Package org.bouncycastle.openpgp

Class PGPSignature

java.lang.Object
org.bouncycastle.openpgp.PGPSignature
public class PGPSignature extends Object
A PGP signature object.

  • Field Details

  • Constructor Details

  • Method Details

    • getVersion

      public int getVersion()
      Return the OpenPGP version number for this signature.
      Returns:
      signature version number.

    • getKeyAlgorithm

      public int getKeyAlgorithm()
      Return the key algorithm associated with this signature.
      Returns:
      signature key algorithm.

    • getHashAlgorithm

      public int getHashAlgorithm()
      Return the hash algorithm associated with this signature.
      Returns:
      signature hash algorithm.

    • getDigestPrefix

      public byte[] getDigestPrefix()
      Return the digest prefix of the signature.
      Returns:
      digest prefix

    • isCertification

      public boolean isCertification()
      Return true if this signature represents a certification.
      Returns:
      true if this signature represents a certification, false otherwise.

    • init

      public void init(PGPContentVerifierBuilderProvider verifierBuilderProvider, PGPPublicKey pubKey) throws PGPException
      Initialize the signature for verification.
      Parameters:
      verifierBuilderProvider - provide the implementation for signature verification
      pubKey - issuer public key
      Throws:
      PGPException

    • verify

      public boolean verify() throws PGPException
      Finish the verification and return true if the signature is "correct". Note: The fact that this method returned 
      true
      does not yet mean that the signature is valid. A correct signature may very well be expired, the issuer key may be revoked, etc. All these constraints are not checked by this method.
      Returns:
      true if the signature is correct
      Throws:
      PGPException

    • verifyCertification

      public boolean verifyCertification(PGPUserAttributeSubpacketVector userAttributes, PGPPublicKey key) throws PGPException
      Verify the signature as certifying the passed in public key as associated with the passed in user attributes.
      Parameters:
      userAttributes - user attributes the key was stored under
      key - the key to be verified.
      Returns:
      true if the signature matches, false otherwise.
      Throws:
      PGPException

    • verifyCertification

      public boolean verifyCertification(String id, PGPPublicKey key) throws PGPException
      Verify the signature as certifying the passed in public key as associated with the passed in id.
      Parameters:
      id - id the key was stored under
      key - the key to be verified.
      Returns:
      true if the signature matches, false otherwise.
      Throws:
      PGPException

    • verifyCertification

      public boolean verifyCertification(byte[] rawID, PGPPublicKey key) throws PGPException
      Verify the signature as certifying the passed in public key as associated with the passed in rawID.
      Parameters:
      rawID - id the key was stored under in its raw byte form.
      key - the key to be verified.
      Returns:
      true if the signature matches, false otherwise.
      Throws:
      PGPException

    • verifyCertification

      public boolean verifyCertification(PGPPublicKey masterKey, PGPPublicKey pubKey) throws PGPException
      Verify a certification for the passed in key against the passed in master key.
      Parameters:
      masterKey - the key we are verifying against.
      pubKey - the key we are verifying.
      Returns:
      true if the certification is valid, false otherwise.
      Throws:
      PGPException

    • verifyCertification

      public boolean verifyCertification(PGPPublicKey pubKey) throws PGPException
      Verify a key certification, such as a revocation, for the passed in key.
      Parameters:
      pubKey - the key we are checking.
      Returns:
      true if the certification is valid, false otherwise.
      Throws:
      PGPException

    • getSignatureType

      public int getSignatureType()
      Return the type id of the signature.
      Returns:
      type id
      See Also:

    • getKeyID

      public long getKeyID()
      Return the id of the key that created the signature. Note: Since signatures of version 4 or later encode the issuer information inside a signature subpacket (IssuerKeyID or IssuerFingerprint), there is not a single source of truth for the key-id. To match any suitable issuer keys, use getKeyIdentifiers() instead.
      Returns:
      keyID of the signatures corresponding key.

    • getKeyIdentifiers

      public List<KeyIdentifier> getKeyIdentifiers()
      Create a list of KeyIdentifier objects, for all IssuerFingerprint and IssuerKeyID signature subpackets found in either the hashed or unhashed areas of the signature.
      Returns:
      all detectable KeyIdentifiers

    • getHashedKeyIdentifiers

      public List<KeyIdentifier> getHashedKeyIdentifiers()
      Return a list of all KeyIdentifiers that could be derived from any IssuerFingerprint or IssuerKeyID subpackets of the hashed signature subpacket area.
      Returns:
      hashed key identifiers

    • getUnhashedKeyIdentifiers

      public List<KeyIdentifier> getUnhashedKeyIdentifiers()
      Return a list of all KeyIdentifiers that could be derived from any IssuerFingerprint or IssuerKeyID subpackets of the unhashed signature subpacket area.
      Returns:
      unhashed key identifiers

    • getCreationTime

      public Date getCreationTime()
      Return the creation time of the signature.
      Returns:
      the signature creation time.

    • getSignatureTrailer

      public byte[] getSignatureTrailer()

    • hasSubpackets

      public boolean hasSubpackets()
      Return true if the signature has either hashed or unhashed subpackets.
      Returns:
      true if either hashed or unhashed subpackets are present, false otherwise.

    • getHashedSubPackets

      public PGPSignatureSubpacketVector getHashedSubPackets()
      Return the hashed subpackets of the signature. Hashed signature subpackets are covered by the signature.
      Returns:
      hashed signature subpackets

    • getUnhashedSubPackets

      public PGPSignatureSubpacketVector getUnhashedSubPackets()
      Return the unhashed subpackets of the signature. As unhashed signature subpackets are NOT covered by the signature, an attacker might inject false information after the fact, therefore only "self-authenticating" information from this area can be trusted. Self-authenticating information are for example the IssuerKeyID or IssuerFingerprint, whose authenticity can be confirmed by verifying the signature using the declared key.
      Returns:
      unhashed signature subpackets

    • getSignature

      public byte[] getSignature() throws PGPException
      Return the cryptographic raw signature contained in the OpenPGP signature packet. The value is dependent on the signing algorithm.
      Returns:
      cryptographic signature
      Throws:
      PGPException

    • getEncoded

      public byte[] getEncoded() throws IOException
      Return the OpenPGP packet encoding of the signature.
      Returns:
      OpenPGP packet encoding
      Throws:
      IOException

    • getEncoded

      public byte[] getEncoded(boolean forTransfer) throws IOException
      Return an encoding of the signature, with trust packets stripped out if forTransfer is true.
      Parameters:
      forTransfer - if the purpose of encoding is to send key to other users.
      Returns:
      a encoded byte array representing the key.
      Throws:
      IOException - in case of encoding error.

    • encode

      public void encode(OutputStream outStream) throws IOException
      Encode the signature to an OpenPGP packet stream. This method does not strip out any trust packets.
      Parameters:
      outStream - packet stream
      Throws:
      IOException

    • encode

      public void encode(OutputStream outStream, boolean forTransfer) throws IOException
      Encode the signature to outStream, with trust packets stripped out if forTransfer is true.
      Parameters:
      outStream - stream to write the key encoding to.
      forTransfer - if the purpose of encoding is to send key to other users.
      Throws:
      IOException - in case of encoding error.

    • isCertification

      public static boolean isCertification(int signatureType)
      Return true if the passed in signature type represents a certification, false if the signature type is not.
      Parameters:
      signatureType -
      Returns:
      true if signatureType is a certification, false otherwise.

    • isSignatureEncodingEqual

      public static boolean isSignatureEncodingEqual(PGPSignature sig1, PGPSignature sig2)
      Return true, if the cryptographic signature encoding of the two signatures match.
      Parameters:
      sig1 - first signature
      sig2 - second signature
      Returns:
      true if both signatures contain the same cryptographic signature

    • join

      public static PGPSignature join(PGPSignature sig1, PGPSignature sig2) throws PGPException
      Join two copies of the same signature. As an entity might append additional information to an existing signatures unhashed subpacket area (e.g. an embedded THIRD_PARTY_CONFIRMATION signature), an implementation might want to join an existing instance of a signature with an updated copy, e.g. retrieved from a key server. This method merges both signature instances by joining unhashed subpackets.
      Parameters:
      sig1 - first signature
      sig2 - second signature
      Returns:
      merged signature
      Throws:
      PGPException

    • update

      public void update(byte b)

    • update

      public void update(byte[] b)

    • update

      public void update(byte[] b, int off, int len)

    • blockUpdate

      protected void blockUpdate(byte[] block, int off, int len)

    • updateWithIdData

      protected void updateWithIdData(int header, byte[] idBytes)

    • updateWithPublicKey

      protected void updateWithPublicKey(PGPPublicKey key) throws PGPException
      Throws:
      PGPException

    • getAttributesHash

      protected void getAttributesHash(PGPUserAttributeSubpacketVector userAttributes) throws PGPException
      Throws:
      PGPException