[New in v20.6] If an authenticated encryption algorithm is used to encrypt the content, then an AuthEnvelopedData object is created as per [RFC5083]. This is similar to an EnvelopedData object but contains an additional authentication tag field (a.k.a. MessageAuthenticationCode, mac). We provide support for AuthEnvelopedData using the AES-GCM and [New in v22.0] ChaCha20Poly1305 algorithms and all the key management techniques decribed above.
The standard tag length for AES-GCM is 16 bytes, and a truncated tag of 12, 13, 14, or 15 bytes is permitted. For some reason the default length in RFC5083 is given as 12 bytes but we always provide a 16-byte tag.