Function: decryptData()

decryptData(encryptedData, encryptionKey): Promise<string>

Defined in: crypto.ts:123 Reverse encryptData. Verifies the GCM authentication tag before returning plaintext — tampered ciphertexts throw.

Parameters

encryptedData

string Base64 string produced by encryptData.

encryptionKey

string Same key/password used to encrypt. Wrong keys throw an “Unsupported state or unable to authenticate data” error from Node — the authenticated tag failure is indistinguishable from tampering, by design.

Returns

Promise<string> The original UTF-8 plaintext.

Throws

Error if the tag does not verify (wrong key, modified ciphertext, truncated payload). Catch this and treat it as a security event, not a recoverable error.

Example

const plaintext = await decryptData(stored, process.env.PII_KEY!);

​Function: decryptData()

​Parameters

​encryptedData

​encryptionKey

​Returns

​Throws

​Example