How-to
Debug a decryption failure
Step 1 — Inspect the envelope
var inspected = Client.InspectEnvelope(envelope);
Console.WriteLine($"Kind: {inspected.Kind}");
Console.WriteLine($"SourceId: {inspected.SourceId?.Substring(0, 32)}...");
Console.WriteLine($"Kgt: {inspected.Kgt}");
Console.WriteLine($"SessionHash: {inspected.SessionHash}"); Step 2 — Match against the symptom
| Symptom | Likely cause | Action |
|---|---|---|
FormatException: missing separator | Envelope corrupted in transit | Check transport binary safety |
ASK fetch failed: -3 | Platform refused to issue a key | Verify both identities exist and belong to the same client app |
Decryption returned empty | KGT window has expired (more than ~1 hour old) | Re-send. For longer-lived traffic use sessioned envelopes. |
| Decoy ASK marker (lowercase 'd') | Activation expired or library integrity check failed | Re-activate the identity |
Sessioned envelope has no cached ASK | Receiver did not pin the ASK before the envelope arrived | Pin via PinAskForSession first, or use unsessioned variant |
Step 3 — Enable detailed logging
Route the SDK's logs at Debug level for full per-call detail (see Read the audit log).
See also
- Inspect a wire envelope How-to
- Read the audit log How-to