if (keyLength == 32) {
            // AES-256 support
            transformation = "AES/GCM/NoPadding";
        } else if (keyLength == 16) {
            // AES-128 (existing)
            transformation = "AES/GCM/NoPadding";
        } else {
            throw new IllegalArgumentException("Unsupported key length for GCM: " + keyLength);
        }

        byte[] key = null;
        byte[] keyCopy = null;

        // Nonces should have proper size
        assertEquals(16, nonce1.length, "GCM nonce should be 16 bytes");
        assertEquals(16, nonce2.length, "GCM nonce should be 16 bytes");
        assertEquals(16, nonce3.length, "GCM nonce should be 16 bytes");

        // For GCM, last 4 bytes should contain incrementing counter

            // SMB 3.1.1 -> default AES-128-GCM when server did not choose
            Smb2NegotiateResponse smb311 = new Smb2NegotiateResponse(cfg);
            setField(smb311, "selectedDialect", DialectVersion.SMB311);
            setField(smb311, "selectedCipher", -1);
            setField(transport, "negotiated", smb311);
            Smb2EncryptionContext gcm = transport.createEncryptionContext(sessionKey, preauth);

/**
 * Secure credential storage with encryption at rest.
 *
 * Provides secure storage of passwords and other sensitive credentials
 * using AES-GCM encryption with PBKDF2 key derivation.
 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password
 * - Secure wiping of sensitive data
 * - Thread-safe operations
 * - Protection against timing attacks
 */

	"aes128-ctr", "aes192-ctr", "aes256-ctr",
	"aes128-gcm@openssh.com", gcm256CipherID,
	chacha20Poly1305ID,
	"arcfour256", "arcfour128", "arcfour",
	aes128cbcID,
	tripledescbcID,
}

// preferredCiphers specifies the default preference for ciphers.
// https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.22.0:ssh/common.go;l=37
var preferredCiphers = []string{
	"aes128-gcm@openssh.com", gcm256CipherID,
	chacha20Poly1305ID,

- [PRF](#prf): HMAC-SHA-256
- [AEAD](#aead): AES-256-GCM if the CPU supports AES-NI, ChaCha20-Poly1305 otherwise. More specifically AES-256-GCM is only selected for X86-64 CPUs with AES-NI extension.

```java
public class SecureHandleStorage {
    private final SecretKey encryptionKey;
    
    public void saveEncrypted(HandleInfo handle, Path file) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, encryptionKey);
        
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        try (CipherOutputStream cos = new CipherOutputStream(baos, cipher);