"Effect":"Deny",
         "Principal":"*",
         "Action":"s3:PutObject",
         "Resource":"arn:aws:s3:::multi-key-poc/*",
         "Condition":{
            "Null":{
               "s3:x-amz-server-side-encryption-aws-kms-key-id":"true"
            }
         }
      }
   ]

 tools:

   * <<<{{{./apidocs/org/apache/maven/api/cli/mvn/package-summary.html}mvn}}>>>, the Maven build tool,

   * <<<{{{./apidocs/org/apache/maven/api/cli/mvnenc/package-summary.html}mvnenc}}>>>, the Maven Password Encryption tool,

   * <<<{{{./apidocs/org/apache/maven/api/cli/mvnsh/package-summary.html}mvnsh}}>>>, the Maven Shell tool,

   * <<<{{{./apidocs/org/apache/maven/api/cli/mvnup/package-summary.html}mvnup}}>>>, the Maven Upgrade tool.

     * @throws SmbException if an error occurs checking signing status
     */
    boolean isSigningEnforced() throws SmbException;

    /**
     * Gets the server's encryption key for authentication.
     *
     * @return the encryption key used by the server
     */
    byte[] getServerEncryptionKey();

    /**
     * Gets or creates an SMB session for the given context.
     *

    /**
    * Indicates that 128-bit encryption is supported.
    */
    int NTLMSSP_NEGOTIATE_128 = 0x20000000;

    /**
     * Indicates that key exchange is supported for session security.
     */
    int NTLMSSP_NEGOTIATE_KEY_EXCH = 0x40000000;

    /**
    * Indicates that 56-bit encryption is supported.
    */
    int NTLMSSP_NEGOTIATE_56 = 0x80000000;

    }

    @Test
    @DisplayName("Test log encryption")
    void testLogEncryption() {
        logger.logEncryption(true, "AES-128-GCM", "SMB3.1.1");

        Map<EventType, Long> stats = logger.getStatistics();
        assertEquals(Long.valueOf(1), stats.get(EventType.ENCRYPTION_ENABLED), "Should have 1 encryption event");
    }

    @Test
    @DisplayName("Test log security violation")

                                  'testbucket',
                                  'hosts',
                                  ExtraArgs={'ServerSideEncryption': 'AES256'})

# Upload with server side encryption, using temporary credentials
s3.meta.client.upload_file('/etc/hosts',
                           'testbucket',
                           'hosts',
                           ExtraArgs={'ServerSideEncryption': 'AES256'})

type RestoreRequestType string

const (
	// SelectRestoreRequest specifies select request. This is the only valid value
	SelectRestoreRequest RestoreRequestType = "SELECT"
)

// Encryption specifies encryption setting on restored bucket
type Encryption struct {
	EncryptionType sse.Algorithm `xml:"EncryptionType"`
	KMSContext     string        `xml:"KMSContext,omitempty"`
	KMSKeyID       string        `xml:"KMSKeyId,omitempty"`
}

Copy the existing private key and public certificate to the `certs` directory. The default certs directory is:

* **Linux:** `${HOME}/.minio/certs`

    }

    /**
     * Derives the SMB3 encryption key from the session key using the appropriate KDF for the dialect.
     *
     * @param dialect the SMB dialect version
     * @param sessionKey the base session key
     * @param preauthIntegrity the pre-authentication integrity hash (for SMB 3.1.1) or null
     * @return derived encryption key
     */

 */

package jcifs.dcerpc;

import jcifs.dcerpc.ndr.NdrBuffer;

/**
 * Interface for providing security services for DCE/RPC communications.
 * This interface abstracts authentication and encryption mechanisms.
 */
public interface DcerpcSecurityProvider {

    /**
     * Wraps outgoing DCERPC message data for security protection
     * @param outgoing the buffer containing data to be wrapped