twiss
commented
1 year ago In general this looks good, apart from the nit above. There's probably other things we should do here, such as using the configured AEAD algorithm if it's supported by everyone, similarly to what's done for the cipher, but we can add that later.
Use algorithms labelled as MUST in the specification if the intersection of Symmetric ciphers, Hash algos, or AEAD modes is empty instead of throwing
cannot encrypt because recipient set shares no common algorithms.This also fixes a bug, when trying to encrypt to multiple recipients, and one supports only non-EAX modes.