bc-java icon indicating copy to clipboard operation
bc-java copied to clipboard
verified publisher icon bcgit

Streaming support for CMSAuthEnvelopedData (CMSAuthEnvelopedDataStreamGenerator)?

Open priderider opened this issue 2 years ago • 3 comments

Does anyone know when Bouncy Castle will be providing stream support for the generation of CMSAuthEnvelopedData? We are currently using CMSEnvelopedDataStreamGenerator to create CMS enveloped data with 3DES encryption, but want to change to AES in GCM mode. RFC5084 states that CMS AuthEnvelopedData should be used in that case, but there is no streaming support until now and CMSEnvelopedDataStreamGenerator does not allow for setting authenticated data.

priderider avatar Jan 26 '24 14:01 priderider

Hi everyone, any update one that?

We are heavily relying on this and currently facing severe issues because BC is failing to read encrypted data valid by RFC5084.

Thanks, Roman

r4fterman avatar Aug 01 '24 15:08 r4fterman

@ligefeiBouncycastle provided a commit for BC 1.78.1 which addresses this one here as far as I understand. Maybe he can comment?

matheis avatar Aug 28 '24 09:08 matheis

I think this can be closed. I have been testing this quite extensively and it works fine except the parser supporting other recipient types than KeyTrans . I just created a PR to add support for KeyAgree and KEK: https://github.com/bcgit/bc-java/pull/1794 .

bukka avatar Aug 28 '24 14:08 bukka