func init() {
	// ES256
	SigningMethodES3256 = &jwt.SigningMethodECDSA{Name: "ES3256", Hash: crypto.SHA3_256, KeySize: 32, CurveBits: 256}
	jwt.RegisterSigningMethod(SigningMethodES3256.Alg(), func() jwt.SigningMethod {
		return SigningMethodES3256
	})

	// ES384
	SigningMethodES3384 = &jwt.SigningMethodECDSA{Name: "ES3384", Hash: crypto.SHA3_384, KeySize: 48, CurveBits: 384}
	jwt.RegisterSigningMethod(SigningMethodES3384.Alg(), func() jwt.SigningMethod {

      apply {
        keyAlgorithm = "EC"
        keySize = 256
      }

    /**
     * Configure the certificate to generate a 2048-bit RSA key, which provides about 112 bits of
     * security. RSA keys are interoperable with very old clients that don't support ECDSA.
     */
    fun rsa2048() =
      apply {
        keyAlgorithm = "RSA"
        keySize = 2048
      }

    fun build(): HeldCertificate {

Counter struct { // c is instantiated with K as the key and V as the counter. c aes.CTR reseedCounter uint64 } const ( keySize = 256 / 8 SeedSize = keySize + aes.BlockSize reseedInterval = 1 << 48 maxRequestSize = (1 << 19) / 8 ) func NewCounter(entropy *[SeedSize]byte) *Counter { // CTR_DRBG_Instantiate_algorithm, per Section 10.2.1.3.1. fips140.RecordApproved() K := make([]byte, keySize) V := make([]byte, aes.BlockSize) // V starts at 0, but is incremented in CTR_DRBG_Update before each use, // unlike...

Counter struct { // c is instantiated with K as the key and V as the counter. c aes.CTR reseedCounter uint64 } const ( keySize = 256 / 8 SeedSize = keySize + aes.BlockSize reseedInterval = 1 << 48 maxRequestSize = (1 << 19) / 8 ) func NewCounter(entropy *[SeedSize]byte) *Counter { // CTR_DRBG_Instantiate_algorithm, per Section 10.2.1.3.1. fips140.RecordApproved() K := make([]byte, keySize) V := make([]byte, aes.BlockSize) // V starts at 0, but is incremented in CTR_DRBG_Update before each use, // unlike...

	serveFunc := func() error {
		return http.ListenAndServe(":8080", nil)
	}

	if certFile != "" || keyFile != "" {
		if certFile == "" || keyFile == "" {
			log.Fatal("Please provide both a key file and a cert file to enable TLS.")
		}
		serveFunc = func() error {
			return http.ListenAndServeTLS(":8080", certFile, keyFile, nil)
		}
	}

	http.HandleFunc("/", mainHandler)

	log.Print("Listening on :8080")

// decrypted using the ENV_VAR: MINIO_CERT_PASSWD.
func LoadX509KeyPair(certFile, keyFile string) (tls.Certificate, error) {
	certPEMBlock, err := os.ReadFile(certFile)
	if err != nil {
		return tls.Certificate{}, ErrTLSReadError(nil).Msgf("Unable to read the public key: %s", err)
	}
	keyPEMBlock, err := os.ReadFile(keyFile)
	if err != nil {

    private static final String KEY_ALGORITHM = "AES";
    private static final String KEY_DERIVATION_ALGORITHM = "PBKDF2WithHmacSHA256";
    private static final int KEY_SIZE = 256;
    private static final int GCM_TAG_SIZE = 128;
    private static final int GCM_IV_SIZE = 12;
    private static final int SALT_SIZE = 32;
    private static final int PBKDF2_ITERATIONS = 100_000;

    void testDeriveKeys_DifferentSessionKeySizes() {
        // Test with various session key sizes
        int[] keySizes = { 8, 16, 24, 32, 64, 128 };
        int dialect = Smb2Constants.SMB2_DIALECT_0311;

        for (int size : keySizes) {
            // Given
            byte[] testKey = new byte[size];
            new SecureRandom().nextBytes(testKey);

            // When

			certFile = filepath.Join(root.Name(), file.Name(), publicCertFile)
			keyFile  = filepath.Join(root.Name(), file.Name(), privateKeyFile)
		)
		if !isFile(certFile) || !isFile(keyFile) {
			continue
		}
		if err = manager.AddCertificate(certFile, keyFile); err != nil {
			err = fmt.Errorf("Unable to load TLS certificate '%s,%s': %w", certFile, keyFile, err)
			bootLogIf(GlobalContext, err, logger.ErrorKind)
		}
	}

		Driver:         NewFTPDriver(),
		Port:           port,
		Perm:           ftp.NewSimplePerm("nobody", "nobody"),
		TLS:            tls,
		KeyFile:        tlsPrivateKey,
		CertFile:       tlsPublicCert,
		ExplicitFTPS:   tls,
		Logger:         &minioLogger{},
		PassivePorts:   portRange,
		PublicIP:       publicIP,
		ForceTLS:       forceTLS,
	})