diff -Nru pdfbox-1.8.13/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/PublicKeySecurityHandler.java pdfbox-1.8.13.bouncycastle/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/PublicKeySecurityHandler.java
--- pdfbox-1.8.13/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/PublicKeySecurityHandler.java	2016-12-05 20:30:18.000000000 +0100
+++ pdfbox-1.8.13.bouncycastle/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/PublicKeySecurityHandler.java	2017-01-01 11:54:04.371625198 +0100
@@ -27,6 +27,7 @@
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
 import java.security.SecureRandom;
 import java.security.cert.X509Certificate;
 import java.util.Iterator;
@@ -38,7 +39,8 @@
 import org.apache.commons.logging.LogFactory;
 
 import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DEROutputStream;
@@ -56,6 +58,7 @@
 import org.bouncycastle.cms.CMSEnvelopedData;
 import org.bouncycastle.cms.CMSException;
 import org.bouncycastle.cms.RecipientInformation;
+import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
 import org.apache.pdfbox.cos.COSArray;
 import org.apache.pdfbox.cos.COSString;
 import org.apache.pdfbox.exceptions.CryptographyException;
@@ -185,7 +188,7 @@
                     if (ri.getRID().match(material.getCertificate()) && !foundRecipient)
                     {
                         foundRecipient = true;
-                        envelopedData = ri.getContent(material.getPrivateKey(), "BC");
+                        envelopedData = ri.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey) material.getPrivateKey()).setProvider("BC"));
                         break;
                     }
                 }
@@ -239,10 +242,6 @@
         {
             throw new CryptographyException(e);
         }
-        catch (NoSuchProviderException e)
-        {
-            throw new CryptographyException(e);
-        }
         catch (NoSuchAlgorithmException e)
         {
             throw new CryptographyException(e);
@@ -311,7 +310,7 @@
                 pkcs7input[22] = two;
                 pkcs7input[23] = one;
 
-                DERObject obj = createDERForRecipient(pkcs7input, certificate);
+                ASN1Primitive obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate);
 
                 ByteArrayOutputStream baos = new ByteArrayOutputStream();
 
@@ -378,7 +377,7 @@
 
     }
 
-    private DERObject createDERForRecipient(byte[] in, X509Certificate cert)
+    private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert)
         throws IOException,
                GeneralSecurityException
     {
@@ -389,7 +388,7 @@
         AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
         ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
         ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream);
-        DERObject derobject = asn1inputstream.readObject();
+        ASN1Primitive derobject = asn1inputstream.readObject();
         KeyGenerator keygenerator;
         try
         {
@@ -412,10 +411,10 @@
         AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject);
         EncryptedContentInfo encryptedcontentinfo =
             new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
-        EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, null);
+        EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, (ASN1Set) null);
         ContentInfo contentinfo =
             new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
-        return contentinfo.getDERObject();
+        return contentinfo.toASN1Primitive();
     }
 
     private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
@@ -430,7 +429,7 @@
             new IssuerAndSerialNumber(
                 tbscertificatestructure.getIssuer(),
                 tbscertificatestructure.getSerialNumber().getValue());
-        Cipher cipher = Cipher.getInstance(algorithmidentifier.getObjectId().getId());
+        Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId());
         cipher.init(1, x509certificate.getPublicKey());
         DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0));
         RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);