return nil
}

type Token struct {
	UserID  int    `gorm:"primary_key"`
	Content string `gorm:"type:varchar(100)"`
}

func (t *Token) BeforeSave(tx *gorm.DB) error {
	t.Content += "_encrypted"
	return nil
}

func TestSaveWithHooks(t *testing.T) {
	DB.Migrator().DropTable(&Token{}, &TokenOwner{})
	DB.AutoMigrate(&Token{}, &TokenOwner{})

        long sessionId = 0x123456789ABCDEF0L;

        // When - Encrypt
        byte[] encrypted = context.encryptMessage(plaintext, sessionId);

        // Then - Verify encrypted message structure
        assertNotNull(encrypted, "Encrypted message should not be null");
        assertTrue(encrypted.length > plaintext.length, "Encrypted message should be larger than plaintext");

        byte[] encrypted = storage.encryptCredentials(plaintext);
        assertNotNull(encrypted, "Encrypted long password should not be null");
        assertTrue(encrypted.length > plaintext.length, "Encrypted data should be larger due to IV and auth tag");

        char[] decrypted = storage.decryptCredentials(encrypted);
        assertArrayEquals(plaintext, decrypted, "Decrypted long password should match original");

		return data, nil
	}
	if _, encrypted := crypto.IsEncrypted(o.UserDefined); encrypted {
		decrypted, err := o.metadataDecrypter(h)("object-checksum", data)
		if err != nil {
			return nil, err
		}
		data = decrypted
	}
	return data, nil
}

// metadataEncryptFn provides an encryption function for metadata.
// Will return nil, nil if unencrypted.

	}
	return hex.EncodeToString(e)
}

// IsEncrypted reports whether the ETag is encrypted.
func (e ETag) IsEncrypted() bool {
	// An encrypted ETag must be at least 32 bytes long.
	// It contains the encrypted ETag value + an authentication
	// code generated by the AEAD cipher.
	//
	// Here is an incorrect implementation of IsEncrypted:
	//
	//   return len(e) > 16 && !bytes.ContainsRune(e, '-')
	//

	for i, test := range decryptObjectMetaTests {
		if encrypted, err := DecryptObjectInfo(&test.info, test.request); err != test.expErr {
			t.Errorf("Test %d: Decryption returned wrong error code: got %d , want %d", i, err, test.expErr)
		} else if _, enc := crypto.IsEncrypted(test.info.UserDefined); encrypted && enc != encrypted {
			t.Errorf("Test %d: Decryption thinks object is encrypted but it is not", i)
		} else if !encrypted && enc != encrypted {

    * The contents are **encrypted**, even though they are being sent with the **HTTP protocol**.

        assertNotNull(cryptographer);

        String plainText = "Hello, World!";
        String encrypted = cryptographer.encrypt(plainText);
        assertNotNull(encrypted);
        assertFalse(plainText.equals(encrypted));

        String decrypted = cryptographer.decrypt(encrypted);
        assertEquals(plainText, decrypted);
    }

    @Test
    public void test_invertibleCryptography_withEmptyString() {

func TestIsEncrypted(t *testing.T) {
	for i, test := range isEncryptedTests {
		if _, isEncrypted := IsEncrypted(test.Metadata); isEncrypted != test.Encrypted {
			t.Errorf("Test %d: got '%v' - want '%v'", i, isEncrypted, test.Encrypted)
		}
	}
}

var s3IsEncryptedTests = []struct {
	Metadata  map[string]string
	Encrypted bool
}{
	{Encrypted: false, Metadata: map[string]string{MetaMultipart: ""}},                             // 0

	}

	_, isEncrypted := crypto.IsEncrypted(oi.UserDefined)
	isCompressed, err := oi.IsCompressedOK()
	if err != nil {
		return nil, 0, 0, err
	}

	// if object is encrypted and it is a restore request or if NoDecryption
	// was requested, fetch content without decrypting.
	if opts.Transition.RestoreRequest != nil || opts.NoDecryption {
		isEncrypted = false
		isCompressed = false
	}