I want to encrypt a large blob of binary data (let's say, 1GB), using asymmetric encryption (so that only public key is needed to encrypt the data, but private key is needed to decrypt it). As a nice addition, I would like to sign it (and, ideally, some additional data) with my public key
Parties do not communicate in any way prior to transferring the blob (except for them sharing their public keys), so various schemes involving DH or something similar do not fit in this scenario.
Obviously, I don't want to invent my own container for that.
What container do I use so that it allows me to use encryption / signing with industry-standard algorithms which don't have known flaws?
The obvious way would be to go with CMS/PKCS#7. Even the ideal scenario could be achieved by doing Encrypt-then-Sign with some manual arrays concatenating, like:
encryptedMessage = createEnvelopedCms(cleartextBlob, recipientPublicKey)
signedMessage = createSignedCms(authenticationData.Length + authenticationData + encryptedMessage
However, CMS has two significant drawbacks:
1) It seems that it only can be used with RSA/DSA/ECDSA keys, and of these three, only RSA can be used for encryption. However, RSA is not futureproof (as it is not quantum-safe).
2) It seems that CMS only supports AES in CBC mode, which also has its flaws.
Then there is GPG container, but I cannot find information on what specific algorithms it uses, and it does not seem to be configurable to the same extent as CMS.
If I was inventing my own container (which I'm not), I'd probably do something along these lines: generate random AES key + IV; encrypt blob using these in AES-GCM mode (adding the required authentication info); encrypt AES key and IV using recipient's ECC public key; concat encrypted keys + authentication info + encrypted blob and pack these in a CMS message signed by sender's ECDSA key. Is there any industry-standard container which would allow me to do all this?
