open-eid · martenrebane · Jun 12, 2026
diff --git a/Modules/CryptoLib/Sources/CryptoObjC/include/Decrypt.mm b/Modules/CryptoLib/Sources/CryptoObjC/include/Decrypt.mm
@@ -111,7 +111,17 @@ + (CdocInfo*)cdocInfo:(NSString *)fullPath error:(NSError**)error {
         } else if(lock.isPKI()) {
             [addressees addObject:[[Addressee alloc] initWithLabel:lock.label pub:[NSData dataFromVector:lock.getBytes(libcdoc::Lock::RCPT_KEY)] concatKDFAlgorithmURI:@""]];
         } else if(lock.isSymmetric()) {
-            [addressees addObject:[[Addressee alloc] initWithData:[NSData data] cnVal:[NSString stringWithStdString:lock.label]]];
+            std::map<std::string, std::string> info = libcdoc::Recipient::parseLabel(lock.label);
+            NSString *cnVal = info.contains("label")
+                ? [NSString stringWithStdString:info["label"]]
+                : @"";
+            [addressees addObject:[[Addressee alloc]
+                initWithCnVal:cnVal
+                 serialNumber:nil
+                     certType:CertTypePasswordType
+                      validTo:nil
+                         data:[NSData data]
+            concatKDFAlgorithmURI:@""]];
         } else {
             [addressees addObject:[[Addressee alloc] initWithData:[NSData data] cnVal:@"Unknown capsule"]];
         }

diff --git a/Modules/CryptoLib/Sources/CryptoObjCWrapper/Domain/Addressee.swift b/Modules/CryptoLib/Sources/CryptoObjCWrapper/Domain/Addressee.swift
@@ -72,7 +72,7 @@ import Foundation
         concatKDFAlgorithmURI: String = ""
     ) {
         let split = cnVal.split(separator: ",").map { String($0) }
-        if split.count > 1 {
+        if split.count >= 3 {
             surname = split[0]
             givenName = split[1]
             identifier = split[2]
@@ -92,7 +92,7 @@ import Foundation
         data = cert
         let cnVal = x509?.subject(oid: .commonName)?.joined(separator: ",") ?? ""
         let split = cnVal.split(separator: ",").map { String($0) }
-        if split.count > 1 {
+        if split.count >= 3 {
             surname = split[0]
             givenName = split[1]
             identifier = split[2]

diff --git a/Modules/CryptoLib/Sources/CryptoObjCWrapper/Domain/X509CertificateType.swift b/Modules/CryptoLib/Sources/CryptoObjCWrapper/Domain/X509CertificateType.swift
@@ -27,6 +27,7 @@ import ASN1Decoder
     case mobileIDType
     case smartIDType
     case eSealType
+    case passwordType
 }
 
 extension X509Certificate {

diff --git a/Modules/CryptoLib/Sources/CryptoSwift/CryptoContainer.swift b/Modules/CryptoLib/Sources/CryptoSwift/CryptoContainer.swift
@@ -377,6 +377,51 @@ extension CryptoContainer {
         )
     }
 
+    @MainActor
+    public static func decryptWithPassword(
+        containerFile: URL,
+        recipients: [Addressee],
+        password: String,
+        fileManager: FileManagerProtocol = Container.shared.fileManager()
+    ) async throws -> CryptoContainerProtocol {
+        let path = containerFile.resolvedPath
+        let decryptedData: [String: Data] = try await withCheckedThrowingContinuation { continuation in
+            DispatchQueue.global(qos: .userInitiated).async {
+                do {
+                    let result = try Decrypt.decryptFile(path, withPassword: password)
+                    continuation.resume(returning: result)
+                } catch {
+                    continuation.resume(throwing: error)
+                }
+            }
+        }
+
+        var urlDataFiles: [URL] = []
+        for dataFile in decryptedData {
+            let sanitizedName = dataFile.key.sanitized()
+            let destinationPath = try Directories.getCacheDirectory(
+                subfolders: [Constants.Folder.ContainerFolder, Constants.Folder.Temp],
+                fileManager: fileManager
+            )
+            let fileUrl = destinationPath.appending(path: sanitizedName, directoryHint: .notDirectory)
+            urlDataFiles.append(fileUrl)
+            let isCreated = fileManager.createFile(
+                atPath: fileUrl.resolvedPath, contents: dataFile.value, attributes: nil
+            )
+            if !isCreated {
+                CryptoContainer.logger().error("Unable to create file at path: \(destinationPath.resolvedPath)")
+            }
+        }
+
+        return try await create(
+            containerFile: containerFile,
+            dataFiles: urlDataFiles,
+            recipients: recipients,
+            isDecrypted: true,
+            isEncrypted: false
+        )
+    }
+
     @MainActor
     public static func encrypt(
         containerFile: URL,

diff --git a/RIADigiDoc/Domain/Model/Crypto/EncryptRecipientViewTab.swift b/RIADigiDoc/Domain/Model/Crypto/EncryptRecipientViewTab.swift
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2017 - 2026 Riigi Infosüsteemi Amet
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+enum EncryptRecipientViewTab: Int, Sendable {
+    case recipient = 0
+    case password = 1
+}
diff --git a/RIADigiDoc/Domain/Model/Crypto/EncryptViewTab.swift b/RIADigiDoc/Domain/Model/Crypto/EncryptViewTab.swift
@@ -17,7 +17,7 @@
  *
  */
 
-enum EncryptViewTab: Int, Sendable {
+public enum EncryptViewTab: Int, Sendable {
     case files = 0
     case recipients = 1
 }
diff --git a/RIADigiDoc/Domain/Model/EncryptionCdocOption.swift b/RIADigiDoc/Domain/Model/EncryptionCdocOption.swift
@@ -17,7 +17,7 @@
  *
  */
 
-public enum EncryptionCdocOption: Int, Sendable {
+public enum EncryptionCdocOption: Int, Sendable, Hashable {
     case cdoc1 = 0
     case cdoc2 = 1
 }
diff --git a/RIADigiDoc/Domain/Model/Navigation/NavigationDestination.swift b/RIADigiDoc/Domain/Model/Navigation/NavigationDestination.swift
@@ -30,7 +30,7 @@ public enum NavigationDestination: Hashable {
         extensions: [String]
     )
 
-    case encryptRecipientView
+    case encryptRecipientView(cdocOption: EncryptionCdocOption)
 
     case signingView
     case signatureDetailView(
@@ -51,8 +51,11 @@ public enum NavigationDestination: Hashable {
     )
 
     case encryptView(
-        isWithEncryption: Bool
+        isWithEncryption: Bool,
+        cdocOption: EncryptionCdocOption,
+        selectedTab: EncryptViewTab
     )
+
     case recipientDetailView(
         recipient: Addressee,
     )