feat(cybersecurity): auto-commit con 48 cambios

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

functions/cybersecurity/open_key_box.go

@@ -0,0 +1,32 @@
+package cybersecurity
+
+import (
+	"fmt"
+
+	"golang.org/x/crypto/nacl/box"
+)
+
+// OpenKeyBox decrypts a sealed box produced by SealKeyBox using the recipient's X25519 keypair.
+// kexPub and kexPriv must each be exactly 32 bytes and correspond to the public key
+// passed to SealKeyBox as recipientKexPub.
+// Returns an error if decryption or authentication fails.
+func OpenKeyBox(kexPub, kexPriv, sealedMsg []byte) ([]byte, error) {
+	if len(kexPub) != 32 {
+		return nil, fmt.Errorf("open_key_box: kexPub must be 32 bytes, got %d", len(kexPub))
+	}
+	if len(kexPriv) != 32 {
+		return nil, fmt.Errorf("open_key_box: kexPriv must be 32 bytes, got %d", len(kexPriv))
+	}
+
+	var pub [32]byte
+	var priv [32]byte
+	copy(pub[:], kexPub)
+	copy(priv[:], kexPriv)
+
+	plaintext, ok := box.OpenAnonymous(nil, sealedMsg, &pub, &priv)
+	if !ok {
+		return nil, fmt.Errorf("open_key_box: decryption failed (authentication error or corrupted message)")
+	}
+
+	return plaintext, nil
+}