Package org.bouncycastle.openpgp

Class PGPSignatureSubpacketGenerator

java.lang.Object
org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator
public class PGPSignatureSubpacketGenerator extends Object
Generator for signature subpackets.

  • Constructor Details

    • PGPSignatureSubpacketGenerator

      public PGPSignatureSubpacketGenerator()
      Base constructor, creates an empty generator.

    • PGPSignatureSubpacketGenerator

      public PGPSignatureSubpacketGenerator(PGPSignatureSubpacketVector sigSubV)
      Constructor for pre-initialising the generator from an existing one.
      Parameters:
      sigSubV - an initial set of subpackets.

  • Method Details

    • setRevocable

      public void setRevocable(boolean isCritical, boolean isRevocable)
      Specify, whether or not the signature is revocable.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      isRevocable - true if the signature should be revocable, false otherwise.

    • setExportable

      public void setExportable(boolean isCritical, boolean isExportable)
      Specify, whether or not the signature should be marked as exportable. If this subpacket is missing, the signature is treated as being exportable.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      isExportable - true if the signature should be exportable, false otherwise.

    • setFeature

      public void setFeature(boolean isCritical, byte feature)
      Specify the set of features of the key.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      feature - features

    • setTrust

      public void setTrust(boolean isCritical, int depth, int trustAmount)
      Add a TrustSignature packet to the signature. The values for depth and trust are largely installation dependent but there are some guidelines in RFC 4880 - 5.2.3.13.
      Parameters:
      isCritical - true if the packet is critical.
      depth - depth level.
      trustAmount - trust amount.

    • setKeyExpirationTime

      public void setKeyExpirationTime(boolean isCritical, long seconds)
      Set the number of seconds a key is valid for after the time of its creation. A value of zero means the key never expires.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      seconds -

    • setSignatureExpirationTime

      public void setSignatureExpirationTime(boolean isCritical, long seconds)
      Set the number of seconds a signature is valid for after the time of its creation. A value of zero means the signature never expires.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      seconds -

    • setSignatureCreationTime

      public void setSignatureCreationTime(boolean isCritical, Date date)
      Set the creation time for the signature.

      Note: this overrides the generation of a creation time when the signature is generated.

    • setPreferredHashAlgorithms

      public void setPreferredHashAlgorithms(boolean isCritical, int[] algorithms)
      Specify the preferred hash algorithms of the key. See HashAlgorithmTags.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      algorithms - array of algorithms in descending preference

    • setPreferredSymmetricAlgorithms

      public void setPreferredSymmetricAlgorithms(boolean isCritical, int[] algorithms)
      Specify the preferred symmetric encryption algorithms of the key. See SymmetricKeyAlgorithmTags.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      algorithms - array of algorithms in descending preference

    • setPreferredCompressionAlgorithms

      public void setPreferredCompressionAlgorithms(boolean isCritical, int[] algorithms)
      Specify the preferred compression algorithms of this key. See CompressionAlgorithmTags.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      algorithms - array of algorithms in descending preference

    • setPreferredAEADAlgorithms

      @Deprecated public void setPreferredAEADAlgorithms(boolean isCritical, int[] algorithms)
      Deprecated.
      use setPreferredAEADCiphersuites(boolean, PreferredAEADCiphersuites.Combination[]) or setPreferredLibrePgpEncryptionModes(boolean, int[]) instead.
      This method is BROKEN! Specify the preferred AEAD algorithms of this key.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      algorithms - array of algorithms in descending preference

    • setPreferredAEADCiphersuites

      public void setPreferredAEADCiphersuites(boolean isCritical, PreferredAEADCiphersuites.Combination[] algorithms)
      Specify the preferred OpenPGP AEAD ciphersuites of this key.
      Parameters:
      isCritical - true, if this packet should be treated as critical, false otherwise.
      algorithms - array of algorithms in descending preference
      See Also:

    • setPreferredAEADCiphersuites

      public void setPreferredAEADCiphersuites(PreferredAEADCiphersuites.Builder builder)
      Specify the preferred OpenPGP AEAD ciphersuites of this key.
      Parameters:
      builder - builder to build the ciphersuites packet from
      See Also:

    • setPreferredLibrePgpEncryptionModes

      @Deprecated public void setPreferredLibrePgpEncryptionModes(boolean isCritical, int[] algorithms)
      Deprecated.
      the use of this subpacket is deprecated in LibrePGP
      Set the preferred encryption modes for LibrePGP keys. Note: LibrePGP is not OpenPGP. An application strictly compliant to only the OpenPGP standard will not know how to handle LibrePGP encryption modes. The LibrePGP spec states that this subpacket shall be ignored and the application shall instead assume AEADAlgorithmTags.OCB.
      Parameters:
      isCritical - whether the packet is critical
      algorithms - list of algorithms
      See Also:

    • setPreferredKeyServer

      public void setPreferredKeyServer(boolean isCritical, String uri)
      Specify the preferred key server for the signed user-id / key. Note, that the key server might also be a http/ftp etc. URI pointing to the key itself.
      Parameters:
      isCritical - true if the subpacket should be treated as critical
      uri - key server URI

    • addPolicyURI

      public void addPolicyURI(boolean isCritical, String policyUri)

    • setKeyFlags

      public void setKeyFlags(boolean isCritical, int flags)
      Set this keys key flags. See PGPKeyFlags.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      flags - flags

    • setSignerUserID

      public void setSignerUserID(boolean isCritical, String userID)
      Deprecated.
      use addSignerUserID(boolean, String) instead.
      Add a signer user-id to the signature.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      userID - signer user-id

    • addSignerUserID

      public void addSignerUserID(boolean isCritical, String userID)
      Add a signer user-id to the signature.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      userID - signer user-id

    • setSignerUserID

      public void setSignerUserID(boolean isCritical, byte[] rawUserID)
      Deprecated.
      use addSignerUserID(boolean, byte[]) instead.
      Add a signer user-id to the signature.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      rawUserID - signer user-id

    • addSignerUserID

      public void addSignerUserID(boolean isCritical, byte[] rawUserID)
      Add a signer user-id to the signature.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      rawUserID - signer user-id

    • setEmbeddedSignature

      public void setEmbeddedSignature(boolean isCritical, PGPSignature pgpSignature) throws IOException
      Deprecated.
      use addEmbeddedSignature(boolean, PGPSignature) instead.
      Add an embedded signature packet.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      pgpSignature - embedded signature
      Throws:
      IOException - in case of an error

    • addEmbeddedSignature

      public void addEmbeddedSignature(boolean isCritical, PGPSignature pgpSignature) throws IOException
      Add an embedded signature packet.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      pgpSignature - embedded signature
      Throws:
      IOException - in case of an error

    • setPrimaryUserID

      public void setPrimaryUserID(boolean isCritical, boolean isPrimaryUserID)

    • setNotationData

      public void setNotationData(boolean isCritical, boolean isHumanReadable, String notationName, String notationValue)
      Deprecated.
      use addNotationData(boolean, boolean, String, String) instead.
      Add a notation data packet to the signature.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      isHumanReadable - true if the notation is human-readable.
      notationName - name of the notation key
      notationValue - value of the notation

    • addNotationData

      public void addNotationData(boolean isCritical, boolean isHumanReadable, String notationName, String notationValue)
      Add a notation data packet to the signature.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      isHumanReadable - true if the notation is human-readable.
      notationName - name of the notation key.
      notationValue - value of the notation.

    • setRevocationReason

      public void setRevocationReason(boolean isCritical, byte reason, String description)
      Sets revocation reason sub packet. See RevocationReasonTags.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      reason - reason code for the revocation
      description - human readable description of the revocation reason

    • setRevocationKey

      public void setRevocationKey(boolean isCritical, int keyAlgorithm, byte[] fingerprint)
      Deprecated.
      the revocation key mechanism is deprecated. Applications MUST NOT generate such a packet.
      Adds a revocation key sub packet.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      keyAlgorithm - algorithm of the revocation key
      fingerprint - fingerprint of the revocation key (v4 only)

    • addRevocationKey

      public void addRevocationKey(boolean isCritical, int keyAlgorithm, byte[] fingerprint)
      Deprecated.
      the revocation key mechanism is deprecated. Applications MUST NOT generate such a packet.
      Adds a revocation key sub packet.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      keyAlgorithm - algorithm of the revocation key
      fingerprint - fingerprint of the revocation key (v4 only)

    • setIssuerKeyID

      public void setIssuerKeyID(boolean isCritical, long keyID)
      Sets issuer key-id subpacket.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      keyID - id of the key that issued the signature

    • setSignatureTarget

      public void setSignatureTarget(boolean isCritical, int publicKeyAlgorithm, int hashAlgorithm, byte[] hashData)
      Sets the signature target sub packet.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      publicKeyAlgorithm - algorithm of the key that issued the signature that is being referred to.
      hashAlgorithm - hash algorithm that was used to calculate the hash data.
      hashData - hash of the signature that is being referred to.

    • setIssuerFingerprint

      public void setIssuerFingerprint(boolean isCritical, PGPSecretKey secretKey)
      Sets the signature issuer fingerprint for the signing key.
      Parameters:
      isCritical - true if critical, false otherwise.
      secretKey - the secret key used to generate the associated signature.

    • setIssuerFingerprint

      public void setIssuerFingerprint(boolean isCritical, PGPPublicKey publicKey)
      Sets the signature issuer fingerprint for the signing key.
      Parameters:
      isCritical - true if critical, false otherwise.
      publicKey - the public key needed to verify the associated signature.

    • setIntendedRecipientFingerprint

      public void setIntendedRecipientFingerprint(boolean isCritical, PGPPublicKey publicKey)
      Deprecated.
      use addIntendedRecipientFingerprint(boolean, PGPPublicKey) instead.
      Adds a intended recipient fingerprint for an encrypted payload the signature is associated with.
      Parameters:
      isCritical - true if critical, false otherwise.
      publicKey - the public key the encrypted payload was encrypted against.

    • addIntendedRecipientFingerprint

      public void addIntendedRecipientFingerprint(boolean isCritical, PGPPublicKey publicKey)
      Adds a intended recipient fingerprint for an encrypted payload the signature is associated with.
      Parameters:
      isCritical - true if critical, false otherwise.
      publicKey - the public key the encrypted payload was encrypted against.

    • addCustomSubpacket

      public void addCustomSubpacket(SignatureSubpacket subpacket)
      Add a custom subpacket. Miscellaneous subpackets are subpackets that Bouncycastle does not recognize or doesn't have first class support for.
      Parameters:
      subpacket - subpacket

    • removePacket

      public boolean removePacket(SignatureSubpacket packet)
      Remove a previously set packet from the generator.
      Parameters:
      packet - the signature subpacket to remove.

    • hasSubpacket

      public boolean hasSubpacket(int type)
      Return true if a particular subpacket type exists.
      Parameters:
      type - type to look for.
      Returns:
      true if present, false otherwise.

    • getSubpackets

      public SignatureSubpacket[] getSubpackets(int type)
      Return all signature subpackets of the passed in type currently in the generator.
      Parameters:
      type - subpacket type code
      Returns:
      an array of zero or more matching subpackets.

    • generate

      public PGPSignatureSubpacketVector generate()

    • addRegularExpression

      public void addRegularExpression(boolean isCritical, String regularExpression)
      Adds a regular expression.
      Parameters:
      isCritical - true if should be treated as critical, false otherwise.
      regularExpression - the regular expression