byte[] encrypted = storage.encryptCredentials(plaintext);
        assertNotNull(encrypted, "Encrypted long password should not be null");
        assertTrue(encrypted.length > plaintext.length, "Encrypted data should be larger due to IV and auth tag");

        char[] decrypted = storage.decryptCredentials(encrypted);
        assertArrayEquals(plaintext, decrypted, "Decrypted long password should match original");

        long sessionId = 0x123456789ABCDEF0L;

        // When - Encrypt
        byte[] encrypted = context.encryptMessage(plaintext, sessionId);

        // Then - Verify encrypted message structure
        assertNotNull(encrypted, "Encrypted message should not be null");
        assertTrue(encrypted.length > plaintext.length, "Encrypted message should be larger than plaintext");

        cipher.setKey("mySecretKey");

        final byte[] original = "Hello World".getBytes();
        final byte[] encrypted = cipher.encrypt(original);
        final byte[] decrypted = cipher.decrypt(encrypted);

        assertThat(encrypted, is(not(original)));
        assertArrayEquals(original, decrypted);
    }

    @Test
    public void testEncryptDecryptText() {
        final CachedCipher cipher = new CachedCipher();

	for i, test := range decryptObjectMetaTests {
		if encrypted, err := DecryptObjectInfo(&test.info, test.request); err != test.expErr {
			t.Errorf("Test %d: Decryption returned wrong error code: got %d , want %d", i, err, test.expErr)
		} else if _, enc := crypto.IsEncrypted(test.info.UserDefined); encrypted && enc != encrypted {
			t.Errorf("Test %d: Decryption thinks object is encrypted but it is not", i)
		} else if !encrypted && enc != encrypted {

// It fails if the object is encrypted and the HTTP headers don't contain
// SSE-C headers or the object is not encrypted but SSE-C headers are provided. (AWS behavior)
// DecryptObjectInfo returns 'ErrNone' if the object is not encrypted or the
// decryption succeeded.
//
// DecryptObjectInfo also returns whether the object is encrypted or not.

     * Encrypts the given data.
     *
     * @param data
     *            the data to encrypt
     * @return the encrypted data
     */
    public byte[] encrypt(final byte[] data) {
        final Cipher cipher = pollEncryptoCipher();
        byte[] encrypted;
        try {
            encrypted = cipher.doFinal(data);
        } catch (final IllegalBlockSizeException e) {

            // Build final encrypted message
            final byte[] result = new byte[Smb2TransformHeader.TRANSFORM_HEADER_SIZE + encResult.ciphertext.length];
            transformHeader.encode(result, 0);
            System.arraycopy(encResult.ciphertext, 0, result, Smb2TransformHeader.TRANSFORM_HEADER_SIZE, encResult.ciphertext.length);

            // Track encrypted bytes for key rotation - lock-free atomic operation

    }

    /**
     * Gets the signature or authentication tag for the encrypted message
     *
     * @return the signature/authentication tag
     */
    public byte[] getSignature() {
        return this.signature;
    }

    /**
     * Sets the signature or authentication tag for the encrypted message
     *
     * @param signature
     *            the signature/authentication tag to set

    * The contents are **encrypted**, even though they are being sent with the **HTTP protocol**.

        }

        final boolean encrypted = (this.ntlmsspFlags & NtlmFlags.NTLMSSP_NEGOTIATE_KEY_EXCH) != 0;
        if (encrypted) {
            try {
                trunc = this.sealServerHandle.doFinal(trunc);
                if (log.isDebugEnabled()) {
                    log.debug("Decrypted " + Hexdump.toHexString(trunc));
                }