// ErrDecrypt is an error returned by the KMS when the decryption
	// of a ciphertext failed.
	ErrDecrypt = Error{
		Code:    http.StatusBadRequest,
		APICode: "kms:InvalidCiphertextException",
		Err:     "failed to decrypt ciphertext",
	}

	// ErrNotSupported is an error returned by the KMS when the requested
	// functionality is not supported by the KMS service.
	ErrNotSupported = Error{
		Code:    http.StatusNotImplemented,

      - shell: |
          #!/bin/bash
          # Configure a dm-crypt volume backed by a file
          set -e
          dd if=/dev/zero of=dm-crypt.img bs=1 count=0 seek=60GB
          dd if=/dev/urandom of=key.secret bs=2k count=1
          LOOP=$(losetup -f)
          sudo losetup $LOOP dm-crypt.img
          sudo cryptsetup luksFormat -q --key-file key.secret "$LOOP"

                        if (id.equalsIgnoreCase(server.getId())) {
                            SettingsDecryptionResult result =
                                    settingsDecrypter.decrypt(new DefaultSettingsDecryptionRequest(server));
                            server = result.getServer();

                            AuthenticationInfo authInfo = new AuthenticationInfo();

	)

	ErrInvalidConfigDecryptionKey = newErrFn(
		"Incorrect encryption key to decrypt internal data",
		"Please set the correct default KMS key value or the correct root credentials for older MinIO versions.",
		`Revert MINIO_KMS_KES_KEY_NAME or MINIO_ROOT_USER/MINIO_ROOT_PASSWORD (for older MinIO versions) to be able to decrypt the internal data again.`,
	)

	ErrInvalidCredentials = newErrFn(
		"Invalid credentials",

		KeyID:      req.Name,
		Version:    0,
		Plaintext:  []byte("stubplaincharswhichare32bytelong"),
		Ciphertext: []byte("stubplaincharswhichare32bytelong"),
	}, nil
}

// Decrypt is a non-functional stub.
func (s StubKMS) Decrypt(_ context.Context, req *DecryptRequest) ([]byte, error) {
	return req.Ciphertext, nil
}

// MAC is a non-functional stub.

		Plaintext: must("6d6cdccb9a7498c871bde8eab2f49141"),
	},
}

func TestDecrypt(t *testing.T) {
	for i, test := range decryptTests {
		etag, err := Decrypt(test.Key, test.ETag)
		if err != nil {
			t.Fatalf("Test %d: failed to decrypt ETag: %v", i, err)
		}
		if !Equal(etag, test.Plaintext) {
			t.Fatalf("Test %d: got '%v' - want '%v'", i, etag, test.Plaintext)
		}
	}
}

			return
		}
		writeSuccessResponseJSON(w, resp)
		return
	}

	// 2. Verify that we can indeed decrypt the (encrypted) key
	decryptedKey, err := GlobalKMS.Decrypt(ctx, &kms.DecryptRequest{
		Name:           key.KeyID,
		Ciphertext:     key.Ciphertext,
		AssociatedData: kmsContext,
	})
	if err != nil {
		response.DecryptionErr = err.Error()

     *
     * @param request The settings decryption request that holds the parameters, must not be {@code null}.
     * @return The result of the settings decryption, never {@code null}.
     */
    SettingsDecryptionResult decrypt(SettingsDecryptionRequest request);

            j = j + key[ki + i % klen] + s[i] & 0xff;
            final byte t = s[i];
            s[i] = s[j];
            s[j] = t;
        }

        i = j = 0;
    }

    /**
     * Encrypts or decrypts data using the RC4 stream cipher.
     * Since RC4 is a stream cipher, the same operation is used for both encryption and decryption.
     *
     * @param src the source data array

/// tip | İpucu

pwdlib, bcrypt hashing algoritmasını da destekler; ancak legacy algoritmaları içermez. Eski hash'lerle çalışmak için passlib kütüphanesini kullanmanız önerilir.

Örneğin, başka bir sistemin (Django gibi) ürettiği password'leri okuyup doğrulayabilir, ancak yeni password'leri Argon2 veya Bcrypt gibi farklı bir algoritmayla hash'leyebilirsiniz.