void testShareFlags() throws Exception {
            // Test encryption flag
            setPrivateField(response, "shareFlags", Smb2TreeConnectResponse.SMB2_SHAREFLAG_ENCRYPT_DATA);
            assertEquals(Smb2TreeConnectResponse.SMB2_SHAREFLAG_ENCRYPT_DATA, response.getShareFlags(), "Should handle encryption flag");

            // Test multiple flags

import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Secure key management for SMB encryption.
 * Provides centralized management of encryption keys with secure storage and cleanup.
 *
 * Features:
 * - Secure key storage with optional KeyStore integration
 * - Automatic key cleanup on close
 * - Thread-safe key management

        assertThrows(SmbException.class, () -> transport.isSigningEnforced());
        verify(transport).isSigningOptional();
        verify(transport).isSigningEnforced();
    }

    // Happy path and edge: server encryption key can be non-null, empty, or null
    @Test
    @DisplayName("getServerEncryptionKey returns expected bytes")
    void serverEncryptionKey_variants() {
        byte[] key = new byte[] { 1, 2, 3 };

  an older version you must use an `S3 API client` such as [`mc`](https://github.com/minio/mc).

- All features currently used by your buckets will work as is without any changes
  - SSE (Server Side Encryption)
  - Replication (Server Side Replication)

## Prerequisites

- It is assumed you have users created and configured with relevant access policies, to start with

  {
    "name": "ear",
    "path": "platforms/jvm/ear",
    "unitTests": true,
    "functionalTests": true,
    "crossVersionTests": false
  },
  {
    "name": "encryption-services",
    "path": "platforms/core-configuration/encryption-services",
    "unitTests": false,
    "functionalTests": false,
    "crossVersionTests": false
  },
  {
    "name": "enterprise",

                && this.server.encryptionKeyLength != 8 && ctx.getConfig().getLanManCompatibility() == 0) {
            log.warn("Unexpected encryption key length: " + this.server.encryptionKeyLength);
            return false;
        }

        if (req.isSigningEnforced() || this.server.signaturesRequired

	Size       int64             `json:"size" msg:"s"`        // Size of the part on the disk.
	ActualSize int64             `json:"actualSize" msg:"as"` // Original size of the part without compression or encryption bytes.
	ModTime    time.Time         `json:"modTime" msg:"mt"`    // Date and time at which the part was uploaded.
	Index      []byte            `json:"index,omitempty" msg:"i,omitempty"`

":[2,3,4,1],"checksum":[{"name":"part.1","algorithm":"highwayhash256S"}]},"minio":{"release":"RELEASE.2019-12-30T05-45-39Z"},"meta":{"X-Minio-Internal-Server-Side-Encryption-Iv":"kInsJB/0yxyz/40ZI+lmQYJfZacDYqZsGh2wEiv+N50=","X-Minio-Internal-Server-Side-Encryption-S3-Kms-Key-Id":"my-minio-key","X-Minio-Internal-Server-Side-Encryption-S3-Kms-Sealed-Key":"eyJhZWFkIjoiQUVTLTI1Ni1HQ00tSE1BQy1TSEEtMjU2IiwiaWQiOiJjMzEwNDVjODFmMTA2MWU5NTI4ODcxZmNhMmRkYzA3YyIsIml2IjoiOWQ5cUxGMFhSaFBXbEVqT2JDMmo0QT09Iiw...

	// the ciphertext.
	Name string

	// Version is the version of the master used for
	// decryption. If empty, the latest key version
	// is used.
	Version int

	// Ciphertext is the encrypted data that gets
	// decrypted.
	Ciphertext []byte

	// AssociatedData is the crypto. associated data.
	// It must match the data used during encryption
	// or data key generation.
	AssociatedData Context
}

			fv:   defaultFormVals.Clone().Set(xhttp.AmzAccessKeyID, "access").Set(xhttp.AmzSignatureV2, "signature-value"),
		},
		{
			name: "any form value starting with X-Amz-Server-Side-Encryption- does not have to appear in policy",
			fv: defaultFormVals.Clone().
				Set(xhttp.AmzServerSideEncryptionKmsContext, "context-val").
				Set(xhttp.AmzServerSideEncryptionCustomerAlgorithm, "algo-val"),
		},
	}