Package org.bouncycastle.openpgp.api

Interface OpenPGPPolicy

All Known Implementing Classes:
OpenPGPDefaultPolicy
public interface OpenPGPPolicy
Policy for OpenPGP algorithms and features.

  • Method Details

    • isAcceptableSigningKey

      default boolean isAcceptableSigningKey(PGPPublicKey key)
      Return true, if the given PGPPublicKey is an acceptable signing key. Note: Although signing requires a secret key, we perform checks on the public part for consistency.
      Parameters:
      key - key
      Returns:
      true if acceptable signing key

    • isAcceptableVerificationKey

      default boolean isAcceptableVerificationKey(PGPPublicKey key)
      Return true, if the given PGPPublicKey is an acceptable signature verification key. Note: The asymmetry between this and isAcceptableSigningKey(PGPPublicKey) is useful to prevent creation of signatures using a legacy key, while still allowing verification of signatures made using the same key.
      Parameters:
      key - key
      Returns:
      true if acceptable verification key

    • isAcceptableEncryptionKey

      default boolean isAcceptableEncryptionKey(PGPPublicKey key)
      Return true, if the given PGPPublicKey is acceptable for encrypting messages.
      Parameters:
      key - key
      Returns:
      true if acceptable encryption key

    • isAcceptableDecryptionKey

      default boolean isAcceptableDecryptionKey(PGPPublicKey key)
      Return true, if the given PGPPublicKey is acceptable for decrypting messages. Note: Although decryption requires a secret key, we perform checks on the public part for consistency. The asymmetry between this and isAcceptableEncryptionKey(PGPPublicKey) is useful to prevent creation of new encrypted messages using a legacy key, while still allowing decryption of existing messages using the same key.
      Parameters:
      key - key
      Returns:
      true if acceptable decryption key

    • isAcceptablePublicKey

      default boolean isAcceptablePublicKey(PGPPublicKey key)
      Return true, if the given PGPPublicKey is acceptable.
      Parameters:
      key - key
      Returns:
      true if acceptable key

    • isAcceptableSignature

      default boolean isAcceptableSignature(PGPSignature signature)
      Return true, if the given PGPSignature is acceptable (uses acceptable hash algorithm, does not contain unknown critical notations or subpackets). Note: A signature being acceptable does NOT mean that it is correct or valid.
      Parameters:
      signature - signature
      Returns:
      true if acceptable

    • hasAcceptableSignatureHashAlgorithm

      default boolean hasAcceptableSignatureHashAlgorithm(PGPSignature signature)
      Return true, if the given PGPSignature was made using an acceptable signature hash algorithm.
      Parameters:
      signature - signature
      Returns:
      true if hash algorithm is acceptable

    • hasAcceptableDocumentSignatureHashAlgorithm

      default boolean hasAcceptableDocumentSignatureHashAlgorithm(PGPSignature signature)
      Return true, if the PGPSignature uses an acceptable data/document signature hash algorithm.
      Parameters:
      signature - data / document signature
      Returns:
      true if hash algorithm is acceptable

    • hasAcceptableRevocationSignatureHashAlgorithm

      default boolean hasAcceptableRevocationSignatureHashAlgorithm(PGPSignature signature)
      Return true, if the PGPSignature uses an acceptable revocation signature hash algorithm.
      Parameters:
      signature - revocation signature
      Returns:
      true if hash algorithm is acceptable

    • hasAcceptableCertificationSignatureHashAlgorithm

      default boolean hasAcceptableCertificationSignatureHashAlgorithm(PGPSignature signature)
      Return true, if the PGPSignature uses an acceptable certification signature hash algorithm.
      Parameters:
      signature - certification signature
      Returns:
      true if hash algorithm is acceptable

    • hasNoCriticalUnknownNotations

      default boolean hasNoCriticalUnknownNotations(PGPSignature signature)
      Return true, if the hashed subpacket area of the signature does NOT contain unknown critical notations.
      Parameters:
      signature - signature
      Returns:
      true if signature is free from unknown critical notations

    • hasNoCriticalUnknownSubpackets

      default boolean hasNoCriticalUnknownSubpackets(PGPSignature signature)
      Return true, if the hashed subpacket area of the signature does NOT contain unknown critical subpackets.
      Parameters:
      signature - signature
      Returns:
      true if signature is free from unknown critical subpackets

    • isKnownSignatureSubpacket

      default boolean isKnownSignatureSubpacket(int signatureSubpacketTag)
      Return true, if the given signature subpacket ID is known by the implementation. Note: This method is only called for subpackets not recognized by SignatureSubpacketInputStream.
      Parameters:
      signatureSubpacketTag - signature subpacket ID
      Returns:
      true if subpacket tag is known

    • isAcceptableDocumentSignatureHashAlgorithm

      boolean isAcceptableDocumentSignatureHashAlgorithm(int hashAlgorithmId, Date signatureCreationTime)
      Return true, if the given hash algorithm is - at signature creation time - an acceptable document signature hash algorithm.
      Parameters:
      hashAlgorithmId - hash algorithm ID
      signatureCreationTime - optional signature creation time
      Returns:
      true if hash algorithm is acceptable at creation time

    • isAcceptableRevocationSignatureHashAlgorithm

      boolean isAcceptableRevocationSignatureHashAlgorithm(int hashAlgorithmId, Date signatureCreationTime)
      Return true, if the given hash algorithm is - at signature creation time - an acceptable revocation signature hash algorithm.
      Parameters:
      hashAlgorithmId - hash algorithm ID
      signatureCreationTime - optional signature creation time
      Returns:
      true if hash algorithm is acceptable at creation time

    • isAcceptableCertificationSignatureHashAlgorithm

      boolean isAcceptableCertificationSignatureHashAlgorithm(int hashAlgorithmId, Date signatureCreationTime)
      Return true, if the given hash algorithm is - at signature creation time - an acceptable certification signature hash algorithm.
      Parameters:
      hashAlgorithmId - hash algorithm ID
      signatureCreationTime - optional signature creation time
      Returns:
      true if hash algorithm is acceptable at creation time

    • getDefaultCertificationSignatureHashAlgorithm

      int getDefaultCertificationSignatureHashAlgorithm()
      Return the default certification signature hash algorithm ID. This is used as fallback, if negotiation of a commonly supported hash algorithm fails.
      Returns:
      default certification signature hash algorithm ID

    • getDefaultDocumentSignatureHashAlgorithm

      int getDefaultDocumentSignatureHashAlgorithm()
      Return the default document signature hash algorithm ID. This is used as fallback, if negotiation of a commonly supported hash algorithm fails.
      Returns:
      default document signature hash algorithm ID

    • isAcceptableSymmetricKeyAlgorithm

      boolean isAcceptableSymmetricKeyAlgorithm(int symmetricKeyAlgorithmId)
      Return true, if the given symmetric-key algorithm is acceptable.
      Parameters:
      symmetricKeyAlgorithmId - symmetric-key algorithm
      Returns:
      true if symmetric-key algorithm is acceptable

    • getDefaultSymmetricKeyAlgorithm

      int getDefaultSymmetricKeyAlgorithm()
      Return the default symmetric-key algorithm, which is used as a fallback if symmetric encryption algorithm negotiation fails.
      Returns:
      default symmetric-key algorithm

    • isAcceptablePublicKeyStrength

      boolean isAcceptablePublicKeyStrength(int publicKeyAlgorithmId, int bitStrength)
      Return true, if the given bitStrength is acceptable for the given public key algorithm ID.
      Parameters:
      publicKeyAlgorithmId - ID of a public key algorithm
      bitStrength - key bit strength
      Returns:
      true if strength is acceptable

    • getNotationRegistry

      OpenPGPPolicy.OpenPGPNotationRegistry getNotationRegistry()
      Return the policies OpenPGPPolicy.OpenPGPNotationRegistry containing known notation names.
      Returns:
      notation registry