return encrypted;
    }

    /**
     * Encrypts the given data.
     *
     * @param data
     *            the data to encrypt
     * @return the encrypted data
     * @deprecated Use {@link #encrypt(byte[])} instead. This method name contains a typo.
     */
    @Deprecated
    public byte[] encrypto(final byte[] data) {
        return encrypt(data);
    }

    /**

* Caddy (that can also handle certificate renewals)
* Nginx
* HAProxy

## Let's Encrypt { #lets-encrypt }

Before Let's Encrypt, these **HTTPS certificates** were sold by trusted third parties.

The process to acquire one of these certificates used to be cumbersome, require quite some paperwork and the certificates were quite expensive.

But then **[Let's Encrypt](https://letsencrypt.org/)** was created.

        byte[] salt = storage.getSalt();

        // Encrypt with first storage
        byte[] encrypted = storage.encryptCredentials(plaintext);

        // Create new storage with same salt
        SecureCredentialStorage storage2 = new SecureCredentialStorage(masterPassword.clone(), salt);

        try {
            // Should be able to decrypt with same salt and password

        this.secureRandom.nextBytes(nonce);
        return nonce;
    }

    /**
     * Encrypt an SMB2 message with constant-time operations
     *
     * @param message
     *            plaintext message to encrypt
     * @param sessionId
     *            session identifier
     * @return encrypted message with transform header
     * @throws CIFSException

    }

    /// Encrypt a block of bytes.
    /**
     * Encrypts an 8-byte block using DES
     * @param clearText the 8-byte plaintext block
     * @param cipherText the output 8-byte ciphertext block
     */
    public void encrypt(final byte[] clearText, final byte[] cipherText) {
        encrypt(clearText, 0, cipherText, 0);
    }

    /// Decrypt a block of bytes.
    /**

可作為 TLS 終止代理的選項包括：

* Traefik（也可處理憑證續期）
* Caddy（也可處理憑證續期）
* Nginx
* HAProxy

## Let's Encrypt { #lets-encrypt }

在 Let's Encrypt 之前，這些 **HTTPS 憑證**是由受信任的第三方販售。

取得這些憑證的流程過去相當繁瑣，需要許多手續，且憑證相當昂貴。

之後出現了 **[Let's Encrypt](https://letsencrypt.org/)**。

它是 Linux Foundation 的專案，能**免費**且自動化地提供 **HTTPS 憑證**。這些憑證採用標準的密碼學安全機制，且有效期較短（約 3 個月），因此因為壽命短，**安全性其實更好**。

        context.setKeyRotationBytesLimit(100); // Rotate after 100 bytes

        // Encrypt first message - should work
        byte[] plaintext1 = "Message before rotation".getBytes();
        byte[] encrypted1 = assertDoesNotThrow(() -> context.encryptMessage(plaintext1, 1L));
        assertNotNull(encrypted1);

        // Encrypt larger message to trigger rotation
        byte[] largeMessage = new byte[150]; // Exceed 100 byte limit

            if (plaintextBytes != null) {
                SecureKeyManager.secureWipe(plaintextBytes);
            }
        }
    }

    /**
     * Encrypt credentials to a base64 string for storage
     *
     * @param plaintext the credentials to encrypt
     * @return base64 encoded encrypted credentials
     * @throws GeneralSecurityException if encryption fails
     */

TLS Termination Proxyとして使えるオプションには、以下のようなものがあります：

* Traefik（証明書の更新も対応）
* Caddy (証明書の更新も対応)
* Nginx
* HAProxy


## Let's Encrypt { #lets-encrypt }

Let's Encrypt以前は、これらの**HTTPS証明書**は信頼できる第三者によって販売されていました。

これらの証明書を取得するための手続きは面倒で、かなりの書類を必要とし、証明書はかなり高価なものでした。

しかしその後、**[Let's Encrypt](https://letsencrypt.org/)** が作られました。

        options.addOption(Option.builder(ENCRYPT_MASTER_PASSWORD)
                .longOpt("encrypt-master-password")
                .hasArg()
                .optionalArg(true)
                .desc("Encrypt master security password")
                .build());
        options.addOption(Option.builder(ENCRYPT_PASSWORD)
                .longOpt("encrypt-password")
                .hasArg()
                .optionalArg(true)