### SSE-C Encryption

MinIO does not support SSE-C encrypted objects on replicated buckets, any application uploading SSE-C encrypted objects will be rejected with an error on replicated buckets.

#### Rationale

    /**
     * Security mode flags.
     */
    public int securityMode;
    /**
     * Security settings for the session.
     */
    public int security;
    /**
     * Whether the server requires encrypted passwords.
     */
    public boolean encryptedPasswords;
    /**
     * Whether message signing is enabled.
     */
    public boolean signaturesEnabled;
    /**
     * Whether message signing is required.

			return
		}
		writeSuccessResponseJSON(w, resp)
		return
	}

	// 3. Compare generated key with decrypted key
	if subtle.ConstantTimeCompare(key.Plaintext, decryptedKey) != 1 {
		response.DecryptionErr = "The generated and the decrypted data key do not match"
		resp, err := json.Marshal(response)
		if err != nil {

        }
    }

    /**
     * Finds a login user by username and encrypted password.
     *
     * @param username the username to search for
     * @param cipheredPassword the encrypted password to match
     * @return an optional entity containing the found user, or empty if not found
     */

     * should carry a digital signature (message integrity).
     */
    int NTLMSSP_NEGOTIATE_SIGN = 0x00000010;

    /**
     * Specifies that communication across the authenticated channel
     * should be encrypted (message confidentiality).
     */
    int NTLMSSP_NEGOTIATE_SEAL = 0x00000020;

    /**
     * Indicates datagram authentication.
     */
    int NTLMSSP_NEGOTIATE_DATAGRAM_STYLE = 0x00000040;

    /**

                    }
                }
            }
        }
        return paramMap;
    }

    /**
     * Encrypts sensitive parameter values.
     *
     * @param value the parameter string
     * @return the encrypted parameter string
     */
    public static String encrypt(final String value) {
        final StringBuilder buf = new StringBuilder();

    /**
     * Stores a file authentication configuration.
     * The parameters are encrypted before storage for security.
     *
     * @param fileAuthentication the file authentication configuration to store
     */
    public void store(final FileAuthentication fileAuthentication) {
        fileAuthentication.setParameters(ParameterUtil.encrypt(fileAuthentication.getParameters()));

  Security (TLS) and VPN applications.

- File Transfer Protocol over SSL/TLS (FTPS) – Encrypted FTP communication via TLS certificates.

- File Transfer Protocol (FTP) – Defined by RFC114 originally, and replaced by RFC765 and RFC959
  unencrypted FTP communication (Not-recommended)

## Scope

- All IAM Credentials are allowed access excluding rotating credentials, rotating credentials

    }

    /**
     * Stores a web configuration.
     * Configuration parameters are encrypted before storage.
     *
     * @param webConfig The web configuration to store
     */
    public void store(final WebConfig webConfig) {
        webConfig.setConfigParameter(ParameterUtil.encrypt(webConfig.getConfigParameter()));
        webConfigBhv.insertOrUpdate(webConfig, op -> {

     * The real session key if the regular session key is actually
     * the encrypted version used for key exchange.
     *
     * @return A <code>byte[]</code> containing the session key.
     */
    public byte[] getMasterKey() {
        return this.masterKey;
    }

    /**
     * Returns the session key.
     *
     * This is the encrypted session key included in the message,