// Then encrypt
        String encrypted = ParameterUtil.encrypt(originalParams);
        assertTrue(encrypted.contains("password={cipher}"));
        assertTrue(encrypted.contains("config.timeout=30"));

        // Then create config map
        Map<ConfigName, Map<String, String>> configMap = ParameterUtil.createConfigParameterMap(encrypted);

        // Then
        assertEquals(52, headerSize); // SMB2 Transform Header is 52 bytes
    }

    // Note: SMB2 Transform Header doesn't have a protocol ID field
    // The protocol ID is part of the encrypted SMB2 message, not the transform header

    @Test
    @DisplayName("Should set and get signature")
    void testSignature() {
        // Given
        byte[] signature = new byte[16];

			if _, ok := object.UserMetadata["X-Amz-Server-Side-Encryption-Customer-Algorithm"]; ok {
				log.Println("SKIPPED: Objects encrypted with SSE-C do not have md5sum as ETag:", objFullPath(object))
				continue
			}
			if v, ok := object.UserMetadata["X-Amz-Server-Side-Encryption"]; ok && v == "aws:kms" {
				log.Println("SKIPPED: encrypted with SSE-KMS do not have md5sum as ETag:", objFullPath(object))
				continue
			}
			parts := 1

        ByteBuffer buffer = ByteBuffer.allocate(34);
        buffer.order(ByteOrder.LITTLE_ENDIAN);
        buffer.putShort((short) 0); // dialectIndex
        buffer.put((byte) 0x0F); // securityMode (user, encrypted, sigs enabled, sigs required)
        buffer.putShort((short) 50); // maxMpxCount
        buffer.putShort((short) 10); // maxNumberVcs
        buffer.putInt(8192); // maxBufferSize
        buffer.putInt(65536); // maxRawSize

		}, MakeBucketOptions{
			VersioningEnabled: true,
		})
	})

	t.Run("encrypted", func(t *testing.T) {
		fn(t, func() {
			resetCompressEncryption()
			enableEncryption(t)
		}, MakeBucketOptions{})
	})
	t.Run("encrypted+versioned", func(t *testing.T) {
		fn(t, func() {
			resetCompressEncryption()
			enableEncryption(t)
		}, MakeBucketOptions{

		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

	// We have to adjust the size of encrypted parts since encrypted parts
	// are slightly larger due to encryption overhead.
	// Further, we have to adjust the ETags of parts when using SSE-S3.
	// Due to AWS S3, SSE-S3 encrypted parts return the plaintext ETag
	// being the content MD5 of that particular part. This is not the

s3.meta.client.upload_file('/etc/hosts',
                           'testbucket',
                           'hosts',
                           ExtraArgs={'ServerSideEncryption': 'AES256'})

# Download encrypted object using temporary credentials

pkg crypto, const SHA512_224 = 14
pkg crypto, const SHA512_224 Hash
pkg crypto, const SHA512_256 = 15
pkg crypto, const SHA512_256 Hash
pkg crypto, type Decrypter interface { Decrypt, Public }
pkg crypto, type Decrypter interface, Decrypt(io.Reader, []uint8, DecrypterOpts) ([]uint8, error)
pkg crypto, type Decrypter interface, Public() PublicKey
pkg crypto, type DecrypterOpts interface {}
pkg crypto/cipher, func NewGCMWithNonceSize(Block, int) (AEAD, error)

                        if (id.equalsIgnoreCase(server.getId())) {
                            SettingsDecryptionResult result =
                                    settingsDecrypter.decrypt(new DefaultSettingsDecryptionRequest(server));
                            server = result.getServer();

                            AuthenticationInfo authInfo = new AuthenticationInfo();

        }
    }

    /**
     * Finds a login user by username and encrypted password.
     *
     * @param username the username to search for
     * @param cipheredPassword the encrypted password to match
     * @return an optional entity containing the found user, or empty if not found
     */