Class SigningOptions

java.lang.Object
org.pgpainless.encryption_signing.SigningOptions

public final class SigningOptions extends Object
  • Constructor Details

    • SigningOptions

      public SigningOptions()
  • Method Details

    • get

      @Nonnull public static SigningOptions get()
    • setEvaluationDate

      public SigningOptions setEvaluationDate(@Nonnull Date evaluationDate)
      Override the evaluation date for signing keys with the given date.
      Parameters:
      evaluationDate - new evaluation date
      Returns:
      this
    • addSignature

      @Nonnull public SigningOptions addSignature(@Nonnull SecretKeyRingProtector signingKeyProtector, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing signingKey) throws org.bouncycastle.openpgp.PGPException
      Sign the message using an inline signature made by the provided signing key.
      Parameters:
      signingKeyProtector - protector to unlock the signing key
      signingKey - key ring containing the signing key
      Returns:
      this
      Throws:
      KeyException - if something is wrong with the key
      org.bouncycastle.openpgp.PGPException - if the key cannot be unlocked or a signing method cannot be created
    • addInlineSignatures

      @Nonnull public SigningOptions addInlineSignatures(@Nonnull SecretKeyRingProtector secrectKeyDecryptor, @Nonnull Iterable<org.bouncycastle.openpgp.PGPSecretKeyRing> signingKeys, @Nonnull DocumentSignatureType signatureType) throws KeyException, org.bouncycastle.openpgp.PGPException
      Add inline signatures with all secret key rings in the provided secret key ring collection.
      Parameters:
      secrectKeyDecryptor - decryptor to unlock the signing secret keys
      signingKeys - collection of signing keys
      signatureType - type of signature (binary, canonical text)
      Returns:
      this
      Throws:
      KeyException - if something is wrong with any of the keys
      org.bouncycastle.openpgp.PGPException - if any of the keys cannot be unlocked or a signing method cannot be created
    • addInlineSignature

      @Nonnull public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, @Nonnull DocumentSignatureType signatureType) throws KeyException, org.bouncycastle.openpgp.PGPException
      Add an inline-signature. Inline signatures are being embedded into the message itself and can be processed in one pass, thanks to the use of one-pass-signature packets.
      Parameters:
      secretKeyDecryptor - decryptor to unlock the signing secret key
      secretKey - signing key
      signatureType - type of signature (binary, canonical text)
      Returns:
      this
      Throws:
      KeyException - if something is wrong with the key
      org.bouncycastle.openpgp.PGPException - if the key cannot be unlocked or the signing method cannot be created
    • addInlineSignature

      @Nonnull public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, @Nullable CharSequence userId, @Nonnull DocumentSignatureType signatureType) throws KeyException, org.bouncycastle.openpgp.PGPException
      Add an inline-signature. Inline signatures are being embedded into the message itself and can be processed in one pass, thanks to the use of one-pass-signature packets.

      This method uses the passed in user-id to select user-specific hash algorithms.

      Parameters:
      secretKeyDecryptor - decryptor to unlock the signing secret key
      secretKey - signing key
      userId - user-id of the signer
      signatureType - signature type (binary, canonical text)
      Returns:
      this
      Throws:
      KeyException - if something is wrong with the key
      org.bouncycastle.openpgp.PGPException - if the key cannot be unlocked or the signing method cannot be created
    • addInlineSignature

      @Nonnull public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, @Nullable CharSequence userId, @Nonnull DocumentSignatureType signatureType, @Nullable BaseSignatureSubpackets.Callback subpacketsCallback) throws KeyException, org.bouncycastle.openpgp.PGPException
      Add an inline-signature. Inline signatures are being embedded into the message itself and can be processed in one pass, thanks to the use of one-pass-signature packets.

      This method uses the passed in user-id to select user-specific hash algorithms.

      Parameters:
      secretKeyDecryptor - decryptor to unlock the signing secret key
      secretKey - signing key
      userId - user-id of the signer
      signatureType - signature type (binary, canonical text)
      subpacketsCallback - callback to modify the hashed and unhashed subpackets of the signature
      Returns:
      this
      Throws:
      KeyException - if the key is invalid
      org.bouncycastle.openpgp.PGPException - if the key cannot be unlocked or the signing method cannot be created
    • addInlineSignature

      @Nonnull public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, long keyId) throws org.bouncycastle.openpgp.PGPException
      Create a binary inline signature using the signing key with the given keyId.
      Parameters:
      secretKeyDecryptor - decryptor to unlock the secret key
      secretKey - secret key ring
      keyId - keyId of the signing (sub-)key
      Returns:
      builder
      Throws:
      org.bouncycastle.openpgp.PGPException - if the secret key cannot be unlocked or if no signing method can be created.
      KeyException.UnacceptableSigningKeyException - if the key ring does not carry any signing-capable subkeys
      KeyException.MissingSecretKeyException - if the key ring does not contain the identified secret key
    • addInlineSignature

      @Nonnull public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, long keyId, @Nonnull DocumentSignatureType signatureType, @Nullable BaseSignatureSubpackets.Callback subpacketsCallback) throws org.bouncycastle.openpgp.PGPException
      Create an inline signature using the signing key with the given keyId.
      Parameters:
      secretKeyDecryptor - decryptor to unlock the secret key
      secretKey - secret key ring
      keyId - keyId of the signing (sub-)key
      signatureType - signature type
      subpacketsCallback - callback to modify the signatures subpackets
      Returns:
      builder
      Throws:
      org.bouncycastle.openpgp.PGPException - if the secret key cannot be unlocked or if no signing method can be created.
      KeyException.UnacceptableSigningKeyException - if the key ring does not carry any signing-capable subkeys
      KeyException.MissingSecretKeyException - if the key ring does not contain the identified secret key
    • addDetachedSignatures

      @Nonnull public SigningOptions addDetachedSignatures(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull Iterable<org.bouncycastle.openpgp.PGPSecretKeyRing> signingKeys, @Nonnull DocumentSignatureType signatureType) throws org.bouncycastle.openpgp.PGPException
      Add detached signatures with all key rings from the provided secret key ring collection.
      Parameters:
      secretKeyDecryptor - decryptor to unlock the secret signing keys
      signingKeys - collection of signing key rings
      signatureType - type of the signature (binary, canonical text)
      Returns:
      this
      Throws:
      KeyException - if something is wrong with any of the keys
      org.bouncycastle.openpgp.PGPException - if any of the keys cannot be validated or unlocked, or if any signing method cannot be created
    • addDetachedSignature

      @Nonnull public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing signingKey) throws org.bouncycastle.openpgp.PGPException
      Create a detached signature. The signature will be of type DocumentSignatureType.BINARY_DOCUMENT.
      Parameters:
      secretKeyDecryptor - decryptor to unlock the secret signing key
      signingKey - signing key
      Returns:
      this
      Throws:
      KeyException - if something is wrong with the key
      org.bouncycastle.openpgp.PGPException - if the key cannot be validated or unlocked, or if no signature method can be created
    • addDetachedSignature

      @Nonnull public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, @Nonnull DocumentSignatureType signatureType) throws org.bouncycastle.openpgp.PGPException
      Create a detached signature. Detached signatures are not being added into the PGP message itself. Instead, they can be distributed separately to the message. Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).
      Parameters:
      secretKeyDecryptor - decryptor to unlock the secret signing key
      secretKey - signing key
      signatureType - type of data that is signed (binary, canonical text)
      Returns:
      this
      Throws:
      KeyException - if something is wrong with the key
      org.bouncycastle.openpgp.PGPException - if the key cannot be validated or unlocked, or if no signature method can be created
    • addDetachedSignature

      @Nonnull public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, @Nullable CharSequence userId, @Nonnull DocumentSignatureType signatureType) throws org.bouncycastle.openpgp.PGPException
      Create a detached signature. Detached signatures are not being added into the PGP message itself. Instead, they can be distributed separately to the message. Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).

      This method uses the passed in user-id to select user-specific hash algorithms.

      Parameters:
      secretKeyDecryptor - decryptor to unlock the secret signing key
      secretKey - signing key
      userId - user-id
      signatureType - type of data that is signed (binary, canonical text)
      Returns:
      this
      Throws:
      KeyException - if something is wrong with the key
      org.bouncycastle.openpgp.PGPException - if the key cannot be validated or unlocked, or if no signature method can be created
    • addDetachedSignature

      @Nonnull public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, @Nullable CharSequence userId, @Nonnull DocumentSignatureType signatureType, @Nullable BaseSignatureSubpackets.Callback subpacketCallback) throws org.bouncycastle.openpgp.PGPException
      Create a detached signature. Detached signatures are not being added into the PGP message itself. Instead, they can be distributed separately to the message. Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).

      This method uses the passed in user-id to select user-specific hash algorithms.

      Parameters:
      secretKeyDecryptor - decryptor to unlock the secret signing key
      secretKey - signing key
      userId - user-id
      signatureType - type of data that is signed (binary, canonical text)
      subpacketCallback - callback to modify hashed and unhashed subpackets of the signature
      Returns:
      this
      Throws:
      KeyException - if something is wrong with the key
      org.bouncycastle.openpgp.PGPException - if the key cannot be validated or unlocked, or if no signature method can be created
    • addDetachedSignature

      @Nonnull public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, long keyId) throws org.bouncycastle.openpgp.PGPException
      Create a detached binary signature using the signing key with the given keyId.
      Parameters:
      secretKeyDecryptor - decryptor to unlock the secret key
      secretKey - secret key ring
      keyId - keyId of the signing (sub-)key
      Returns:
      builder
      Throws:
      org.bouncycastle.openpgp.PGPException - if the secret key cannot be unlocked or if no signing method can be created.
      KeyException.UnacceptableSigningKeyException - if the key ring does not carry any signing-capable subkeys
      KeyException.MissingSecretKeyException - if the key ring does not contain the identified secret key
    • addDetachedSignature

      @Nonnull public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, long keyId, @Nonnull DocumentSignatureType signatureType, @Nullable BaseSignatureSubpackets.Callback subpacketsCallback) throws org.bouncycastle.openpgp.PGPException
      Create a detached signature using the signing key with the given keyId.
      Parameters:
      secretKeyDecryptor - decryptor to unlock the secret key
      secretKey - secret key ring
      keyId - keyId of the signing (sub-)key
      signatureType - signature type
      subpacketsCallback - callback to modify the signatures subpackets
      Returns:
      builder
      Throws:
      org.bouncycastle.openpgp.PGPException - if the secret key cannot be unlocked or if no signing method can be created.
      KeyException.UnacceptableSigningKeyException - if the key ring does not carry any signing-capable subkeys
      KeyException.MissingSecretKeyException - if the key ring does not contain the identified secret key
    • overrideHashAlgorithm

      @Nonnull public SigningOptions overrideHashAlgorithm(@Nonnull HashAlgorithm hashAlgorithmOverride)
      Override hash algorithm negotiation by dictating which hash algorithm needs to be used. If no override has been set, an accetable algorithm will be negotiated instead.

      Note: To override the hash algorithm for signing, call this method *before* calling addInlineSignature(SecretKeyRingProtector, PGPSecretKeyRing, DocumentSignatureType) or addDetachedSignature(SecretKeyRingProtector, PGPSecretKeyRing, DocumentSignatureType).

      Parameters:
      hashAlgorithmOverride - override hash algorithm
      Returns:
      this
    • getHashAlgorithmOverride

      @Nullable public HashAlgorithm getHashAlgorithmOverride()
      Return the hash algorithm override (or null if no override is set).
      Returns:
      hash algorithm override