Streaming support for CMSAuthEnvelopedData (CMSAuthEnvelopedDataStreamGenerator)?

[priderider]

Does anyone know when Bouncy Castle will be providing stream support for the generation of CMSAuthEnvelopedData? We are currently using CMSEnvelopedDataStreamGenerator to create CMS enveloped data with 3DES encryption, but want to change to AES in GCM mode. RFC5084 states that CMS AuthEnvelopedData should be used in that case, but there is no streaming support until now and CMSEnvelopedDataStreamGenerator does not allow for setting authenticated data.

[r4fterman]

Hi everyone, any update one that?

We are heavily relying on this and currently facing severe issues because BC is failing to read encrypted data valid by RFC5084.

Thanks, Roman

[matheis]

@ligefeiBouncycastle provided a commit for BC 1.78.1 which addresses this one here as far as I understand. Maybe he can comment?

[bukka]

I think this can be closed. I have been testing this quite extensively and it works fine except the parser supporting other recipient types than KeyTrans . I just created a PR to add support for KeyAgree and KEK: https://github.com/bcgit/bc-java/pull/1794 .