org.bouncycastle.openpgp
Class PGPSignatureSubpacketGenerator

java.lang.Object
  |
  +--org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator

public class PGPSignatureSubpacketGenerator

extends java.lang.Object

Generator for signature subpackets.

Constructor Summary

PGPSignatureSubpacketGenerator()
Base constructor, creates an empty generator.

PGPSignatureSubpacketGenerator(PGPSignatureSubpacketVector sigSubV)
Constructor for pre-initialising the generator from an existing one.

Method Summary

void	addCustomSubpacket(SignatureSubpacket subpacket) Add a custom subpacket.
void	addEmbeddedSignature(boolean isCritical, PGPSignature pgpSignature) Add an embedded signature packet.
void	addIntendedRecipientFingerprint(boolean isCritical, PGPPublicKey publicKey) Adds a intended recipient fingerprint for an encrypted payload the signature is associated with.
void	addNotationData(boolean isCritical, boolean isHumanReadable, java.lang.String notationName, java.lang.String notationValue) Add a notation data packet to the signature.
void	addPolicyURI(boolean isCritical, java.lang.String policyUri)
void	addRegularExpression(boolean isCritical, java.lang.String regularExpression) Adds a regular expression.
void	addRevocationKey(boolean isCritical, int keyAlgorithm, byte[] fingerprint) Deprecated. the revocation key mechanism is deprecated. Applications MUST NOT generate such a packet.
void	addSignerUserID(boolean isCritical, byte[] rawUserID) Add a signer user-id to the signature.
void	addSignerUserID(boolean isCritical, java.lang.String userID) Add a signer user-id to the signature.
PGPSignatureSubpacketVector	generate()
SignatureSubpacket[]	getSubpackets(int type) Return all signature subpackets of the passed in type currently in the generator.
boolean	hasSubpacket(int type) Return true if a particular subpacket type exists.
boolean	removePacket(SignatureSubpacket packet) Remove a previously set packet from the generator.
void	setEmbeddedSignature(boolean isCritical, PGPSignature pgpSignature) Deprecated. use addEmbeddedSignature(boolean, PGPSignature) instead.
void	setExportable(boolean isCritical, boolean isExportable) Specify, whether or not the signature should be marked as exportable.
void	setFeature(boolean isCritical, byte feature) Specify the set of features of the key.
void	setIntendedRecipientFingerprint(boolean isCritical, PGPPublicKey publicKey) Deprecated. use addIntendedRecipientFingerprint(boolean, PGPPublicKey) instead.
void	setIssuerFingerprint(boolean isCritical, PGPPublicKey publicKey) Sets the signature issuer fingerprint for the signing key.
void	setIssuerFingerprint(boolean isCritical, PGPSecretKey secretKey) Sets the signature issuer fingerprint for the signing key.
void	setIssuerKeyID(boolean isCritical, long keyID) Sets issuer key-id subpacket.
void	setKeyExpirationTime(boolean isCritical, long seconds) Set the number of seconds a key is valid for after the time of its creation.
void	setKeyFlags(boolean isCritical, int flags) Set this keys key flags.
void	setNotationData(boolean isCritical, boolean isHumanReadable, java.lang.String notationName, java.lang.String notationValue) Deprecated. use addNotationData(boolean, boolean, String, String) instead.
void	setPreferredAEADAlgorithms(boolean isCritical, int[] algorithms) Deprecated. use setPreferredAEADCiphersuites(boolean, PreferredAEADCiphersuites.Combination[]) or setPreferredLibrePgpEncryptionModes(boolean, int[]) instead.
void	setPreferredAEADCiphersuites(boolean isCritical, PreferredAEADCiphersuites.Combination[] algorithms) Specify the preferred OpenPGP AEAD ciphersuites of this key.
void	setPreferredAEADCiphersuites(PreferredAEADCiphersuites.Builder builder) Specify the preferred OpenPGP AEAD ciphersuites of this key.
void	setPreferredCompressionAlgorithms(boolean isCritical, int[] algorithms) Specify the preferred compression algorithms of this key.
void	setPreferredHashAlgorithms(boolean isCritical, int[] algorithms) Specify the preferred hash algorithms of the key.
void	setPreferredKeyServer(boolean isCritical, java.lang.String uri) Specify the preferred key server for the signed user-id / key.
void	setPreferredLibrePgpEncryptionModes(boolean isCritical, int[] algorithms) Deprecated. the use of this subpacket is deprecated in LibrePGP
void	setPreferredSymmetricAlgorithms(boolean isCritical, int[] algorithms) Specify the preferred symmetric encryption algorithms of the key.
void	setPrimaryUserID(boolean isCritical, boolean isPrimaryUserID)
void	setRevocable(boolean isCritical, boolean isRevocable) Specify, whether or not the signature is revocable.
void	setRevocationKey(boolean isCritical, int keyAlgorithm, byte[] fingerprint) Deprecated. the revocation key mechanism is deprecated. Applications MUST NOT generate such a packet.
void	setRevocationReason(boolean isCritical, byte reason, java.lang.String description) Sets revocation reason sub packet.
void	setSignatureCreationTime(boolean isCritical, java.util.Date date) Set the creation time for the signature.
void	setSignatureExpirationTime(boolean isCritical, long seconds) Set the number of seconds a signature is valid for after the time of its creation.
void	setSignatureTarget(boolean isCritical, int publicKeyAlgorithm, int hashAlgorithm, byte[] hashData) Sets the signature target sub packet.
void	setSignerUserID(boolean isCritical, byte[] rawUserID) Deprecated. use addSignerUserID(boolean, byte[]) instead.
void	setSignerUserID(boolean isCritical, java.lang.String userID) Deprecated. use addSignerUserID(boolean, String) instead.
void	setTrust(boolean isCritical, int depth, int trustAmount) Add a TrustSignature packet to the signature.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PGPSignatureSubpacketGenerator

public PGPSignatureSubpacketGenerator()

Base constructor, creates an empty generator.

PGPSignatureSubpacketGenerator

public PGPSignatureSubpacketGenerator(PGPSignatureSubpacketVector sigSubV)

Constructor for pre-initialising the generator from an existing one.

Parameters:

sigSubV - an initial set of subpackets.

Method Detail

setRevocable

public void setRevocable(boolean isCritical,
                         boolean isRevocable)

Specify, whether or not the signature is revocable.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

isRevocable - true if the signature should be revocable, false otherwise.

setExportable

public void setExportable(boolean isCritical,
                          boolean isExportable)

Specify, whether or not the signature should be marked as exportable. If this subpacket is missing, the signature is treated as being exportable.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

isExportable - true if the signature should be exportable, false otherwise.

setFeature

public void setFeature(boolean isCritical,
                       byte feature)

Specify the set of features of the key.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

feature - features

setTrust

public void setTrust(boolean isCritical,
                     int depth,
                     int trustAmount)

Add a TrustSignature packet to the signature. The values for depth and trust are largely installation dependent but there are some guidelines in RFC 4880 - 5.2.3.13.

Parameters:

isCritical - true if the packet is critical.

depth - depth level.

trustAmount - trust amount.

setKeyExpirationTime

public void setKeyExpirationTime(boolean isCritical,
                                 long seconds)

Set the number of seconds a key is valid for after the time of its creation. A value of zero means the key never expires.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

seconds -

setSignatureExpirationTime

public void setSignatureExpirationTime(boolean isCritical,
                                       long seconds)

Set the number of seconds a signature is valid for after the time of its creation. A value of zero means the signature never expires.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

seconds -

setSignatureCreationTime

public void setSignatureCreationTime(boolean isCritical,
                                     java.util.Date date)

Set the creation time for the signature.

Note: this overrides the generation of a creation time when the signature is generated.

setPreferredHashAlgorithms

public void setPreferredHashAlgorithms(boolean isCritical,
                                       int[] algorithms)

Specify the preferred hash algorithms of the key. See HashAlgorithmTags.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

algorithms - array of algorithms in descending preference

setPreferredSymmetricAlgorithms

public void setPreferredSymmetricAlgorithms(boolean isCritical,
                                            int[] algorithms)

Specify the preferred symmetric encryption algorithms of the key. See SymmetricKeyAlgorithmTags.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

algorithms - array of algorithms in descending preference

setPreferredCompressionAlgorithms

public void setPreferredCompressionAlgorithms(boolean isCritical,
                                              int[] algorithms)

Specify the preferred compression algorithms of this key. See CompressionAlgorithmTags.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

algorithms - array of algorithms in descending preference

setPreferredAEADAlgorithms

public void setPreferredAEADAlgorithms(boolean isCritical,
                                       int[] algorithms)

Deprecated. use setPreferredAEADCiphersuites(boolean, PreferredAEADCiphersuites.Combination[]) or setPreferredLibrePgpEncryptionModes(boolean, int[]) instead.

This method is BROKEN! Specify the preferred AEAD algorithms of this key.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

algorithms - array of algorithms in descending preference

setPreferredAEADCiphersuites

public void setPreferredAEADCiphersuites(boolean isCritical,
                                         PreferredAEADCiphersuites.Combination[] algorithms)

Specify the preferred OpenPGP AEAD ciphersuites of this key.

Parameters:

isCritical - true, if this packet should be treated as critical, false otherwise.

algorithms - array of algorithms in descending preference

See Also:

RFC9580: Preferred AEAD Ciphersuites

setPreferredAEADCiphersuites

public void setPreferredAEADCiphersuites(PreferredAEADCiphersuites.Builder builder)

Specify the preferred OpenPGP AEAD ciphersuites of this key.

Parameters:

builder - builder to build the ciphersuites packet from

See Also:

RFC9580: Preferred AEAD Ciphersuites

setPreferredLibrePgpEncryptionModes

public void setPreferredLibrePgpEncryptionModes(boolean isCritical,
                                                int[] algorithms)

Deprecated. the use of this subpacket is deprecated in LibrePGP

Set the preferred encryption modes for LibrePGP keys. Note: LibrePGP is not OpenPGP. An application strictly compliant to only the OpenPGP standard will not know how to handle LibrePGP encryption modes. The LibrePGP spec states that this subpacket shall be ignored and the application shall instead assume AEADAlgorithmTags.OCB.

Parameters:

isCritical - whether the packet is critical

algorithms - list of algorithms

See Also:

LibrePGP: Preferred Encryption Modes, for possible algorithms

setPreferredKeyServer

public void setPreferredKeyServer(boolean isCritical,
                                  java.lang.String uri)

Specify the preferred key server for the signed user-id / key. Note, that the key server might also be a http/ftp etc. URI pointing to the key itself.

Parameters:

isCritical - true if the subpacket should be treated as critical

uri - key server URI

addPolicyURI

public void addPolicyURI(boolean isCritical,
                         java.lang.String policyUri)

setKeyFlags

public void setKeyFlags(boolean isCritical,
                        int flags)

Set this keys key flags. See PGPKeyFlags.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

flags - flags

setSignerUserID

public void setSignerUserID(boolean isCritical,
                            java.lang.String userID)

Deprecated. use addSignerUserID(boolean, String) instead.

Add a signer user-id to the signature.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

userID - signer user-id

addSignerUserID

public void addSignerUserID(boolean isCritical,
                            java.lang.String userID)

Add a signer user-id to the signature.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

userID - signer user-id

setSignerUserID

public void setSignerUserID(boolean isCritical,
                            byte[] rawUserID)

Deprecated. use addSignerUserID(boolean, byte[]) instead.

Add a signer user-id to the signature.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

rawUserID - signer user-id

addSignerUserID

public void addSignerUserID(boolean isCritical,
                            byte[] rawUserID)

Add a signer user-id to the signature.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

rawUserID - signer user-id

setEmbeddedSignature

public void setEmbeddedSignature(boolean isCritical,
                                 PGPSignature pgpSignature)
                          throws java.io.IOException

Deprecated. use addEmbeddedSignature(boolean, PGPSignature) instead.

Add an embedded signature packet.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

pgpSignature - embedded signature

Throws:

java.io.IOException - in case of an error

addEmbeddedSignature

public void addEmbeddedSignature(boolean isCritical,
                                 PGPSignature pgpSignature)
                          throws java.io.IOException

Add an embedded signature packet.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

pgpSignature - embedded signature

Throws:

java.io.IOException - in case of an error

setPrimaryUserID

public void setPrimaryUserID(boolean isCritical,
                             boolean isPrimaryUserID)

setNotationData

public void setNotationData(boolean isCritical,
                            boolean isHumanReadable,
                            java.lang.String notationName,
                            java.lang.String notationValue)

Deprecated. use addNotationData(boolean, boolean, String, String) instead.

Add a notation data packet to the signature.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

isHumanReadable - true if the notation is human-readable.

notationName - name of the notation key

notationValue - value of the notation

addNotationData

public void addNotationData(boolean isCritical,
                            boolean isHumanReadable,
                            java.lang.String notationName,
                            java.lang.String notationValue)

Add a notation data packet to the signature.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

isHumanReadable - true if the notation is human-readable.

notationName - name of the notation key.

notationValue - value of the notation.

setRevocationReason

public void setRevocationReason(boolean isCritical,
                                byte reason,
                                java.lang.String description)

Sets revocation reason sub packet. See RevocationReasonTags.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

reason - reason code for the revocation

description - human readable description of the revocation reason

setRevocationKey

public void setRevocationKey(boolean isCritical,
                             int keyAlgorithm,
                             byte[] fingerprint)

Deprecated. the revocation key mechanism is deprecated. Applications MUST NOT generate such a packet.

Adds a revocation key sub packet.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

keyAlgorithm - algorithm of the revocation key

fingerprint - fingerprint of the revocation key (v4 only)

addRevocationKey

public void addRevocationKey(boolean isCritical,
                             int keyAlgorithm,
                             byte[] fingerprint)

Deprecated. the revocation key mechanism is deprecated. Applications MUST NOT generate such a packet.

Adds a revocation key sub packet.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

keyAlgorithm - algorithm of the revocation key

fingerprint - fingerprint of the revocation key (v4 only)

setIssuerKeyID

public void setIssuerKeyID(boolean isCritical,
                           long keyID)

Sets issuer key-id subpacket.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

keyID - id of the key that issued the signature

setSignatureTarget

public void setSignatureTarget(boolean isCritical,
                               int publicKeyAlgorithm,
                               int hashAlgorithm,
                               byte[] hashData)

Sets the signature target sub packet.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

publicKeyAlgorithm - algorithm of the key that issued the signature that is being referred to.

hashAlgorithm - hash algorithm that was used to calculate the hash data.

hashData - hash of the signature that is being referred to.

setIssuerFingerprint

public void setIssuerFingerprint(boolean isCritical,
                                 PGPSecretKey secretKey)

Sets the signature issuer fingerprint for the signing key.

Parameters:

isCritical - true if critical, false otherwise.

secretKey - the secret key used to generate the associated signature.

setIssuerFingerprint

public void setIssuerFingerprint(boolean isCritical,
                                 PGPPublicKey publicKey)

Sets the signature issuer fingerprint for the signing key.

Parameters:

isCritical - true if critical, false otherwise.

publicKey - the public key needed to verify the associated signature.

setIntendedRecipientFingerprint

public void setIntendedRecipientFingerprint(boolean isCritical,
                                            PGPPublicKey publicKey)

Deprecated. use addIntendedRecipientFingerprint(boolean, PGPPublicKey) instead.

Adds a intended recipient fingerprint for an encrypted payload the signature is associated with.

Parameters:

isCritical - true if critical, false otherwise.

publicKey - the public key the encrypted payload was encrypted against.

addIntendedRecipientFingerprint

public void addIntendedRecipientFingerprint(boolean isCritical,
                                            PGPPublicKey publicKey)

Adds a intended recipient fingerprint for an encrypted payload the signature is associated with.

Parameters:

isCritical - true if critical, false otherwise.

publicKey - the public key the encrypted payload was encrypted against.

addCustomSubpacket

public void addCustomSubpacket(SignatureSubpacket subpacket)

Add a custom subpacket. Miscellaneous subpackets are subpackets that Bouncycastle does not recognize or doesn't have first class support for.

Parameters:

subpacket - subpacket

removePacket

public boolean removePacket(SignatureSubpacket packet)

Remove a previously set packet from the generator.

Parameters:

packet - the signature subpacket to remove.

hasSubpacket

public boolean hasSubpacket(int type)

Return true if a particular subpacket type exists.

Parameters:

type - type to look for.

Returns:

true if present, false otherwise.

getSubpackets

public SignatureSubpacket[] getSubpackets(int type)

Return all signature subpackets of the passed in type currently in the generator.

Parameters:

type - subpacket type code

Returns:

an array of zero or more matching subpackets.

generate

public PGPSignatureSubpacketVector generate()

addRegularExpression

public void addRegularExpression(boolean isCritical,
                                 java.lang.String regularExpression)

Adds a regular expression.

Parameters:

isCritical - true if should be treated as critical, false otherwise.

regularExpression - the regular expression