org.bouncycastle.openpgp
Class PGPSignature

java.lang.Object
  |
  +--org.bouncycastle.openpgp.PGPDefaultSignatureGenerator
        |
        +--org.bouncycastle.openpgp.PGPSignature

public class PGPSignature

extends org.bouncycastle.openpgp.PGPDefaultSignatureGenerator

A PGP signature object.

Field Summary

static int	BINARY_DOCUMENT The signature is made over some binary data.
static int	CANONICAL_TEXT_DOCUMENT The signature is made over text data.
static int	CASUAL_CERTIFICATION Casual certification over a user-id or user-attribute.
static int	CERTIFICATION_REVOCATION The signature is used to revoke a user-id certification signature (DEFAULT_CERTIFICATION, NO_CERTIFICATION, CASUAL_CERTIFICATION, POSITIVE_CERTIFICATION) or DIRECT_KEY signature.
static int	DEFAULT_CERTIFICATION Generic certification over a user-id or user-attribute.
static int	DIRECT_KEY The signature is made directly over a primary key.
static int	KEY_REVOCATION The signature is used to revoke a primary key (and in turn the whole certificate with all its subkeys).
protected byte	lastb
static int	NO_CERTIFICATION Persona certification over a user-id or user-attribute.
static int	POSITIVE_CERTIFICATION Positive certification over a user-id or user-attribute.
static int	PRIMARYKEY_BINDING Primary-Key Binding Signature to bind a signing-capable subkey to a primary key.
protected java.io.OutputStream	sigOut
protected int	sigType
static int	STAND_ALONE The signature is made only over its own signature subpackets.
static int	SUBKEY_BINDING Subkey Binding Signature to bind a subkey to a primary key.
static int	SUBKEY_REVOCATION The signature is used to revoke the binding of a particular subkey.
static int	THIRD_PARTY_CONFIRMATION This signature is issued over another signature and can act as an attestation of that signature.
static int	TIMESTAMP The signature is only meaningful for the timestamp contained in it.
protected int	version

Constructor Summary

PGPSignature(BCPGInputStream pIn)
Parse a PGPSignature from an OpenPGP packet input stream.

Method Summary

protected void	blockUpdate(byte[] block, int off, int len)
void	encode(java.io.OutputStream outStream) Encode the signature to an OpenPGP packet stream.
void	encode(java.io.OutputStream outStream, boolean forTransfer) Encode the signature to outStream, with trust packets stripped out if forTransfer is true.
protected void	getAttributesHash(PGPUserAttributeSubpacketVector userAttributes)
java.util.Date	getCreationTime() Return the creation time of the signature.
byte[]	getDigestPrefix() Return the digest prefix of the signature.
byte[]	getEncoded() Return the OpenPGP packet encoding of the signature.
byte[]	getEncoded(boolean forTransfer) Return an encoding of the signature, with trust packets stripped out if forTransfer is true.
int	getHashAlgorithm() Return the hash algorithm associated with this signature.
java.util.List	getHashedKeyIdentifiers() Return a list of all KeyIdentifiers that could be derived from any IssuerFingerprint or IssuerKeyID subpackets of the hashed signature subpacket area.
PGPSignatureSubpacketVector	getHashedSubPackets() Return the hashed subpackets of the signature.
int	getKeyAlgorithm() Return the key algorithm associated with this signature.
long	getKeyID() Return the id of the key that created the signature.
java.util.List	getKeyIdentifiers() Create a list of KeyIdentifier objects, for all IssuerFingerprint and IssuerKeyID signature subpackets found in either the hashed or unhashed areas of the signature.
byte[]	getSignature() Return the cryptographic raw signature contained in the OpenPGP signature packet.
byte[]	getSignatureTrailer()
int	getSignatureType() Return the type id of the signature.
java.util.List	getUnhashedKeyIdentifiers() Return a list of all KeyIdentifiers that could be derived from any IssuerFingerprint or IssuerKeyID subpackets of the unhashed signature subpacket area.
PGPSignatureSubpacketVector	getUnhashedSubPackets() Return the unhashed subpackets of the signature.
int	getVersion() Return the OpenPGP version number for this signature.
boolean	hasSubpackets() Return true if the signature has either hashed or unhashed subpackets.
void	init(PGPContentVerifierBuilderProvider verifierBuilderProvider, PGPPublicKey pubKey) Initialize the signature for verification.
boolean	isCertification() Return true if this signature represents a certification.
static boolean	isCertification(int signatureType) Return true if the passed in signature type represents a certification, false if the signature type is not.
static boolean	isSignatureEncodingEqual(PGPSignature sig1, PGPSignature sig2) Return true, if the cryptographic signature encoding of the two signatures match.
static PGPSignature	join(PGPSignature sig1, PGPSignature sig2) Join two copies of the same signature.
void	update(byte b)
void	update(byte[] b)
void	update(byte[] b, int off, int len)
protected void	updateWithIdData(int header, byte[] idBytes)
protected void	updateWithPublicKey(PGPPublicKey key)
boolean	verify() Finish the verification and return true if the signature is "correct".
boolean	verifyCertification(byte[] rawID, PGPPublicKey key) Verify the signature as certifying the passed in public key as associated with the passed in rawID.
boolean	verifyCertification(PGPPublicKey pubKey) Verify a key certification, such as a revocation, for the passed in key.
boolean	verifyCertification(PGPPublicKey masterKey, PGPPublicKey pubKey) Verify a certification for the passed in key against the passed in master key.
boolean	verifyCertification(PGPUserAttributeSubpacketVector userAttributes, PGPPublicKey key) Verify the signature as certifying the passed in public key as associated with the passed in user attributes.
boolean	verifyCertification(java.lang.String id, PGPPublicKey key) Verify the signature as certifying the passed in public key as associated with the passed in id.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

BINARY_DOCUMENT

public static final int BINARY_DOCUMENT

The signature is made over some binary data. No preprocessing is applied. This signature type is used to create data signatures.

See Also:

RFC9580 - Binary Signature of a Document

CANONICAL_TEXT_DOCUMENT

public static final int CANONICAL_TEXT_DOCUMENT

The signature is made over text data. In a preprocessing step, the text data is canonicalized (line endings may be altered). This signature type is used to create data signatures.

See Also:

RFC9580 - Text Signature of a Canonical Document

STAND_ALONE

public static final int STAND_ALONE

The signature is made only over its own signature subpackets.

See Also:

RFC9580 - Standalone Signature

DEFAULT_CERTIFICATION

public static final int DEFAULT_CERTIFICATION

Generic certification over a user-id or user-attribute. The issuer of a generic certification does not make any claims as to what extent they checked the authenticity of the identity claim. This signature type is used to bind user information to primary keys, or to certify the identity claim of a third party.

See Also:

RFC9580 - Generic Certification Signature of a User ID and Public Key Packet

NO_CERTIFICATION

public static final int NO_CERTIFICATION

Persona certification over a user-id or user-attribute. The issuer of a persona certification did explicitly not check the authenticity of the identity claim. This signature type is used to bind user information to primary keys, or to certify the identity claim of a third party.

See Also:

RFC9580 - Persona Certification Signature of a User ID and Public Key Packet

CASUAL_CERTIFICATION

public static final int CASUAL_CERTIFICATION

Casual certification over a user-id or user-attribute. The issuer of a casual certification did some casual verification to check the authenticity of the identity claim. This signature type is used to bind user information to primary keys, or to certify the identity claim of a third party.

See Also:

RFC9580 - Casual Certification of a User ID an Public Key Packet

POSITIVE_CERTIFICATION

public static final int POSITIVE_CERTIFICATION

Positive certification over a user-id or user-attribute. The issuer of a positive certification did extensive effort to check the authenticity of the identity claim. This signature type is used to bind user information to primary keys, or to certify the identity claim of a third party.

See Also:

RFC9580 - Positive Certification Signature of a User ID and Public Key Packet

SUBKEY_BINDING

public static final int SUBKEY_BINDING

Subkey Binding Signature to bind a subkey to a primary key. This signature type is used to bind a subkey to the primary key of a certificate.

See Also:

RFC9580 - Subkey Binding Signature

PRIMARYKEY_BINDING

public static final int PRIMARYKEY_BINDING

Primary-Key Binding Signature to bind a signing-capable subkey to a primary key. This (back-) signature is used as an embedded signature in a SUBKEY_BINDING signature and acts as a claim by the subkey, stating that it is in fact a subkey of the primary key.

See Also:

RFC9580 - Primary Key Binding Signature

DIRECT_KEY

public static final int DIRECT_KEY

The signature is made directly over a primary key. If issued as a self-signature, its contents apply to the whole certificate, meaning this signature is appropriate to set algorithm preferences which also apply to its subkeys. Issued as a signature over a third-party certificate, it can be used to mark said certificate as a CA.

See Also:

RFC9580 - Direct Key Signature

KEY_REVOCATION

public static final int KEY_REVOCATION

The signature is used to revoke a primary key (and in turn the whole certificate with all its subkeys).

See Also:

RFC9580 - Key Revocation Signature

SUBKEY_REVOCATION

public static final int SUBKEY_REVOCATION

The signature is used to revoke the binding of a particular subkey.

See Also:

RFC9580 - Subkey Revocation Signature

CERTIFICATION_REVOCATION

public static final int CERTIFICATION_REVOCATION

The signature is used to revoke a user-id certification signature (DEFAULT_CERTIFICATION, NO_CERTIFICATION, CASUAL_CERTIFICATION, POSITIVE_CERTIFICATION) or DIRECT_KEY signature. Issued as a self-signature, it can be used to revoke an identity claim. Issued over a third-party certificate, it revokes the attestation of the third-party's claim.

See Also:

RFC9580 - Certification Revocation Signature

TIMESTAMP

public static final int TIMESTAMP

The signature is only meaningful for the timestamp contained in it.

See Also:

RFC9580 - Timestamp Signature

THIRD_PARTY_CONFIRMATION

public static final int THIRD_PARTY_CONFIRMATION

This signature is issued over another signature and can act as an attestation of that signature. This concept can be used to "approve" third-party certifications over the own key, allowing third-party certifications to be published on key-servers that usually strip such signatures to prevent certificate flooding.

See Also:

RFC9580 - Third-Party Confirmation Signature/a>

lastb

protected byte lastb

sigOut

protected java.io.OutputStream sigOut

sigType

protected int sigType

version

protected final int version

Constructor Detail

PGPSignature

public PGPSignature(BCPGInputStream pIn)
             throws java.io.IOException,
                    PGPException

Parse a PGPSignature from an OpenPGP packet input stream.

Parameters:

pIn - packet input stream

Throws:

java.io.IOException -

PGPException -

Method Detail

getVersion

public int getVersion()

Return the OpenPGP version number for this signature.

Returns:

signature version number.

getKeyAlgorithm

public int getKeyAlgorithm()

Return the key algorithm associated with this signature.

Returns:

signature key algorithm.

getHashAlgorithm

public int getHashAlgorithm()

Return the hash algorithm associated with this signature.

Returns:

signature hash algorithm.

getDigestPrefix

public byte[] getDigestPrefix()

Return the digest prefix of the signature.

Returns:

digest prefix

isCertification

public boolean isCertification()

Return true if this signature represents a certification.

Returns:

true if this signature represents a certification, false otherwise.

init

public void init(PGPContentVerifierBuilderProvider verifierBuilderProvider,
                 PGPPublicKey pubKey)
          throws PGPException

Initialize the signature for verification.

Parameters:

verifierBuilderProvider - provide the implementation for signature verification

pubKey - issuer public key

Throws:

PGPException -

verify

public boolean verify()
               throws PGPException

Finish the verification and return true if the signature is "correct". Note: The fact that this method returned true does not yet mean that the signature is valid. A correct signature may very well be expired, the issuer key may be revoked, etc. All these constraints are not checked by this method.

Returns:

true if the signature is correct

Throws:

PGPException -

verifyCertification

public boolean verifyCertification(PGPUserAttributeSubpacketVector userAttributes,
                                   PGPPublicKey key)
                            throws PGPException

Verify the signature as certifying the passed in public key as associated with the passed in user attributes.

Parameters:

userAttributes - user attributes the key was stored under

key - the key to be verified.

Returns:

true if the signature matches, false otherwise.

Throws:

PGPException -

verifyCertification

public boolean verifyCertification(java.lang.String id,
                                   PGPPublicKey key)
                            throws PGPException

Verify the signature as certifying the passed in public key as associated with the passed in id.

Parameters:

id - id the key was stored under

key - the key to be verified.

Returns:

true if the signature matches, false otherwise.

Throws:

PGPException -

verifyCertification

public boolean verifyCertification(byte[] rawID,
                                   PGPPublicKey key)
                            throws PGPException

Verify the signature as certifying the passed in public key as associated with the passed in rawID.

Parameters:

rawID - id the key was stored under in its raw byte form.

key - the key to be verified.

Returns:

true if the signature matches, false otherwise.

Throws:

PGPException -

verifyCertification

public boolean verifyCertification(PGPPublicKey masterKey,
                                   PGPPublicKey pubKey)
                            throws PGPException

Verify a certification for the passed in key against the passed in master key.

Parameters:

masterKey - the key we are verifying against.

pubKey - the key we are verifying.

Returns:

true if the certification is valid, false otherwise.

Throws:

PGPException -

verifyCertification

public boolean verifyCertification(PGPPublicKey pubKey)
                            throws PGPException

Verify a key certification, such as a revocation, for the passed in key.

Parameters:

pubKey - the key we are checking.

Returns:

true if the certification is valid, false otherwise.

Throws:

PGPException -

getSignatureType

public int getSignatureType()

Return the type id of the signature.

Returns:

type id

See Also:

RFC9580 - Signature Types

getKeyID

public long getKeyID()

Return the id of the key that created the signature. Note: Since signatures of version 4 or later encode the issuer information inside a signature subpacket (IssuerKeyID or IssuerFingerprint), there is not a single source of truth for the key-id. To match any suitable issuer keys, use getKeyIdentifiers() instead.

Returns:

keyID of the signatures corresponding key.

getKeyIdentifiers

public java.util.List getKeyIdentifiers()

Create a list of KeyIdentifier objects, for all IssuerFingerprint and IssuerKeyID signature subpackets found in either the hashed or unhashed areas of the signature.

Returns:

all detectable KeyIdentifiers

getHashedKeyIdentifiers

public java.util.List getHashedKeyIdentifiers()

Return a list of all KeyIdentifiers that could be derived from any IssuerFingerprint or IssuerKeyID subpackets of the hashed signature subpacket area.

Returns:

hashed key identifiers

getUnhashedKeyIdentifiers

public java.util.List getUnhashedKeyIdentifiers()

Return a list of all KeyIdentifiers that could be derived from any IssuerFingerprint or IssuerKeyID subpackets of the unhashed signature subpacket area.

Returns:

unhashed key identifiers

getCreationTime

public java.util.Date getCreationTime()

Return the creation time of the signature.

Returns:

the signature creation time.

getSignatureTrailer

public byte[] getSignatureTrailer()

hasSubpackets

public boolean hasSubpackets()

Return true if the signature has either hashed or unhashed subpackets.

Returns:

true if either hashed or unhashed subpackets are present, false otherwise.

getHashedSubPackets

public PGPSignatureSubpacketVector getHashedSubPackets()

Return the hashed subpackets of the signature. Hashed signature subpackets are covered by the signature.

Returns:

hashed signature subpackets

getUnhashedSubPackets

public PGPSignatureSubpacketVector getUnhashedSubPackets()

Return the unhashed subpackets of the signature. As unhashed signature subpackets are NOT covered by the signature, an attacker might inject false information after the fact, therefore only "self-authenticating" information from this area can be trusted. Self-authenticating information are for example the IssuerKeyID or IssuerFingerprint, whose authenticity can be confirmed by verifying the signature using the declared key.

Returns:

unhashed signature subpackets

getSignature

public byte[] getSignature()
                    throws PGPException

Return the cryptographic raw signature contained in the OpenPGP signature packet. The value is dependent on the signing algorithm.

Returns:

cryptographic signature

Throws:

PGPException -

getEncoded

public byte[] getEncoded()
                  throws java.io.IOException

Return the OpenPGP packet encoding of the signature.

Returns:

OpenPGP packet encoding

Throws:

java.io.IOException -

getEncoded

public byte[] getEncoded(boolean forTransfer)
                  throws java.io.IOException

Return an encoding of the signature, with trust packets stripped out if forTransfer is true.

Parameters:

forTransfer - if the purpose of encoding is to send key to other users.

Returns:

a encoded byte array representing the key.

Throws:

java.io.IOException - in case of encoding error.

encode

public void encode(java.io.OutputStream outStream)
            throws java.io.IOException

Encode the signature to an OpenPGP packet stream. This method does not strip out any trust packets.

Parameters:

outStream - packet stream

Throws:

java.io.IOException -

encode

public void encode(java.io.OutputStream outStream,
                   boolean forTransfer)
            throws java.io.IOException

Encode the signature to outStream, with trust packets stripped out if forTransfer is true.

Parameters:

outStream - stream to write the key encoding to.

forTransfer - if the purpose of encoding is to send key to other users.

Throws:

java.io.IOException - in case of encoding error.

isCertification

public static boolean isCertification(int signatureType)

Return true if the passed in signature type represents a certification, false if the signature type is not.

Parameters:

signatureType -

Returns:

true if signatureType is a certification, false otherwise.

isSignatureEncodingEqual

public static boolean isSignatureEncodingEqual(PGPSignature sig1,
                                               PGPSignature sig2)

Return true, if the cryptographic signature encoding of the two signatures match.

Parameters:

sig1 - first signature

sig2 - second signature

Returns:

true if both signatures contain the same cryptographic signature

join

public static PGPSignature join(PGPSignature sig1,
                                PGPSignature sig2)
                         throws PGPException

Join two copies of the same signature. As an entity might append additional information to an existing signatures unhashed subpacket area (e.g. an embedded THIRD_PARTY_CONFIRMATION signature), an implementation might want to join an existing instance of a signature with an updated copy, e.g. retrieved from a key server. This method merges both signature instances by joining unhashed subpackets.

Parameters:

sig1 - first signature

sig2 - second signature

Returns:

merged signature

Throws:

PGPException -

update

public void update(byte b)

update

public void update(byte[] b)

update

public void update(byte[] b,
                   int off,
                   int len)

blockUpdate

protected void blockUpdate(byte[] block,
                           int off,
                           int len)

updateWithIdData

protected void updateWithIdData(int header,
                                byte[] idBytes)

updateWithPublicKey

protected void updateWithPublicKey(PGPPublicKey key)
                            throws PGPException

getAttributesHash

protected void getAttributesHash(PGPUserAttributeSubpacketVector userAttributes)
                          throws PGPException