final Cipher cipher = Cipher.getInstance(transformation);
            final GCMParameterSpec gcmSpec = new GCMParameterSpec(getAuthTagLength() * 8, nonce);

            cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, keySpec, gcmSpec);
            return cipher;
        } finally {
            // Guaranteed cleanup of all key material
            if (key != null) {

        };
        roleQueryHelperImpl.cipher = cipher;

        Set<String> roleSet;
        boolean encrypted;
        String value;

        encrypted = true;
        value = cipher.encryptoText("");
        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
        assertEquals(0, roleSet.size());

        encrypted = true;
        value = cipher.encryptoText("role1");

     * @return a decryption cipher
     */
    protected Cipher pollDecryptoCipher() {
        Cipher cipher = decryptoQueue.poll();
        if (cipher == null) {
            final SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(), algorithm);
            try {
                cipher = Cipher.getInstance(algorithm);
                cipher.init(Cipher.DECRYPT_MODE, sksSpec);
            } catch (final InvalidKeyException e) {

        @DisplayName("Should encode various cipher counts correctly")
        void testEncodeVariousCipherCounts(int cipherCount) {
            int[] ciphers = new int[cipherCount];
            for (int i = 0; i < cipherCount; i++) {
                ciphers[i] = i + 1;
            }
            EncryptionNegotiateContext context = new EncryptionNegotiateContext(mockConfig, ciphers);

        SecretKeySpec dataKey = new SecretKeySpec(dataHmac, KerberosConstants.RC4_ALGORITHM);

        cipher = Cipher.getInstance(KerberosConstants.RC4_ALGORITHM);
        cipher.init(Cipher.DECRYPT_MODE, dataKey);

        int plainDataLength = data.length - KerberosConstants.CHECKSUM_SIZE;
        byte[] plainData = cipher.doFinal(data, KerberosConstants.CHECKSUM_SIZE, plainDataLength);

   * order for a socket to be compatible the enabled cipher suites and protocols must intersect.
   *
   * For cipher suites, at least one of the [required cipher suites][cipherSuites] must match the
   * socket's enabled cipher suites. If there are no required cipher suites the socket must have at
   * least one cipher suite enabled.
   *

 *  New: Buffer WebSocket frames for better performance.
 *  New: Drop support for `TLS_DHE_DSS_WITH_AES_128_CBC_SHA`, our only remaining
    DSS cipher suite. This is consistent with Firefox and Chrome which have also
    dropped these cipher suite.

## Version 2.5.0

_2015-08-25_

 *  **Timeouts now default to 10 seconds.** Previously we defaulted to never

            assertNotNull(cryptographer);
            assertSame(oneWayCryptographer, cryptographer);
        }
    }

    // Test with different cipher types
    public void test_withBlowfishCipher() {
        // Test with Blowfish cipher
        InvertibleCryptographer blowfish = InvertibleCryptographer.createBlowfishCipher("secretkey");

    
    public void saveEncrypted(HandleInfo handle, Path file) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, encryptionKey);
        
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        try (CipherOutputStream cos = new CipherOutputStream(baos, cipher);
             ObjectOutputStream oos = new ObjectOutputStream(cos)) {

            secureRandom.nextBytes(iv);

            // Setup cipher
            Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
            GCMParameterSpec gcmSpec = new GCMParameterSpec(GCM_TAG_SIZE, iv);
            cipher.init(Cipher.ENCRYPT_MODE, masterKey, gcmSpec);

            // Encrypt
            byte[] ciphertext = cipher.doFinal(plaintextBytes);

            // Combine IV and ciphertext