// and MinKMS, and legacy JSON formatted ciphertexts.
func (s secretKey) Decrypt(_ context.Context, req *DecryptRequest) ([]byte, error) {
	if req.Name != s.keyID {
		return nil, ErrKeyNotFound
	}

	const randSize = 28
	ciphertext, keyType := parseCiphertext(req.Ciphertext)
	ciphertext, random := ciphertext[:len(ciphertext)-randSize], ciphertext[len(ciphertext)-randSize:]

// The context is bound to the returned ciphertext.
//
// The same context must be provided when decrypting the
// ciphertext.
func EncryptBytes(k *kms.KMS, plaintext []byte, context kms.Context) ([]byte, error) {
	ciphertext, err := Encrypt(k, bytes.NewReader(plaintext), context)
	if err != nil {
		return nil, err
	}
	return io.ReadAll(ciphertext)
}

     * @param clearText the 8-byte plaintext block
     * @param cipherText the output 8-byte ciphertext block
     */
    public void encrypt(final byte[] clearText, final byte[] cipherText) {
        encrypt(clearText, 0, cipherText, 0);
    }

    /// Decrypt a block of bytes.
    /**
     * Decrypts an 8-byte block using DES
     * @param cipherText the 8-byte ciphertext block
     * @param clearText the output 8-byte plaintext block

                // Process AAD (not included in ciphertext)
                cipher.processAADBytes(associatedData, 0, associatedData.length);

                // Process ciphertext + auth tag
                final byte[] input = new byte[ciphertext.length + authTag.length];
                System.arraycopy(ciphertext, 0, input, 0, ciphertext.length);

            // Encrypt
            byte[] ciphertext = cipher.doFinal(plaintextBytes);

            // Combine IV and ciphertext
            byte[] result = new byte[GCM_IV_SIZE + ciphertext.length];
            System.arraycopy(iv, 0, result, 0, GCM_IV_SIZE);
            System.arraycopy(ciphertext, 0, result, GCM_IV_SIZE, ciphertext.length);

            return result;

        } finally {

		Version:    resp[0].Version,
		Plaintext:  resp[0].Plaintext,
		Ciphertext: resp[0].Ciphertext,
	}, nil
}

func (c *kmsConn) Decrypt(ctx context.Context, req *DecryptRequest) ([]byte, error) {
	aad, err := req.AssociatedData.MarshalText()
	if err != nil {
		return nil, err
	}

	ciphertext, _ := parseCiphertext(req.Ciphertext)
	resp, err := c.client.Decrypt(ctx, c.enclave, &kms.DecryptRequest{

	if err != nil {
		t.Fatalf("Failed to create KMS: %v", err)
	}

	for i, test := range encryptDecryptTests {
		ciphertext, err := Encrypt(KMS, bytes.NewReader(test.Data), test.Context)
		if err != nil {
			t.Fatalf("Test %d: failed to encrypt stream: %v", i, err)
		}
		data, err := io.ReadAll(ciphertext)
		if err != nil {
			t.Fatalf("Test %d: failed to encrypt stream: %v", i, err)
		}

copy(out[len(plaintext):], tag[:]) } func openKMA(out []byte, g *GCM, nonce, ciphertext, data []byte) error { tag := ciphertext[len(ciphertext)-g.tagSize:] ciphertext = ciphertext[:len(ciphertext)-g.tagSize] var counter [gcmBlockSize]byte deriveCounter(&g.hashKey, &counter, nonce) fc := aes.BlockFunction(&g.cipher) | kmaLAAD | kmaLPC | kmaDecrypt var expectedTag [gcmTagSize]byte kmaGCM(fc, aes.BlockKey(&g.cipher), out[:len(ciphertext)], ciphertext, data, &expectedTag, &counter) if subtle.ConstantTimeCompare(e...

	objectKey := crypto.GenerateKey(key.Plaintext, rand.Reader)
	sealedKey := objectKey.Seal(key.Plaintext, crypto.GenerateIV(rand.Reader), crypto.S3.String(), bucket, "")
	crypto.S3.CreateMetadata(metadata, key.KeyID, key.Ciphertext, sealedKey)
	_, err = sio.Encrypt(outbuf, bytes.NewBuffer(input), sio.Config{Key: objectKey[:], MinVersion: sio.Version20})
	if err != nil {
		return output, metabytes, err
	}
	metabytes, err = json.Marshal(metadata)

copy(out[len(plaintext):], tag[:]) } func openKMA(out []byte, g *GCM, nonce, ciphertext, data []byte) error { tag := ciphertext[len(ciphertext)-g.tagSize:] ciphertext = ciphertext[:len(ciphertext)-g.tagSize] var counter [gcmBlockSize]byte deriveCounter(&g.hashKey, &counter, nonce) fc := aes.BlockFunction(&g.cipher) | kmaLAAD | kmaLPC | kmaDecrypt var expectedTag [gcmTagSize]byte kmaGCM(fc, aes.BlockKey(&g.cipher), out[:len(ciphertext)], ciphertext, data, &expectedTag, &counter) if subtle.ConstantTimeCompare(e...