UploadID string

	// Date and time at which the multipart upload was initiated.
	Initiated time.Time

	// Any metadata set during InitMultipartUpload, including encryption headers.
	UserDefined map[string]string
}

// ListPartsInfo - represents list of all parts.
type ListPartsInfo struct {
	// Name of the bucket.
	Bucket string

	// Name of the object.

Following is a sample directory structure for MinIO server with TLS certificates.

```sh
$ mc tree --files ~/.minio
/home/user1/.minio
└─ certs
   ├─ CAs
   ├─ private.key
   └─ public.crt

    public static final int SEQUENCE_CHECKING = 0x10;
    /**
     * Context flag for anonymity capability
     */
    public static final int ANONYMITY = 0x08;
    /**
     * Context flag for confidentiality (encryption) capability
     */
    public static final int CONFIDENTIALITY = 0x04;
    /**
     * Context flag for integrity (signing) capability
     */
    public static final int INTEGRITY = 0x02;

	}
	var nonce [32]byte
	if _, err := io.ReadFull(random, nonce[:]); err != nil {
		logger.CriticalIf(context.Background(), errOutOfEntropy)
	}

	const Context = "object-encryption-key generation"
	mac := hmac.New(sha256.New, extKey)
	mac.Write([]byte(Context))
	mac.Write(nonce[:])
	mac.Sum(key[:0])
	return key
}

// GenerateIV generates a new random 256 bit IV from the provided source

package kms

import (
	"bytes"
	"sort"
	"unicode/utf8"
)

// Context is a set of key-value pairs that
// are associated with a generate data encryption
// key (DEK).
//
// A KMS implementation may bind the context to the
// generated DEK such that the same context must be
// provided when decrypting an encrypted DEK.
type Context map[string]string

	// Use the maximum parity (N/2), used when saving server configuration files
	MaxParity bool

	// Provides a per object encryption function, allowing metadata encryption.
	EncryptFn objectMetaEncryptFn

	// SkipDecommissioned set to 'true' if the call requires skipping the pool being decommissioned.
	// mainly set for certain WRITE operations.

			return ErrKeyNotFound
		}
		if errors.Is(err, kes.ErrNotAllowed) {
			return ErrPermission
		}
		return errKeyDeletionFailed(err)
	}
	return nil
}

// GenerateKey generates a new data encryption key using
// the key at the KES server referenced by the key ID.
//
// The default key ID will be used if keyID is empty.
//
// The context is associated and tied to the generated DEK.

        void testShareFlags() throws Exception {
            // Test encryption flag
            setPrivateField(response, "shareFlags", Smb2TreeConnectResponse.SMB2_SHAREFLAG_ENCRYPT_DATA);
            assertEquals(Smb2TreeConnectResponse.SMB2_SHAREFLAG_ENCRYPT_DATA, response.getShareFlags(), "Should handle encryption flag");

            // Test multiple flags

import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Secure key management for SMB encryption.
 * Provides centralized management of encryption keys with secure storage and cleanup.
 *
 * Features:
 * - Secure key storage with optional KeyStore integration
 * - Automatic key cleanup on close
 * - Thread-safe key management

     * Creates a byte array representing a Kerberos ticket for testing purposes.
     * @param version Kerberos version
     * @param realm Server realm
     * @param principalName Server principal name
     * @param encType Encryption type
     * @param encryptedData Encrypted data
     * @param unknownTag Optional unknown tag number to test error handling
     * @return A byte array representing the ticket
     * @throws IOException on encoding error