./s3-check-md5 -versions -access-key minio -secret-key minio123 -endpoint http://127.0.0.1:9006/ -bucket olockbucket

# additional tests for encryption object alignment
go install -v github.com/minio/multipart-debug@latest

		// cases 8-11: small single part objects with encryption
		{"enc-nothing", []int64{0}, mapCopy(metaWithSSEC)},
		{"enc-small-0", []int64{11}, mapCopy(metaWithSSEC)},
		{"enc-small-1", []int64{509}, mapCopy(metaWithSSEC)},
		{"enc-small-2", []int64{5 * oneMiB}, mapCopy(metaWithSSEC)},
		// cases 12-15: multipart part objects with encryption
		{"enc-mp-0", []int64{5 * oneMiB, 10}, mapCopy(metaWithSSEC)},

    }

    /**
     * Constructs a signing digest from transport and authentication information
     *
     * @param transport
     *            The SMB transport containing server encryption key
     * @param auth
     *            The NTLM password authenticator containing user credentials
     * @throws SmbException
     *             If there is an error setting up the signing digest
     */

        byte[] out7 = new byte[8];

        // Act
        NtlmUtil.E(key14, data8, out14);
        NtlmUtil.E(key7, data8, out7);

        // Assert: first block identical to single-chunk encryption
        assertArrayEquals(Arrays.copyOfRange(out14, 0, 8), out7);
        // And second block is present and not all zeros
        assertFalse(Arrays.equals(new byte[8], Arrays.copyOfRange(out14, 8, 16)));
    }

- [Configure MinIO Server with TLS](https://docs.min.io/community/minio-object-store/operations/network-encryption.html)...

    /**
     * The key for user roles in the request attribute.
     */
    protected static final String USER_ROLES = "userRoles";

    /**
     * The cached cipher for encryption and decryption.
     */
    protected CachedCipher cipher;

    /**
     * The separator for values in the role string.
     */
    protected String valueSeparator = "\n";

    /**

//
// This list should be kept alphabetically sorted, do not hastily edit.
var resourceList = []string{
	"acl",
	"cors",
	"delete",
	"encryption",
	"legal-hold",
	"lifecycle",
	"location",
	"logging",
	"notification",
	"partNumber",
	"policy",
	"requestPayment",
	"response-cache-control",
	"response-content-disposition",

     * @return the transport context used
     */
    public abstract CIFSContext getTransportContext();

    /**
     * Gets the session key from the underlying SMB session for encryption
     * @return session key of the underlying smb session
     * @throws CIFSException if unable to retrieve the session key
     */
    public abstract byte[] getSessionKey() throws CIFSException;

    @Override

        SmbTransportImpl acquired = transport.acquire();
        assertSame(transport, acquired);
        transport.close(); // release once
    }

    @Test
    @DisplayName("Server encryption key is returned for SMB1 negotiation only")
    void serverEncryptionKey() {
        // No negotiation yet -> null
        assertNull(transport.getServerEncryptionKey());

        // SMB1 negotiation with server data

	// is used.
	Version int

	// Ciphertext is the encrypted data that gets
	// decrypted.
	Ciphertext []byte

	// AssociatedData is the crypto. associated data.
	// It must match the data used during encryption
	// or data key generation.
	AssociatedData Context
}

// MACRequest is a structure containing fields
// and options for generating message authentication
// codes (MAC).
type MACRequest struct {