Right now we always stream decrypted data to the API user immediately. This has the unfortunate consequence that the data are not authenticated. The authentication should be transparent to the user and enforced by the library. There should be a way to opt-out with a big I KNOW WHAT I AM DOING warning to restore the streaming behavior. Unfortunately the MDC packet design requires all the encrypted data to be read to verify the authentication. The newer AEAD scheme offers chunking to allow inserting partial authentication packets midstream.
Right now we always stream decrypted data to the API user immediately. This has the unfortunate consequence that the data are not authenticated. The authentication should be transparent to the user and enforced by the library. There should be a way to opt-out with a big
I KNOW WHAT I AM DOING
warning to restore the streaming behavior. Unfortunately the MDC packet design requires all the encrypted data to be read to verify the authentication. The newer AEAD scheme offers chunking to allow inserting partial authentication packets midstream.