gnutls_cipher_decrypt2 - Linux


gnutls_cipher_decrypt2 is used to decrypt a block using a given cipher and key. It is typically employed in secure communication protocols, such as TLS/SSL, to protect data from unauthorized access during transmission.


gnutls_cipher_decrypt2(const gnutls_cipher_context_t *ctx,
                      const void *in, size_t in_len,
                      const void *iv, void *out)




Simple Decryption:

#include <gnutls/gnutls.h>

void decrypt() {
  gnutls_cipher_context_t ctx;
  unsigned char in[] = "Encrypted data";
  unsigned char iv[] = "Initialization vector";
  unsigned char out[1024];

  gnutls_cipher_init(&ctx, GNUTLS_CIPHER_AES_128);
  gnutls_cipher_set_key(ctx, &key, sizeof(key));
  gnutls_cipher_decrypt2(&ctx, in, sizeof(in), iv, out);

  // Use the decrypted data

Advanced Decryption with Protocol support:

#include <gnutls/gnutls.h>

void decrypt_protocol() {
  gnutls_cipher_context_t ctx;
  gnutls_session_t session;
  gnutls_protocol_t protocol = GNUTLS_TLS1_3;

  gnutls_cipher_init(&ctx, GNUTLS_CIPHER_AES_128);
  gnutls_cipher_set_key(ctx, &key, sizeof(key));

  // Set the SSL protocol version
  gnutls_session_set_protocol_version(session, protocol);

  // Perform the decryption
  gnutls_cipher_decrypt2(&ctx, in, sizeof(in), iv, out);

  // Use the decrypted data

Common Issues

  • Ensure that the cipher context is initialized with the correct cipher algorithm and key before attempting decryption.
  • Verify that the initialization vector is correct, as incorrect values may result in decryption errors.
  • Check that the input data and output buffer are valid and of appropriate size.


gnutls_cipher_decrypt2 can be integrated with other GnuTLS functions and modules to build secure communication applications. For example:

// Create a TLS server with GnuTLS and use gnutls_cipher_decrypt2 for decryption
gnutls_certificate_credentials_t cert_cred;
gnutls_session_t session;

gnutls_init(&session, GNUTLS_SERVER);
gnutls_certificate_set_x509_key_file(cert_cred, "cert.pem", "key.pem", GNUTLS_X509_FMT_PEM);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred);
gnutls_transport_set_ptr(session, server_socket);

while (1) {
  // Accept connections, decrypt data, and send responses as needed


Related Commands

  • gnutls_cipher_init: Initializes a cipher context.
  • gnutls_cipher_set_key: Sets the encryption key.
  • gnutls_cipher_encrypt2: Encrypts a block of data.
  • gnutls_cipher_clear: Frees and clears the cipher context.