// Then
        assertNotNull(decKey, "Decryption key should not be null");
        assertEquals(16, decKey.length, "Decryption key should be 16 bytes");
        assertFalse(Arrays.equals(sessionKey, decKey), "Decryption key should be different from session key");
    }

    @Test
    @DisplayName("Should derive decryption key for SMB 3.1.1 dialect")
    void testDeriveDecryptionKey_SMB311() {

import org.codelibs.core.exception.UnsupportedEncodingRuntimeException;
import org.codelibs.core.misc.Base64Util;

/**
 * A high-performance utility class for encrypting and decrypting data using cached {@link Cipher} instances.
 * <p>
 * This class provides efficient encryption/decryption by pooling and reusing cipher instances,
 * reducing the overhead of repeated cipher initialization. It supports both string-based keys

                    .thenThrow(new GeneralSecurityException("Decryption error"));

            PACDecodingException e = assertThrows(PACDecodingException.class, () -> new KerberosTicket(token, (byte) 0, keys));
            assertTrue(e.getMessage().startsWith("Decryption failed"));
        }
    }

    @Test

import jcifs.CIFSException;
import jcifs.DialectVersion;
import jcifs.internal.smb2.nego.EncryptionNegotiateContext;
import jcifs.util.SecureKeyManager;

/**
 * SMB2/SMB3 Encryption Context
 *
 * Manages encryption and decryption operations for SMB2/SMB3 sessions.
 * Handles both AES-CCM (SMB 3.0/3.0.2) and AES-GCM (SMB 3.1.1) cipher suites.
 *
 * @author mbechler
 */

                // Log but don't fail - concurrent encryption/decryption with same context is complex
                System.out.println("Sample decryption failed (acceptable for concurrent test): " + e.getMessage());
            }
        }

        // Cleanup
        context.close();
    }

    @Test
    @DisplayName("Should handle AES-CCM encryption correctly")
    void testAESCCMEncryption() throws Exception {

    /**
     * Decrypts Kerberos encrypted data using the specified key.
     *
     * @param data the encrypted data to decrypt
     * @param key the decryption key
     * @param type the encryption type
     * @return the decrypted data
     * @throws GeneralSecurityException if decryption fails
     */
    public static byte[] decrypt(byte[] data, Key key, int type) throws GeneralSecurityException {
        Cipher cipher = null;

          // Consuming server Finished handshake message
          // Produced ClientHello handshake message
          //
          // Raw write
          // Raw read
          // Plaintext before ENCRYPTION
          // Plaintext after DECRYPTION
          val message = record.message
          val parameters = record.parameters

          if (parameters != null && !message.startsWith("Raw") && !message.startsWith("Plaintext")) {

import javax.security.auth.Destroyable;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Secure credential storage with encryption at rest.
 *
 * Provides secure storage of passwords and other sensitive credentials
 * using AES-GCM encryption with PBKDF2 key derivation.
 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password

        assertFalse(session.isConnected());
        assertTrue(session.isFailed());
    }

    @Test
    @DisplayName("encryption: flags, encryption, and decryption delegation")
    void testEncryptionDelegation() throws Exception {
        SmbSessionImpl session = newSession();

        // No encryption context -> throws
        CIFSException notEnabled = assertThrows(CIFSException.class, () -> session.encryptMessage(new byte[] { 1 }));

    /**
     * The key for user roles in the request attribute.
     */
    protected static final String USER_ROLES = "userRoles";

    /**
     * The cached cipher for encryption and decryption.
     */
    protected CachedCipher cipher;

    /**
     * The separator for values in the role string.
     */
    protected String valueSeparator = "\n";

    /**