pub(crate) fn encrypt_blob_cipher_with_wrapping_key(
view: &mut CipherView,
ctx: &mut KeyStoreContext<'_, KeySlotIds>,
wrapping_key: SymmetricKeySlotId,
) -> Result<Cipher, BlobEncryptionError>Expand description
Variant of encrypt_blob_cipher that accepts an explicit outer wrapping
key. Used by key rotation, where the new user/org key is installed under a
Local slot id and view.key has been rewrapped under that slot — calling
key_identifier() would resolve to the original User/Organization slot
and fail to unwrap the CEK.