}

        @Test
        @DisplayName("createEncryptionContext selects AES-CCM for SMB 3.0 and AES-GCM for SMB 3.1.1")
        void createEncryptionContext_happyDialects() throws Exception {
            byte[] sessionKey = new byte[16];
            byte[] preauth = new byte[16];

            // SMB 3.0 -> AES-128-CCM
            setField(transport, "smb2", true);

            this.preauthSalt = salt;

            if (config.isEncryptionEnabled()) {
                // Build cipher list based on AES-256 support
                List<Integer> ciphers = new ArrayList<>();

                // Prefer GCM over CCM for better performance
                if (config.isAES256Enabled()) {

            String archiveId = sessionId + ".v" + currentVersion;
            storeSessionKeyInternal(archiveId, currentKey, "AES");

            // Store new key
            storeSessionKeyInternal(sessionId, newKey, "AES");
            keyVersions.put(sessionId, newVersion);
            keyCreationTimes.put(sessionId, System.currentTimeMillis());

     * <p>
     * Alternatively <code>getSecurity(true)</code> may be used to resolve all
     * SIDs together and detect network failures.
     *
     * @return array of ACEs
     * @throws IOException if an I/O error occurs
     */
    ACE[] getSecurity() throws IOException;

    /**
     * Return an array of Access Control Entry (ACE) objects representing

    private static final int SIGNATURE_OFFSET = 48;
    private static final int SIGNATURE_LENGTH = 16;

    @BeforeAll
    static void setupClass() {
        // Ensure BouncyCastle provider is available for AES-CMAC
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    @BeforeEach
    void setup() {

    }

    @Test
    @DisplayName("Test log encryption")
    void testLogEncryption() {
        logger.logEncryption(true, "AES-128-GCM", "SMB3.1.1");

        Map<EventType, Long> stats = logger.getStatistics();
        assertEquals(Long.valueOf(1), stats.get(EventType.ENCRYPTION_ENABLED), "Should have 1 encryption event");
    }

    @Test

```java
public class SecureHandleStorage {
    private final SecretKey encryptionKey;
    
    public void saveEncrypted(HandleInfo handle, Path file) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, encryptionKey);
        
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        try (CipherOutputStream cos = new CipherOutputStream(baos, cipher);

            if (cipherId == -1) {
                // Default to AES-128-GCM for SMB 3.1.1 if no cipher negotiated
                cipherId = EncryptionNegotiateContext.CIPHER_AES128_GCM;
            }
        } else if (dialect.atLeast(DialectVersion.SMB300)) {
            // SMB 3.0/3.0.2 only supports AES-128-CCM
            cipherId = EncryptionNegotiateContext.CIPHER_AES128_CCM;
        } else {

     * @since 2.2
     */
    String getPreferredCiphers();

    /**
     * Property {@code jcifs.smb.client.aes256Enabled} (boolean, default true)
     *
     * @return whether AES-256 encryption ciphers are enabled for SMB3.x
     * @since 2.2
     */
    boolean isAES256Enabled();

    /**
     * Property {@code jcifs.smb.client.compressionEnabled} (boolean, default false)
     *

!.&gro?moc?ten?ude?vog??mg??c!.&7erauqs,amil4,duolc-drayknil,e&garotstcejbo.&amr,gpl,?lacsduolc.&amr.stcejbo,gpl.stcejbo,tsuc,?tisbew321,?gniksnd,p&h21,ohsdaerpsym,?snd&tog,uolc,?wolf.e&a.1pla,nigneppa,?xi2,ytic-amil,?aoc?et!.spparevelc,?ir!euz??r&aes?uhc??sob?taw!s???d0sbgp--nx?f&2lpbgm--nx?k??g!.&gro?lim?moc?ten?ude?vog?zib???m!a1j--nx??ocir?p!.&gro?i?lim?moc?ogn?snduolc,ten?ude?vog???s!.&adtob,elbavol,g&nabhsah,ro??lim?m&oc?roftalp.&su,tne,ue,??t&en?ropelet,?vog?won,?a&c?nom??i&d?f?ri???t!.&c...