This module does not provide an API to read a decrypted token (by turning it into a string, Cstruct.t or similar). This is to prevent leaking CSRF tokens.
equal_struct tkn raw checks if a decrypted token tkn is equal to a raw token raw.
val from_encrypted : with_secret:Secret.t -> Encrypted_token.t -> tfrom_encrypted ~with_secret tkn decrypts an encrypted token tkn using AES in ECB mode given a secret with_secret.
val from_encrypted_random : with_secret:Secret.t -> Encrypted_token.t -> tfrom_encrypted_random ~with_secret tkn decrypts a randomized encrypted token tkn given a secret with_secret. This function reverses Encrypted_token.from_struct_random since a specific format is required.
val from_encrypted_to_encrypted_random :
with_secret:Secret.t ->
Encrypted_token.t ->
Encrypted_token.tfrom_encrypted_to_encrypted_random ~with_secret tkn turns a normal encrypted token tkn into a randomly encrypted token by first decrypting it and then re-encrypting it with Encrypted_token.from_struct_random.