if err != nil {
		return err
	}
	// Verify that CRC is ok.
	want := binary.LittleEndian.Uint32(id)
	got := crc32.ChecksumIEEE(key)
	if want != got {
		return fmt.Errorf("Invalid key checksum, want %x, got %x", want, got)
	}

	stream, err := sio.AES_256_GCM.Stream(key)
	if err != nil {
		return err
	}
	// Zero nonce, we only use each key once, and 32 bytes is plenty.

          {{- toYaml .Values.podLabels | nindent 8 }}
        {{- end }}
      annotations:
        {{- if not .Values.ignoreChartChecksums }}
        checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
        {{- end }}
        {{- if .Values.podAnnotations }}

	ErrMissingCustomerKey = Errorf("The SSE-C request is missing the customer key")

	// ErrMissingCustomerKeyMD5 indicates that the HTTP headers contains no SSE-C client key
	// MD5 checksum.
	ErrMissingCustomerKeyMD5 = Errorf("The SSE-C request is missing the customer key MD5")

	// ErrInvalidCustomerKey indicates that the SSE-C client key is not valid - e.g. not a
	// base64-encoded string or not 256 bits long.

	}
}

// Tests hash reader checksum verification.
func TestHashReaderVerification(t *testing.T) {
	testCases := []struct {
		desc              string
		src               io.Reader
		size              int64
		actualSize        int64
		md5hex, sha256hex string
		err               error
	}{
		0: {
			desc:       "Success, no checksum verification provided.",

			if err != nil {
				err = msgp.WrapError(err, "SuccessorModTime")
				return
			}
		case "Checksum":
			z.Checksum, bts, err = msgp.ReadBytesBytes(bts, z.Checksum)
			if err != nil {
				err = msgp.WrapError(err, "Checksum")
				return
			}
		case "Inlined":
			z.Inlined, bts, err = msgp.ReadBoolBytes(bts)
			if err != nil {

            for ( int i = 0; i < KerberosConstants.CHECKSUM_SIZE; i++ )
                if ( plainDataChecksum[ i ] != data[ i ] )
                    throw new GeneralSecurityException("Checksum failed while decrypting.");

        int decryptLength = plainData.length - KerberosConstants.CONFOUNDER_SIZE;
        decrypt = new byte[decryptLength];

	Index int `json:"index"`
	// Distribution is the distribution of the data and parity blocks
	Distribution []int `json:"distribution"`
	// Checksums holds all bitrot checksums of all erasure encoded blocks
	Checksums []ChecksumInfo `json:"checksum,omitempty"`
}

// Equal equates current erasure info with newer erasure info.
// returns false if one of the following check fails
// - erasure algorithm is different

const minIOErasureUpgraded = "x-minio-internal-erasure-upgraded"

const erasureAlgorithm = "rs-vandermonde"

// GetChecksumInfo - get checksum of a part.
func (e ErasureInfo) GetChecksumInfo(partNumber int) (ckSum ChecksumInfo) {
	for _, sum := range e.Checksums {
		if sum.PartNumber == partNumber {
			// Return the checksum
			return sum
		}
	}
	return ChecksumInfo{Algorithm: DefaultBitrotAlgorithm}
}

	Transition          TransitionOptions
	Expiration          ExpirationOptions
	LifecycleAuditEvent lcAuditEvent

	WantChecksum *hash.Checksum // x-amz-checksum-XXX checksum sent to PutObject/ CompleteMultipartUpload.

	NoDecryption                        bool      // indicates if the stream must be decrypted.

          {{- toYaml .Values.podLabels | nindent 8 }}
        {{- end }}
      annotations:
        {{- if not .Values.ignoreChartChecksums }}
        checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
        {{- end }}
        {{- if .Values.podAnnotations }}