long sessionId = 0x123456789ABCDEF0L;

        // When - Encrypt
        byte[] encrypted = context.encryptMessage(plaintext, sessionId);

        // Then - Verify encrypted message structure
        assertNotNull(encrypted, "Encrypted message should not be null");
        assertTrue(encrypted.length > plaintext.length, "Encrypted message should be larger than plaintext");

        // Encrypt
        byte[] encrypted = storage.encryptCredentials(plaintext);
        assertNotNull(encrypted, "Encrypted data should not be null");
        assertTrue(encrypted.length > 0, "Encrypted data should have content");

        // Verify plaintext is not in encrypted data
        String encryptedStr = new String(encrypted);

    /**
     * Encrypts the given data.
     *
     * @param data
     *            the data to encrypt
     * @return the encrypted data
     */
    public byte[] encrypto(final byte[] data) {
        final Cipher cipher = pollEncryptoCipher();
        byte[] encrypted;
        try {
            encrypted = cipher.doFinal(data);
        } catch (final IllegalBlockSizeException e) {

// It fails if the object is encrypted and the HTTP headers don't contain
// SSE-C headers or the object is not encrypted but SSE-C headers are provided. (AWS behavior)
// DecryptObjectInfo returns 'ErrNone' if the object is not encrypted or the
// decryption succeeded.
//
// DecryptObjectInfo also returns whether the object is encrypted or not.

        }
    }

    /**
     * Encrypt credentials to a base64 string for storage
     *
     * @param plaintext the credentials to encrypt
     * @return base64 encoded encrypted credentials
     * @throws GeneralSecurityException if encryption fails
     */
    public String encryptToString(char[] plaintext) throws GeneralSecurityException {
        byte[] encrypted = encryptCredentials(plaintext);

        assertNotNull(cryptographer);

        String plainText = "Hello, World!";
        String encrypted = cryptographer.encrypt(plainText);
        assertNotNull(encrypted);
        assertFalse(plainText.equals(encrypted));

        String decrypted = cryptographer.decrypt(encrypted);
        assertEquals(plainText, decrypted);
    }

    public void test_invertibleCryptography_withEmptyString() {

        final int tagLength = getAuthTagLength();
        final byte[] ciphertext = new byte[encrypted.length - tagLength];
        final byte[] authTag = new byte[tagLength];

        // Use constant-time copy operations
        constantTimeCopy(encrypted, 0, ciphertext, 0, ciphertext.length);
        constantTimeCopy(encrypted, ciphertext.length, authTag, 0, tagLength);

        return new EncryptionResult(ciphertext, authTag);

	for i, test := range decryptObjectMetaTests {
		if encrypted, err := DecryptObjectInfo(&test.info, test.request); err != test.expErr {
			t.Errorf("Test %d: Decryption returned wrong error code: got %d , want %d", i, err, test.expErr)
		} else if _, enc := crypto.IsEncrypted(test.info.UserDefined); encrypted && enc != encrypted {
			t.Errorf("Test %d: Decryption thinks object is encrypted but it is not", i)
		} else if !encrypted && enc != encrypted {

* Nginx
* HAProxy

## Let's Encrypt { #lets-encrypt }

Before Let's Encrypt, these **HTTPS certificates** were sold by trusted third parties.

The process to acquire one of these certificates used to be cumbersome, require quite some paperwork and the certificates were quite expensive.

But then **<a href="https://letsencrypt.org/" class="external-link" target="_blank">Let's Encrypt</a>** was created.

        assertEquals(expect, ParameterUtil.encrypt(value));

        value = "";
        expect = "";
        assertEquals(expect, ParameterUtil.encrypt(value));

        value = "\n";
        expect = "";
        assertEquals(expect, ParameterUtil.encrypt(value));

        value = "=";
        expect = "unknown.1=";
        assertEquals(expect, ParameterUtil.encrypt(value));

        value = "=1\n=";