Root > Reference > All Functions > TwofishDecrypt

Procedure TwofishDecrypt

Previous pageReturn to chapter overviewNext page   

Decrypts encrypted data by using Twofish cipher.







Code (Delphi)

procedure TwofishDecrypt(

const AKey: TTwofishKey;

const AEncryptedData: Pointer;

out AData: Pointer;

var ADataSize: Cardinal;

const AInitVector: PTwofishInitVector = nil

); overload;


function TwofishDecrypt(

const AKey: TTwofishKey;

const AEncryptedData: RawByteString;

const AInitVector: PTwofishInitVector = nil

): RawByteString; overload;



AKey [in]

A key for decryption. Comes from TwofishDeriveKey function or TwofishInitKey function.


AEncryptedData [in]

A data to decrypt. Must be in little-endian format.


AData [out]

A decrypted AEncryptedData's "clear text" data. Must be deleted with FreeMem function (but we recommend to use SecureFree function instead). Will have different size from AData. PKCS#5 padding will be removed.


ADataSize [in, out]

On input: size of AEncryptedData.

On output: size of AData.


AInitVector [in, opt]

An optional initialization vector (IV). This value must be the same as the one passed to TwofishEncrypt function during encryption.


AEncryptedData [in]

Encrypted data (in string form) to decrypt. Must not contain salt (see TwofishDeriveKey). Must be in little-endian format.


Return value

Decrypted "clear text" data. PKCS#5 padding will be removed.



This function decrypts data previosly encrypted with TwofishEncrypt function with key of symmetric Twofish cipher. The encrypted data is passed in AEncryptedData parameter. The function outputs decrypted data back to AData parameter. AData expected to have different size from AEncryptedData. In other words, symmetric decryption with Twofish does change the size of the data.


The overload variant with RawByteString decrypts AEncryptedData parameter and outputs decrypted data as function's result.



Zero-filled IV is not the same as not specified IV. Not specified IV means using ECB mode. Specified IV means using CBC mode (even if IV is empty/zero filled).



TwofishEncrypt/TwofishDecrypt use PKCS#5 filling scheme for both ECB and CBC modes. That is: data size will be increased (during encryption) to closest block boundary (block size is 16 bytes/128 bit), the unused space (padding) will be filled with its own size (e.g. 1..16). If source data size is exactly N * 16 bytes, then one full block (16 bytes) will be added (and filled with byte = 16). On decryption data size will be simply decreased by a value specified in the last byte.


See also

Send feedback... Build date: 2022-03-28
Last edited: 2022-03-28
The documentation team uses the feedback submitted to improve the EurekaLog documentation. We do not use your e-mail address for any other purpose. We will remove your e-mail address from our system after the issue you are reporting has been resolved. While we are working to resolve this issue, we may send you an e-mail message to request more information about your feedback. After the issues have been addressed, we may send you an email message to let you know that your feedback has been addressed.

Permanent link to this article: