for (String testStr : testStrings) {
            String encrypted = cipher.encrypt(testStr);
            String decrypted = cipher.decrypt(encrypted);
            assertEquals("Failed for: " + testStr, testStr, decrypted);
        }
    }

    // Test provider as CookieResourceProvider interface
    public void test_asInterface() {

	for i, test := range decryptObjectMetaTests {
		if encrypted, err := DecryptObjectInfo(&test.info, test.request); err != test.expErr {
			t.Errorf("Test %d: Decryption returned wrong error code: got %d , want %d", i, err, test.expErr)
		} else if _, enc := crypto.IsEncrypted(test.info.UserDefined); encrypted && enc != encrypted {
			t.Errorf("Test %d: Decryption thinks object is encrypted but it is not", i)
		} else if !encrypted && enc != encrypted {

Optionally `--encrypt` can be specified. This will output an encrypted file and a decryption key:

```
$ mc support inspect --encrypt play/test123/test*/*/part.*
mc: Encrypted file data successfully downloaded as inspect.ad2b43d8.enc
mc: Decryption key: ad2b43d847fdb14e54c5836200177f7158b3f745433525f5d23c0e0208e50c9948540b54

mc: The decryption key will ONLY be shown here. It cannot be recovered.

        }

        return new DERSequence(v).getEncoded();
    }

    /**
     * Creates a byte array representing the decrypted data part of a Kerberos ticket.
     * @param userName User principal name
     * @param userRealm User realm
     * @return A byte array representing the decrypted data
     * @throws IOException on encoding error
     */

			return
		}
		writeSuccessResponseJSON(w, resp)
		return
	}

	// 3. Compare generated key with decrypted key
	if subtle.ConstantTimeCompare(key.Plaintext, decryptedKey) != 1 {
		response.DecryptionErr = "The generated and the decrypted data key do not match"
		resp, err := json.Marshal(response)
		if err != nil {

// It will be decrypted if needed.
func (o *ObjectInfo) ArchiveInfo(h http.Header) []byte {
	if len(o.UserDefined) == 0 {
		return nil
	}
	z, ok := o.UserDefined[archiveInfoMetadataKey]
	if !ok {
		return nil
	}
	data := []byte(z)
	if v, ok := o.UserDefined[archiveTypeMetadataKey]; ok && v == archiveTypeEnc {
		decrypted, err := o.metadataDecrypter(h)(archiveTypeEnc, data)

          "x-amz-restore": "ongoing-request=false, expiry-date=Sat, 27 Feb 2021 00:00:00 GMT",
...
```

### Encrypted/Object locked objects

    * The contents are **encrypted**, even though they are being sent with the **HTTP protocol**.

            }
        }
    }

    /**
     * Decrypts Kerberos encrypted data using the specified key.
     *
     * @param data the encrypted data to decrypt
     * @param key the decryption key
     * @param type the encryption type
     * @return the decrypted data
     * @throws GeneralSecurityException if decryption fails
     */

     *
     * @param encryptedString base64 encoded encrypted credentials
     * @return decrypted credentials
     * @throws GeneralSecurityException if decryption fails
     */
    public char[] decryptFromString(String encryptedString) throws GeneralSecurityException {
        if (encryptedString == null) {
            return null;
        }
        byte[] encrypted = Base64.getDecoder().decode(encryptedString);