final String encrypted1 = cipher1.encryptText(original);
        final String encrypted2 = cipher2.encryptText(original);

        assertThat(encrypted1, is(not(encrypted2)));
        assertThat(cipher1.decryptText(encrypted1), is(original));
        assertThat(cipher2.decryptText(encrypted2), is(original));
    }

    @Test
    public void testEmptyString() {

    /**
     * Encrypts the given data.
     *
     * @param data
     *            the data to encrypt
     * @return the encrypted data
     */
    public byte[] encrypt(final byte[] data) {
        final Cipher cipher = pollEncryptoCipher();
        byte[] encrypted;
        try {
            encrypted = cipher.doFinal(data);

     * Parses the role set from a string.
     * @param value The string to parse.
     * @param encrypted Whether the string is encrypted.
     * @param roleSet The set of roles.
     */
    protected void parseRoleSet(final String value, final boolean encrypted, final Set<String> roleSet) {
        String rolesStr = value;
        if (encrypted && cipher != null) {
            try {
                rolesStr = cipher.decryptoText(rolesStr);

No es muy popular o usado hoy en día.

OAuth2 no especifica cómo encriptar la comunicación, espera que tengas tu aplicación servida con HTTPS.

/// tip | Consejo

En la sección sobre **deployment** verás cómo configurar HTTPS de forma gratuita, usando Traefik y Let's Encrypt.

///

## OpenID Connect { #openid-connect }

* Nginx
* HAProxy

## Let's Encrypt { #lets-encrypt }

Antes de Let's Encrypt, estos **certificados HTTPS** eran vendidos por terceros.

El proceso para adquirir uno de estos certificados solía ser complicado, requerir bastante papeleo y los certificados eran bastante costosos.

Pero luego se creó **<a href="https://letsencrypt.org/" class="external-link" target="_blank">Let's Encrypt</a>**.

	}

	actualSize := data.ActualSize()
	if actualSize < 0 {
		_, encrypted := crypto.IsEncrypted(fi.Metadata)
		compressed := fi.IsCompressed()
		switch {
		case compressed:
			// ... nothing changes for compressed stream.
			// if actualSize is -1 we have no known way to
			// determine what is the actualSize.
		case encrypted:
			decSize, err := sio.DecryptedSize(uint64(n))
			if err == nil {

			if opts.EncryptFn != nil {
				fi.Checksum = opts.EncryptFn("object-checksum", fi.Checksum)
			}
		}
	} else if fi.Checksum == nil && opts.WantChecksum != nil {
		// Trailing headers checksums should now be filled.
		fi.Checksum = opts.WantChecksum.AppendTo(nil, nil)
		if opts.EncryptFn != nil {
			fi.Checksum = opts.EncryptFn("object-checksum", fi.Checksum)
		}
	}

	"File":             true,
	"Policy":           true,

	// MinIO specific exceptions to the general S3 rule above.
	encrypt.SseKmsKeyID:          true,
	encrypt.SseEncryptionContext: true,
	encrypt.SseCustomerAlgorithm: true,
	encrypt.SseCustomerKey:       true,
	encrypt.SseCustomerKeyMD5:    true,
}

// checkPostPolicy - apply policy conditions and validate input values.

* Nginx
* HAProxy

## Let's Encrypt { #lets-encrypt }

До появления Let's Encrypt эти **HTTPS-сертификаты** продавались доверенными третьими сторонами.

Процесс получения таких сертификатов был неудобным, требовал бумажной волокиты, а сами сертификаты были довольно дорогими.

Затем появился **<a href="https://letsencrypt.org/" class="external-link" target="_blank">Let's Encrypt</a>**.

/// tip | Dica

Na seção sobre **deployment** você irá ver como configurar HTTPS de modo gratuito, usando Traefik e Let’s Encrypt.

///

## OpenID Connect { #openid-connect }

OpenID Connect é outra especificação, baseada em **OAuth2**.