}

    /**
     * Constructs a signing digest from transport and authentication information
     *
     * @param transport
     *            The SMB transport containing server encryption key
     * @param auth
     *            The NTLM password authenticator containing user credentials
     * @throws SmbException
     *             If there is an error setting up the signing digest
     */

        byte[] out7 = new byte[8];

        // Act
        NtlmUtil.E(key14, data8, out14);
        NtlmUtil.E(key7, data8, out7);

        // Assert: first block identical to single-chunk encryption
        assertArrayEquals(Arrays.copyOfRange(out14, 0, 8), out7);
        // And second block is present and not all zeros
        assertFalse(Arrays.equals(new byte[8], Arrays.copyOfRange(out14, 8, 16)));
    }

- [Configure MinIO Server with TLS](https://docs.min.io/community/minio-object-store/operations/network-encryption.html)...

	Size       int64             `json:"size" msg:"s"`        // Size of the part on the disk.
	ActualSize int64             `json:"actualSize" msg:"as"` // Original size of the part without compression or encryption bytes.
	ModTime    time.Time         `json:"modTime" msg:"mt"`    // Date and time at which the part was uploaded.
	Index      []byte            `json:"index,omitempty" msg:"i,omitempty"`

## `python-jose` installieren.

Wir müssen <abbr title="JOSE: JavaScript Object Signing and Encryption">`python-jose`</abbr> installieren, um die JWT-Tokens in Python zu generieren und zu verifizieren:

<div class="termy">

```console
$ pip install "python-jose[cryptography]"

---> 100%
```

</div>

    /**
     * The key for user roles in the request attribute.
     */
    protected static final String USER_ROLES = "userRoles";

    /**
     * The cached cipher for encryption and decryption.
     */
    protected CachedCipher cipher;

    /**
     * The separator for values in the role string.
     */
    protected String valueSeparator = "\n";

    /**

//
// This list should be kept alphabetically sorted, do not hastily edit.
var resourceList = []string{
	"acl",
	"cors",
	"delete",
	"encryption",
	"legal-hold",
	"lifecycle",
	"location",
	"logging",
	"notification",
	"partNumber",
	"policy",
	"requestPayment",
	"response-cache-control",
	"response-content-disposition",

     * @return the transport context used
     */
    public abstract CIFSContext getTransportContext();

    /**
     * Gets the session key from the underlying SMB session for encryption
     * @return session key of the underlying smb session
     * @throws CIFSException if unable to retrieve the session key
     */
    public abstract byte[] getSessionKey() throws CIFSException;

    @Override

        SmbTransportImpl acquired = transport.acquire();
        assertSame(transport, acquired);
        transport.close(); // release once
    }

    @Test
    @DisplayName("Server encryption key is returned for SMB1 negotiation only")
    void serverEncryptionKey() {
        // No negotiation yet -> null
        assertNull(transport.getServerEncryptionKey());

        // SMB1 negotiation with server data

 *
 *  * **A validity interval.** A certificate should not be used before its validity interval starts
 *    or after it ends.
 *
 *  * **A public key.** This cryptographic key is used for asymmetric encryption digital signatures.
 *    Note that the private key is not a part of the certificate!
 *
 *  * **A signature issued by another certificate's private key.** This mechanism allows a trusted