return decrypted;
    }

    /**
     * Decrypts the given data.
     *
     * @param data
     *            the data to decrypt
     * @return the decrypted data
     * @deprecated Use {@link #decrypt(byte[])} instead. This method name contains a typo.
     */
    @Deprecated
    public byte[] decrypto(final byte[] data) {
        return decrypt(data);
    }

    /**

        byte[] result = cipher.doFinal(data);

        decrypt = new byte[result.length];
        System.arraycopy(result, 0, decrypt, 0, result.length);

        int tempSize = decrypt.length - 24;

        byte[] output = new byte[tempSize];
        System.arraycopy(decrypt, 24, output, 0, tempSize);

        return output;
    }

	}

	for i, test := range encryptDecryptTests {
		ciphertext, err := Encrypt(KMS, bytes.NewReader(test.Data), test.Context)
		if err != nil {
			t.Fatalf("Test %d: failed to encrypt stream: %v", i, err)
		}
		data, err := io.ReadAll(ciphertext)
		if err != nil {
			t.Fatalf("Test %d: failed to encrypt stream: %v", i, err)
		}

		plaintext, err := Decrypt(KMS, bytes.NewReader(data), test.Context)
		if err != nil {

        InvertibleCryptographer cookieCipher = new InvertibleCryptographer("AES", "1234567890123456", null) {
            @Override
            public String encrypt(String plainText) {
                return "encrypted:" + plainText;
            }

            @Override
            public String decrypt(String cryptedText) {
                return cryptedText.startsWith("encrypted:") ? cryptedText.substring("encrypted:".length()) : cryptedText;
            }

        // Encrypt with new method, decrypt with old method
        @SuppressWarnings("deprecation")
        final String encrypted1 = cipher.encryptText(original);
        @SuppressWarnings("deprecation")
        final String decrypted1 = cipher.decryptoText(encrypted1);
        assertThat(decrypted1, is(original));

        // Encrypt with old method, decrypt with new method

)

const (
	// SealAlgorithm is the encryption/sealing algorithm used to derive & seal
	// the key-encryption-key and to en/decrypt the object data.
	SealAlgorithm = "DAREv2-HMAC-SHA256"

	// InsecureSealAlgorithm is the legacy encryption/sealing algorithm used
	// to derive & seal the key-encryption-key and to en/decrypt the object data.
	// This algorithm should not be used for new objects because its key derivation

        byte[] decrypted = KerberosEncData.decrypt(data, key, KerberosConstants.DES_ENC_TYPE);
        assertNotNull(decrypted);
        // With dummy data, we can't verify the content, just that it decrypts without error
        // and returns a result of the expected size.
        assertEquals(data.length - 24, decrypted.length);
    }

    /**
     * Test decrypt with an unsupported encryption type.
     */
    @Test

        byte[] salt = storage.getSalt();

        // Encrypt with first storage
        byte[] encrypted = storage.encryptCredentials(plaintext);

        // Create new storage with same salt
        SecureCredentialStorage storage2 = new SecureCredentialStorage(masterPassword.clone(), salt);

        try {
            // Should be able to decrypt with same salt and password

    }

    /// Encrypt a block of bytes.
    /**
     * Encrypts an 8-byte block using DES
     * @param clearText the 8-byte plaintext block
     * @param cipherText the output 8-byte ciphertext block
     */
    public void encrypt(final byte[] clearText, final byte[] cipherText) {
        encrypt(clearText, 0, cipherText, 0);
    }

    /// Decrypt a block of bytes.
    /**

	if err != nil {
		return encryptedETag
	}
	return hex.EncodeToString(etagBytes)
}

// GetDecryptedRange - To decrypt the range (off, length) of the
// decrypted object stream, we need to read the range (encOff,
// encLength) of the encrypted object stream to decrypt it, and
// compute skipLen, the number of bytes to skip in the beginning of
// the encrypted range.
//