org.bouncycastle.openpgp.api

Interface OpenPGPPolicy

All Known Implementing Classes:

OpenPGPDefaultPolicy

public interface OpenPGPPolicy

Policy for OpenPGP algorithms and features.

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static class	OpenPGPPolicy.OpenPGPNotationRegistry The OpenPGPPolicy.OpenPGPNotationRegistry can be used to register known notations, such that signatures containing notation instances of the same name, which are marked as critical do not invalidate the signature.

Method Summary

Modifier and Type	Method and Description
int	getDefaultCertificationSignatureHashAlgorithm() Return the default certification signature hash algorithm ID.
int	getDefaultDocumentSignatureHashAlgorithm() Return the default document signature hash algorithm ID.
int	getDefaultSymmetricKeyAlgorithm() Return the default symmetric-key algorithm, which is used as a fallback if symmetric encryption algorithm negotiation fails.
OpenPGPPolicy.OpenPGPNotationRegistry	getNotationRegistry() Return the policies OpenPGPPolicy.OpenPGPNotationRegistry containing known notation names.
boolean	hasAcceptableCertificationSignatureHashAlgorithm(PGPSignature signature) Return true, if the PGPSignature uses an acceptable certification signature hash algorithm.
boolean	hasAcceptableDocumentSignatureHashAlgorithm(PGPSignature signature) Return true, if the PGPSignature uses an acceptable data/document signature hash algorithm.
boolean	hasAcceptableRevocationSignatureHashAlgorithm(PGPSignature signature) Return true, if the PGPSignature uses an acceptable revocation signature hash algorithm.
boolean	hasAcceptableSignatureHashAlgorithm(PGPSignature signature) Return true, if the given PGPSignature was made using an acceptable signature hash algorithm.
boolean	hasNoCriticalUnknownNotations(PGPSignature signature) Return true, if the hashed subpacket area of the signature does NOT contain unknown critical notations.
boolean	hasNoCriticalUnknownSubpackets(PGPSignature signature) Return true, if the hashed subpacket area of the signature does NOT contain unknown critical subpackets.
boolean	isAcceptableCertificationSignatureHashAlgorithm(int hashAlgorithmId, java.util.Date signatureCreationTime) Return true, if the given hash algorithm is - at signature creation time - an acceptable certification signature hash algorithm.
boolean	isAcceptableDecryptionKey(PGPPublicKey key) Return true, if the given PGPPublicKey is acceptable for decrypting messages.
boolean	isAcceptableDocumentSignatureHashAlgorithm(int hashAlgorithmId, java.util.Date signatureCreationTime) Return true, if the given hash algorithm is - at signature creation time - an acceptable document signature hash algorithm.
boolean	isAcceptableEncryptionKey(PGPPublicKey key) Return true, if the given PGPPublicKey is acceptable for encrypting messages.
boolean	isAcceptablePublicKey(PGPPublicKey key) Return true, if the given PGPPublicKey is acceptable.
boolean	isAcceptablePublicKeyStrength(int publicKeyAlgorithmId, int bitStrength) Return true, if the given bitStrength is acceptable for the given public key algorithm ID.
boolean	isAcceptableRevocationSignatureHashAlgorithm(int hashAlgorithmId, java.util.Date signatureCreationTime) Return true, if the given hash algorithm is - at signature creation time - an acceptable revocation signature hash algorithm.
boolean	isAcceptableSignature(PGPSignature signature) Return true, if the given PGPSignature is acceptable (uses acceptable hash algorithm, does not contain unknown critical notations or subpackets).
boolean	isAcceptableSigningKey(PGPPublicKey key) Return true, if the given PGPPublicKey is an acceptable signing key.
boolean	isAcceptableSymmetricKeyAlgorithm(int symmetricKeyAlgorithmId) Return true, if the given symmetric-key algorithm is acceptable.
boolean	isAcceptableVerificationKey(PGPPublicKey key) Return true, if the given PGPPublicKey is an acceptable signature verification key.
boolean	isKnownSignatureSubpacket(int signatureSubpacketTag) Return true, if the given signature subpacket ID is known by the implementation.

Method Detail

isAcceptableSigningKey

boolean isAcceptableSigningKey(PGPPublicKey key)

Return true, if the given PGPPublicKey is an acceptable signing key. Note: Although signing requires a secret key, we perform checks on the public part for consistency.

Parameters:

key - key

Returns:

true if acceptable signing key

isAcceptableVerificationKey

boolean isAcceptableVerificationKey(PGPPublicKey key)

Return true, if the given PGPPublicKey is an acceptable signature verification key. Note: The asymmetry between this and isAcceptableSigningKey(PGPPublicKey) is useful to prevent creation of signatures using a legacy key, while still allowing verification of signatures made using the same key.

Parameters:

key - key

Returns:

true if acceptable verification key

isAcceptableEncryptionKey

boolean isAcceptableEncryptionKey(PGPPublicKey key)

Return true, if the given PGPPublicKey is acceptable for encrypting messages.

Parameters:

key - key

Returns:

true if acceptable encryption key

isAcceptableDecryptionKey

boolean isAcceptableDecryptionKey(PGPPublicKey key)

Return true, if the given PGPPublicKey is acceptable for decrypting messages. Note: Although decryption requires a secret key, we perform checks on the public part for consistency. The asymmetry between this and isAcceptableEncryptionKey(PGPPublicKey) is useful to prevent creation of new encrypted messages using a legacy key, while still allowing decryption of existing messages using the same key.

Parameters:

key - key

Returns:

true if acceptable decryption key

isAcceptablePublicKey

boolean isAcceptablePublicKey(PGPPublicKey key)

Return true, if the given PGPPublicKey is acceptable.

Parameters:

key - key

Returns:

true if acceptable key

isAcceptableSignature

boolean isAcceptableSignature(PGPSignature signature)

Return true, if the given PGPSignature is acceptable (uses acceptable hash algorithm, does not contain unknown critical notations or subpackets). Note: A signature being acceptable does NOT mean that it is correct or valid.

Parameters:

signature - signature

Returns:

true if acceptable

hasAcceptableSignatureHashAlgorithm

boolean hasAcceptableSignatureHashAlgorithm(PGPSignature signature)

Return true, if the given PGPSignature was made using an acceptable signature hash algorithm.

Parameters:

signature - signature

Returns:

true if hash algorithm is acceptable

hasAcceptableDocumentSignatureHashAlgorithm

boolean hasAcceptableDocumentSignatureHashAlgorithm(PGPSignature signature)

Return true, if the PGPSignature uses an acceptable data/document signature hash algorithm.

Parameters:

signature - data / document signature

Returns:

true if hash algorithm is acceptable

hasAcceptableRevocationSignatureHashAlgorithm

boolean hasAcceptableRevocationSignatureHashAlgorithm(PGPSignature signature)

Return true, if the PGPSignature uses an acceptable revocation signature hash algorithm.

Parameters:

signature - revocation signature

Returns:

true if hash algorithm is acceptable

hasAcceptableCertificationSignatureHashAlgorithm

boolean hasAcceptableCertificationSignatureHashAlgorithm(PGPSignature signature)

Return true, if the PGPSignature uses an acceptable certification signature hash algorithm.

Parameters:

signature - certification signature

Returns:

true if hash algorithm is acceptable

hasNoCriticalUnknownNotations

boolean hasNoCriticalUnknownNotations(PGPSignature signature)

Return true, if the hashed subpacket area of the signature does NOT contain unknown critical notations.

Parameters:

signature - signature

Returns:

true if signature is free from unknown critical notations

hasNoCriticalUnknownSubpackets

boolean hasNoCriticalUnknownSubpackets(PGPSignature signature)

Return true, if the hashed subpacket area of the signature does NOT contain unknown critical subpackets.

Parameters:

signature - signature

Returns:

true if signature is free from unknown critical subpackets

isKnownSignatureSubpacket

boolean isKnownSignatureSubpacket(int signatureSubpacketTag)

Return true, if the given signature subpacket ID is known by the implementation. Note: This method is only called for subpackets not recognized by SignatureSubpacketInputStream.

Parameters:

signatureSubpacketTag - signature subpacket ID

Returns:

true if subpacket tag is known

isAcceptableDocumentSignatureHashAlgorithm

boolean isAcceptableDocumentSignatureHashAlgorithm(int hashAlgorithmId,
                                                   java.util.Date signatureCreationTime)

Return true, if the given hash algorithm is - at signature creation time - an acceptable document signature hash algorithm.

Parameters:

hashAlgorithmId - hash algorithm ID

signatureCreationTime - optional signature creation time

Returns:

true if hash algorithm is acceptable at creation time

isAcceptableRevocationSignatureHashAlgorithm

boolean isAcceptableRevocationSignatureHashAlgorithm(int hashAlgorithmId,
                                                     java.util.Date signatureCreationTime)

Return true, if the given hash algorithm is - at signature creation time - an acceptable revocation signature hash algorithm.

Parameters:

hashAlgorithmId - hash algorithm ID

signatureCreationTime - optional signature creation time

Returns:

true if hash algorithm is acceptable at creation time

isAcceptableCertificationSignatureHashAlgorithm

boolean isAcceptableCertificationSignatureHashAlgorithm(int hashAlgorithmId,
                                                        java.util.Date signatureCreationTime)

Return true, if the given hash algorithm is - at signature creation time - an acceptable certification signature hash algorithm.

Parameters:

hashAlgorithmId - hash algorithm ID

signatureCreationTime - optional signature creation time

Returns:

true if hash algorithm is acceptable at creation time

getDefaultCertificationSignatureHashAlgorithm

int getDefaultCertificationSignatureHashAlgorithm()

Return the default certification signature hash algorithm ID. This is used as fallback, if negotiation of a commonly supported hash algorithm fails.

Returns:

default certification signature hash algorithm ID

getDefaultDocumentSignatureHashAlgorithm

int getDefaultDocumentSignatureHashAlgorithm()

Return the default document signature hash algorithm ID. This is used as fallback, if negotiation of a commonly supported hash algorithm fails.

Returns:

default document signature hash algorithm ID

isAcceptableSymmetricKeyAlgorithm

boolean isAcceptableSymmetricKeyAlgorithm(int symmetricKeyAlgorithmId)

Return true, if the given symmetric-key algorithm is acceptable.

Parameters:

symmetricKeyAlgorithmId - symmetric-key algorithm

Returns:

true if symmetric-key algorithm is acceptable

getDefaultSymmetricKeyAlgorithm

int getDefaultSymmetricKeyAlgorithm()

Return the default symmetric-key algorithm, which is used as a fallback if symmetric encryption algorithm negotiation fails.

Returns:

default symmetric-key algorithm

isAcceptablePublicKeyStrength

boolean isAcceptablePublicKeyStrength(int publicKeyAlgorithmId,
                                      int bitStrength)

Return true, if the given bitStrength is acceptable for the given public key algorithm ID.

Parameters:

publicKeyAlgorithmId - ID of a public key algorithm

bitStrength - key bit strength

Returns:

true if strength is acceptable

getNotationRegistry

OpenPGPPolicy.OpenPGPNotationRegistry getNotationRegistry()

Return the policies OpenPGPPolicy.OpenPGPNotationRegistry containing known notation names.

Returns:

notation registry