.decode(priv_key)?;
let pub_key_raw = base64::engine::general_purpose::URL_SAFE_NO_PAD.decode(pub_key)?;
let ec_key = EcKeyComponents::new(priv_key_raw, pub_key_raw);
let auth_secret = base64::engine::general_purpose::URL_SAFE_NO_PAD.decode(auth_secret)?;
let plaintext = decrypt_aesgcm(&ec_key, &auth_secret, block)?;
Ok(String::from_utf8(plaintext).unwrap())
}