}

	actualSize := data.ActualSize()
	if actualSize < 0 {
		_, encrypted := crypto.IsEncrypted(fi.Metadata)
		compressed := fi.IsCompressed()
		switch {
		case compressed:
			// ... nothing changes for compressed stream.
			// if actualSize is -1 we have no known way to
			// determine what is the actualSize.
		case encrypted:
			decSize, err := sio.DecryptedSize(uint64(n))
			if err == nil {

        if (session.transport.server.security == SECURITY_SHARE && (session.auth.hashesExternal || session.auth.password.length() > 0)) {

            if (session.transport.server.encryptedPasswords) {
                // encrypted
                password = session.auth.getAnsiHash(session.transport.server.encryptionKey);
                passwordLength = password.length;
            } else if (DISABLE_PLAIN_TEXT_PASSWORDS) {

     * The real session key if the regular session key is actually
     * the encrypted version used for key exchange.
     *
     * @return A <code>byte[]</code> containing the session key.
     */
    public byte[] getMasterKey() {
        return this.masterKey;
    }

    /**
     * Returns the session key.
     *
     * This is the encrypted session key included in the message,

            return OptionalEntity.empty();
        }
        return OptionalEntity.of(list.get(0));
    }

    /**
     * Stores a web configuration.
     * Configuration parameters are encrypted before storage.
     *
     * @param webConfig The web configuration to store
     */
    public void store(final WebConfig webConfig) {

Il est courant d'avoir un seul programme/serveur HTTP fonctionnant sur le serveur (la machine, l'hôte, etc.) et
gérant toutes les parties HTTPS : envoyer les requêtes HTTP décryptées à l'application HTTP réelle fonctionnant sur

*   KMS: Alpha integration with GCP KMS was removed in favor of a future out-of-process extension point. Discontinue use of the GCP KMS integration and ensure [data has been decrypted](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#decrypting-all-data) (or reencrypted with a different provider) before upgrading ([#54759](https://github.com/kubernetes/kubernetes/pull/54759),[ @sakshamsharma](https://github.com/sakshamsharma))...

            if (isExternalAuth(pwAuth)) {
                this.passwordLength = 1;
            } else if (this.server.encryptedPasswords) {
                // encrypted
                try {
                    this.password = pwAuth.getAnsiHash(this.ctx, this.server.encryptionKey);
                } catch (final GeneralSecurityException e) {

URLs are abstract:

// are associated with a generate data encryption
// key (DEK).
//
// A KMS implementation may bind the context to the
// generated DEK such that the same context must be
// provided when decrypting an encrypted DEK.
type Context map[string]string

// MarshalText returns a canonical text representation of
// the Context.

// MarshalText sorts the context keys and writes the sorted

		if err != nil {
			t.Errorf("Test %d: failed to decode etag: %s", i, err)
		}
		sealedETag := key.SealETag(tag)
		unsealedETag, err := key.UnsealETag(sealedETag)
		if err != nil {
			t.Errorf("Test %d: failed to decrypt etag: %s", i, err)
		}
		if !bytes.Equal(unsealedETag, tag) {
			t.Errorf("Test %d: unsealed etag does not match: got %s - want %s", i, hex.EncodeToString(unsealedETag), etag)
		}
	}