}
    }

    /**
     * Derives an AES key using the Kerberos key derivation function.
     * This method implements the simplified key derivation for AES encryption types.
     *
     * @param key the base Kerberos key
     * @param constant the key derivation constant
     * @return the derived key bytes
     * @throws GeneralSecurityException if cryptographic operations fail
     */

 *
 * Provides secure storage of passwords and other sensitive credentials
 * using AES-GCM encryption with PBKDF2 key derivation.
 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password
 * - Secure wiping of sensitive data
 * - Thread-safe operations
 * - Protection against timing attacks
 */

- **Encryption Context**: Per-session encryption state management
- **Key Derivation**: SMB3 KDF implementation with dialect-specific parameters
- **Pre-Authentication Integrity**: SMB 3.1.1 PAI for preventing downgrade attacks
- **Automatic Detection**: Encryption automatically enabled when servers require it
- **Secure Key Management**: Proper key derivation and nonce generation

### Core Features

    /**
     * Derive a new key from an existing key
     *
     * @param baseKey the base key
     * @param label key derivation label
     * @param context key derivation context
     * @param length desired key length in bytes
     * @return derived key
     * @throws GeneralSecurityException if key derivation fails
     */

import org.bouncycastle.crypto.generators.KDFCounterBytesGenerator;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KDFCounterParameters;

/**
 * SMB3 SP800-108 Counter Mode Key Derivation
 *
 * @author mbechler
 *
 */
public final class Smb3KeyDerivation {

    private static final byte[] SIGNCONTEXT_300 = toCBytes("SmbSign");

        }

        // Increment rotation counter for tracking and key derivation
        rotationCount++;

        // SMB3-compliant key rotation: Use rotation counter as per SMB3 specification
        // This follows Microsoft's approach for predictable but unique key derivation
        byte[] modifiedSessionKey = new byte[sessionKey.length + 8];

	// in multiple parts - via the S3 multipart API.
	MetaMultipart = "X-Minio-Internal-Encrypted-Multipart"

	// MetaIV is the random initialization vector (IV) used for
	// the MinIO-internal key derivation.
	MetaIV = "X-Minio-Internal-Server-Side-Encryption-Iv"

	// MetaAlgorithm is the algorithm used to derive internal keys
	// and encrypt the objects.
	MetaAlgorithm = "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm"

 * <ul>
 *   <li>by transforming the value from a successful input step,
 *   <li>by catching the exception from a failed input step, or
 *   <li>by combining the results of several input steps.
 * </ul>
 *
 * Each derivation can capture the next value or any intermediate objects for later closing.
 *
 * <p>A step can be the input to at most one derived step. Once you transform its value, catch its

	// InsecureSealAlgorithm is the legacy encryption/sealing algorithm used
	// to derive & seal the key-encryption-key and to en/decrypt the object data.
	// This algorithm should not be used for new objects because its key derivation
	// is not optimal. See: https://github.com/minio/minio/pull/6121
	InsecureSealAlgorithm = "DARE-SHA256"
)

// Type represents an AWS SSE type:
//   - SSE-C
//   - SSE-S3
//   - SSE-KMS
type Type interface {

The MinIO server runs a key-derivation algorithm to generate the KEK using a pseudo-random function ([PRF](#prf)):
`KEK := PRF(EK, IV, context_values)` where: