return new HMACT64(key);
    }

    /**
     * Get an RC4 cipher instance initialized with the specified key.
     * @param key the encryption key
     * @return RC4 cipher in encryption mode
     */
    public static Cipher getArcfour(final byte[] key) {
        try {
            final Cipher c = Cipher.getInstance("RC4");

 * under the License.
 */

/**
 * Provides the API for the Maven Password Encryption tool ({@code mvnenc}).
 *
 * <p>This package contains interfaces and classes for the password encryption tool,
 * which helps secure sensitive information in Maven settings and configuration files.</p>
 *
 * <p>Key features include:</p>
 * <ul>
 *   <li>Password encryption and decryption</li>
 *   <li>Master password management</li>

import org.apache.maven.api.annotations.Nonnull;
import org.apache.maven.api.cli.Options;

/**
 * Defines the options specific to the Maven encryption tool.
 * This interface extends the general {@link Options} interface, adding encryption-specific configuration options.
 *
 * @since 4.0.0
 */
@Experimental
public interface EncryptOptions extends Options {
    /**

    /**
     * Server's time zone offset in minutes from UTC.
     */
    public int serverTimeZone;
    /**
     * Length of the encryption key.
     */
    public int encryptionKeyLength;
    /**
     * Encryption key for password encryption.
     */
    public byte[] encryptionKey;
    /**
     * Server's globally unique identifier.
     */
    public byte[] guid;

src_obj1_etag=$(echo "${stat_out1}" | jq '.etag')
src_obj1_size=$(echo "${stat_out1}" | jq '.size')
src_obj1_md5=$(echo "${stat_out1}" | jq '.metadata."X-Amz-Server-Side-Encryption-Customer-Key-Md5"')
echo "Stat minio1/test-bucket/defpartsize"
./mc stat --no-list minio1/test-bucket/defpartsize --enc-c "minio1/test-bucket/defpartsize=${TEST_MINIO_ENC_KEY}" --insecure --json

/**
 * Utility class for calculating and verifying PAC (Privilege Attribute Certificate) message authentication codes.
 * This class provides methods for computing MACs using various Kerberos encryption types including
 * ARCFOUR-HMAC-MD5 and AES-based HMAC algorithms.
 */
public class PacMac {

    /**
     * Private constructor to prevent instantiation of utility class.
     */
    private PacMac() {

The unified KMS-based approach has several advantages:

- Key management is now centralized. There is one way to change or rotate encryption keys.
   There used to be two different mechanisms - one for regular S3 objects and one for IAM data.
- Reduced server startup time. For IAM encryption with the root credentials, MinIO had
   to use a memory-hard function (Argon2) that (on purpose) consumes a lot of memory and CPU.

Copy the existing private key and public certificate to the `certs` directory. The default certs directory is:

* **Linux:** `${HOME}/.minio/certs`

    @DisplayName("Message constructor should handle crypto-specific error messages")
    @NullAndEmptySource
    @ValueSource(strings = { "AES encryption not supported", "Missing Bouncy Castle provider", "Invalid key length for AES-128",
            "RC4 cipher not available in this JVM", "DES encryption is deprecated and not supported", "HMAC-SHA256 algorithm not found",
            "RSA key generation failed: key size not supported" })

         "Principal":"*",
         "Action":"s3:PutObject",
         "Resource":"arn:aws:s3:::multi-key-poc/*",
         "Condition":{
            "StringNotEquals":{
               "s3:x-amz-server-side-encryption-aws-kms-key-id":"minio-default-key"
            }
         }
      }
   ]