Crypt · Library

crypt.decrypt

Decrypts AES-encrypted Base64 ciphertext.

function crypt.decrypt(data: string, key: string, iv: string, mode: string): string

Synopsis

How it works

Decrypts data encrypted with crypt.encrypt. Reverses the AES-CBCCBC modeCipher Block Chaining — an AES block mode where each plaintext block is XORed with the previous ciphertext block before encryption. Requires an IV for the first block. Provides better diffusion than ECB mode. process:

1. Extract IV from first 16 bytes of ciphertext
2. For each 16-byte block (last to first):
   C[i] → AES-256-Decrypt(key) → XOR with C[i-1] → P[i]
3. Remove PKCS#7 padding from final block
4. Return plaintext string

The key and mode must match those used during encryption. An incorrect key produces garbage output (no authentication tag in CBC mode to detect tampering). AES-256-CBCAES-256-CBCAdvanced Encryption Standard with a 256-bit key in Cipher Block Chaining mode. Each 16-byte plaintext block is XORed with the previous ciphertext block before encryption. Requires an IV (Initialization Vector) for the first block. requires the exact same 32-byte key and automatically extracts the IV from the ciphertext prefix.

Usage

Decrypt

local plain = crypt.decrypt(ciphertext, key, iv, "CBC")
print(plain)

Parameters

data string

Base64-encoded ciphertext.

key string

Base64-encoded 256-bit key.

iv string

Base64-encoded IV.

mode string

Cipher mode used during encryption.

Returns

string The decrypted plaintext.