Class KeyRingInfo


  • public class KeyRingInfo
    extends java.lang.Object
    Utility class to quickly extract certain information from a PGPPublicKeyRing/PGPSecretKeyRing.
    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  KeyRingInfo.Signatures  
    • Constructor Summary

      Constructors 
      Constructor Description
      KeyRingInfo​(org.bouncycastle.openpgp.PGPKeyRing keys)
      Evaluate the key ring right now.
      KeyRingInfo​(org.bouncycastle.openpgp.PGPKeyRing keys, java.util.Date validationDate)
      Evaluate the key ring at the provided validation date.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static KeyRingInfo evaluateForSignature​(org.bouncycastle.openpgp.PGPKeyRing keyRing, org.bouncycastle.openpgp.PGPSignature signature)
      Evaluate the key ring at creation time of the given signature.
      PublicKeyAlgorithm getAlgorithm()
      Return the algorithm of the primary key.
      java.util.Date getCreationDate()
      Return the creation date of the primary key.
      org.bouncycastle.openpgp.PGPSignature getCurrentSubkeyBindingSignature​(long keyId)
      Return the currently active subkey binding signature for the subkey with the provided key-id.
      java.util.List<java.lang.String> getEmailAddresses()
      Return a list of all user-ids of the primary key that appear to be email-addresses.
      java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getEncryptionSubkeys​(java.lang.String userId, EncryptionPurpose purpose)
      Return a list of all subkeys that can be used for encryption with the given user-id.
      java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getEncryptionSubkeys​(EncryptionPurpose purpose)
      Return a list of all subkeys which can be used for encryption of the given purpose.
      java.util.Date getExpirationDateForUse​(KeyFlag use)
      Return the latest date on which the key ring is still usable for the given key flag.
      OpenPgpV4Fingerprint getFingerprint()
      Return the OpenPgpV4Fingerprint of this key ring.
      java.util.List<KeyFlag> getKeyFlagsOf​(long keyId)
      Return the a list of KeyFlags that apply to the subkey with the provided key id.
      java.util.List<KeyFlag> getKeyFlagsOf​(java.lang.String userId)
      Return a list of KeyFlags that apply to the given user-id.
      long getKeyId()
      Return the key id of the primary key of this key ring.
      java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getKeysWithKeyFlag​(KeyFlag flag)
      Return a list of all keys which carry the provided key flag in their signature.
      java.util.Date getLastModified()
      Return the date on which the key ring was last modified.
      org.bouncycastle.openpgp.PGPSignature getLatestDirectKeySelfSignature()
      Return the latest direct-key self signature.
      java.util.Date getLatestKeyCreationDate()
      Return the creation time of the latest added subkey.
      org.bouncycastle.openpgp.PGPSignature getLatestUserIdCertification​(java.lang.String userId)
      Return the latest certification self-signature on the provided user-id.
      java.util.Set<CompressionAlgorithm> getPreferredCompressionAlgorithms​(java.lang.String userId, long keyId)
      Return the (sorted) set of preferred compression algorithms of the given key.
      java.util.Set<HashAlgorithm> getPreferredHashAlgorithms​(java.lang.String userId, long keyID)
      Return the (sorted) set of preferred hash algorithms of the given key.
      java.util.Set<SymmetricKeyAlgorithm> getPreferredSymmetricKeyAlgorithms​(java.lang.String userId, long keyId)
      Return the (sorted) set of preferred symmetric encryption algorithms of the given key.
      java.util.Date getPrimaryKeyExpirationDate()
      Return the date of expiration of the primary key or null if the key has no expiration date.
      java.lang.String getPrimaryUserId()
      Return the primary user-id of the key ring.
      org.bouncycastle.openpgp.PGPPublicKey getPublicKey()
      Return the first PGPPublicKey of this key ring.
      org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(long keyId)
      Return the public key with the given key id.
      static org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(org.bouncycastle.openpgp.PGPKeyRing keyRing, long keyId)
      Return the public key with the given key id from the provided key ring.
      org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(OpenPgpV4Fingerprint fingerprint)
      Return the public key with the given fingerprint.
      java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getPublicKeys()
      Return all PGPPublicKeys of this key ring.
      java.util.Date getRevocationDate()
      Return the date on which the primary key was revoked, or null if it has not yet been revoked.
      org.bouncycastle.openpgp.PGPSignature getRevocationSelfSignature()
      Return the latest revocation self-signature on the primary key.
      org.bouncycastle.openpgp.PGPSecretKey getSecretKey()
      Return the primary PGPSecretKey of this key ring or null if the key ring is not a PGPSecretKeyRing.
      org.bouncycastle.openpgp.PGPSecretKey getSecretKey​(long keyId)
      Return the secret key with the given key id.
      org.bouncycastle.openpgp.PGPSecretKey getSecretKey​(OpenPgpV4Fingerprint fingerprint)
      Return the secret key with the given fingerprint.
      java.util.List<org.bouncycastle.openpgp.PGPSecretKey> getSecretKeys()
      Return all secret keys of the key ring.
      java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getSigningSubkeys()
      Return a list of all subkeys which can be used to sign data.
      java.util.Date getSubkeyExpirationDate​(OpenPgpV4Fingerprint fingerprint)
      Return the expiration date of the subkey with the provided fingerprint.
      org.bouncycastle.openpgp.PGPSignature getSubkeyRevocationSignature​(long keyId)
      Return the latest subkey binding revocation signature for the subkey with the given key-id.
      org.bouncycastle.openpgp.PGPSignature getUserIdRevocation​(java.lang.String userId)
      Return the latest user-id revocation signature for the provided user-id.
      java.util.List<java.lang.String> getUserIds()
      Return a list of all user-ids of the primary key.
      java.util.List<java.lang.String> getValidUserIds()
      Return a list of valid user-ids.
      int getVersion()
      Return the version number of the public keys format.
      boolean isFullyDecrypted()
      Returns true when every secret key on the key ring is not encrypted.
      boolean isFullyEncrypted()
      Returns true when every secret key on the key ring is encrypted.
      boolean isKeyValidlyBound​(long keyId)
      Return true if the public key with the given key id is bound to the key ring properly.
      boolean isSecretKey()
      Return true if the key ring is a PGPSecretKeyRing.
      boolean isUserIdValid​(java.lang.String userId)
      Return true if the provided user-id is valid.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • KeyRingInfo

        public KeyRingInfo​(org.bouncycastle.openpgp.PGPKeyRing keys)
        Evaluate the key ring right now.
        Parameters:
        keys - key ring
      • KeyRingInfo

        public KeyRingInfo​(org.bouncycastle.openpgp.PGPKeyRing keys,
                           java.util.Date validationDate)
        Evaluate the key ring at the provided validation date.
        Parameters:
        keys - key ring
        validationDate - date of validation
    • Method Detail

      • evaluateForSignature

        public static KeyRingInfo evaluateForSignature​(org.bouncycastle.openpgp.PGPKeyRing keyRing,
                                                       org.bouncycastle.openpgp.PGPSignature signature)
        Evaluate the key ring at creation time of the given signature.
        Parameters:
        keyRing - key ring
        signature - signature
        Returns:
        info of key ring at signature creation time
      • getPublicKey

        public org.bouncycastle.openpgp.PGPPublicKey getPublicKey()
        Return the first PGPPublicKey of this key ring.
        Returns:
        public key
      • getPublicKey

        @Nullable
        public org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(OpenPgpV4Fingerprint fingerprint)
        Return the public key with the given fingerprint.
        Parameters:
        fingerprint - fingerprint
        Returns:
        public key or null
      • getPublicKey

        @Nullable
        public org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(long keyId)
        Return the public key with the given key id.
        Parameters:
        keyId - key id
        Returns:
        public key or null
      • getPublicKey

        @Nullable
        public static org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(org.bouncycastle.openpgp.PGPKeyRing keyRing,
                                                                         long keyId)
        Return the public key with the given key id from the provided key ring.
        Parameters:
        keyRing - key ring
        keyId - key id
        Returns:
        public key or null
      • isKeyValidlyBound

        public boolean isKeyValidlyBound​(long keyId)
        Return true if the public key with the given key id is bound to the key ring properly.
        Parameters:
        keyId - key id
        Returns:
        true if key is bound validly
      • getPublicKeys

        public java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getPublicKeys()
        Return all PGPPublicKeys of this key ring. The first key in the list being the primary key. Note that the list is unmodifiable.
        Returns:
        list of public keys
      • getSecretKey

        @Nullable
        public org.bouncycastle.openpgp.PGPSecretKey getSecretKey()
        Return the primary PGPSecretKey of this key ring or null if the key ring is not a PGPSecretKeyRing.
        Returns:
        primary secret key or null if the key ring is public
      • getSecretKey

        @Nullable
        public org.bouncycastle.openpgp.PGPSecretKey getSecretKey​(OpenPgpV4Fingerprint fingerprint)
        Return the secret key with the given fingerprint.
        Parameters:
        fingerprint - fingerprint
        Returns:
        secret key or null
      • getSecretKey

        @Nullable
        public org.bouncycastle.openpgp.PGPSecretKey getSecretKey​(long keyId)
        Return the secret key with the given key id.
        Parameters:
        keyId - key id
        Returns:
        secret key or null
      • getSecretKeys

        public java.util.List<org.bouncycastle.openpgp.PGPSecretKey> getSecretKeys()
        Return all secret keys of the key ring. If the key ring is a PGPPublicKeyRing, then return an empty list. Note that the list is unmodifiable.
        Returns:
        list of secret keys
      • getKeyId

        public long getKeyId()
        Return the key id of the primary key of this key ring.
        Returns:
        key id
      • getPrimaryUserId

        @Nullable
        public java.lang.String getPrimaryUserId()
        Return the primary user-id of the key ring. Note: If no user-id is marked as primary key using a PrimaryUserID packet, this method returns the first valid user-id, otherwise null.
        Returns:
        primary user-id or null
      • getUserIds

        public java.util.List<java.lang.String> getUserIds()
        Return a list of all user-ids of the primary key. Note: This list might also contain expired / revoked user-ids. Consider using getValidUserIds() instead.
        Returns:
        list of user-ids
      • getValidUserIds

        public java.util.List<java.lang.String> getValidUserIds()
        Return a list of valid user-ids.
        Returns:
        valid user-ids
      • isUserIdValid

        public boolean isUserIdValid​(java.lang.String userId)
        Return true if the provided user-id is valid.
        Parameters:
        userId - user-id
        Returns:
        true if user-id is valid
      • getEmailAddresses

        public java.util.List<java.lang.String> getEmailAddresses()
        Return a list of all user-ids of the primary key that appear to be email-addresses. Note: This list might contain expired / revoked user-ids.
        Returns:
        email addresses
      • getLatestDirectKeySelfSignature

        @Nullable
        public org.bouncycastle.openpgp.PGPSignature getLatestDirectKeySelfSignature()
        Return the latest direct-key self signature. Note: This signature might be expired (check with SignatureUtils.isSignatureExpired(PGPSignature)).
        Returns:
        latest direct key self-signature or null
      • getRevocationSelfSignature

        @Nullable
        public org.bouncycastle.openpgp.PGPSignature getRevocationSelfSignature()
        Return the latest revocation self-signature on the primary key.
        Returns:
        revocation or null
      • getLatestUserIdCertification

        @Nullable
        public org.bouncycastle.openpgp.PGPSignature getLatestUserIdCertification​(java.lang.String userId)
        Return the latest certification self-signature on the provided user-id.
        Parameters:
        userId - user-id
        Returns:
        certification signature or null
      • getUserIdRevocation

        @Nullable
        public org.bouncycastle.openpgp.PGPSignature getUserIdRevocation​(java.lang.String userId)
        Return the latest user-id revocation signature for the provided user-id.
        Parameters:
        userId - user-id
        Returns:
        revocation or null
      • getCurrentSubkeyBindingSignature

        @Nullable
        public org.bouncycastle.openpgp.PGPSignature getCurrentSubkeyBindingSignature​(long keyId)
        Return the currently active subkey binding signature for the subkey with the provided key-id.
        Parameters:
        keyId - subkey id
        Returns:
        subkey binding signature or null
      • getSubkeyRevocationSignature

        @Nullable
        public org.bouncycastle.openpgp.PGPSignature getSubkeyRevocationSignature​(long keyId)
        Return the latest subkey binding revocation signature for the subkey with the given key-id.
        Parameters:
        keyId - subkey id
        Returns:
        subkey binding revocation or null
      • getKeyFlagsOf

        @Nonnull
        public java.util.List<KeyFlag> getKeyFlagsOf​(long keyId)
        Return the a list of KeyFlags that apply to the subkey with the provided key id.
        Parameters:
        keyId - key-id
        Returns:
        list of key flags
      • getKeyFlagsOf

        @Nonnull
        public java.util.List<KeyFlag> getKeyFlagsOf​(java.lang.String userId)
        Return a list of KeyFlags that apply to the given user-id.
        Parameters:
        userId - user-id
        Returns:
        key flags
      • getAlgorithm

        public PublicKeyAlgorithm getAlgorithm()
        Return the algorithm of the primary key.
        Returns:
        public key algorithm
      • getCreationDate

        public java.util.Date getCreationDate()
        Return the creation date of the primary key.
        Returns:
        creation date
      • getLastModified

        @Nullable
        public java.util.Date getLastModified()
        Return the date on which the key ring was last modified. This date corresponds to the date of the last signature that was made on this key ring by the primary key.
        Returns:
        last modification date.
      • getLatestKeyCreationDate

        @Nonnull
        public java.util.Date getLatestKeyCreationDate()
        Return the creation time of the latest added subkey.
        Returns:
        latest key creation time
      • getRevocationDate

        @Nullable
        public java.util.Date getRevocationDate()
        Return the date on which the primary key was revoked, or null if it has not yet been revoked.
        Returns:
        revocation date or null
      • getPrimaryKeyExpirationDate

        @Nullable
        public java.util.Date getPrimaryKeyExpirationDate()
        Return the date of expiration of the primary key or null if the key has no expiration date.
        Returns:
        expiration date
      • getSubkeyExpirationDate

        @Nullable
        public java.util.Date getSubkeyExpirationDate​(OpenPgpV4Fingerprint fingerprint)
        Return the expiration date of the subkey with the provided fingerprint.
        Parameters:
        fingerprint - subkey fingerprint
        Returns:
        expiration date or null
      • getExpirationDateForUse

        public java.util.Date getExpirationDateForUse​(KeyFlag use)
        Return the latest date on which the key ring is still usable for the given key flag. If a only a subkey is carrying the required flag and the primary key expires earlier than the subkey, the expiry date of the primary key is returned. This method might return null, if the primary key and a subkey with the required flag does not expire.
        Parameters:
        use - key flag representing the use case, eg. KeyFlag.SIGN_DATA or KeyFlag.ENCRYPT_COMMS/KeyFlag.ENCRYPT_STORAGE.
        Returns:
        latest date on which the key ring can be used for the given use case, or null if it can be used indefinitely.
      • isSecretKey

        public boolean isSecretKey()
        Return true if the key ring is a PGPSecretKeyRing. If it is a PGPPublicKeyRing return false and if it is neither, throw an AssertionError.
        Returns:
        true if the key ring is a secret key ring.
      • isFullyDecrypted

        public boolean isFullyDecrypted()
        Returns true when every secret key on the key ring is not encrypted. If there is at least one encrypted secret key on the key ring, returns false. If the key ring is a PGPPublicKeyRing, returns true. Sub-keys with S2K of a type GNU_DUMMY_S2K do not affect the result.
        Returns:
        true if all secret keys are unencrypted.
      • isFullyEncrypted

        public boolean isFullyEncrypted()
        Returns true when every secret key on the key ring is encrypted. If there is at least one not encrypted secret key on the key ring, returns false. If the key ring is a PGPPublicKeyRing, returns false. Sub-keys with S2K of a type GNU_DUMMY_S2K do not affect a result.
        Returns:
        true if all secret keys are encrypted.
      • getVersion

        public int getVersion()
        Return the version number of the public keys format.
        Returns:
        version
      • getEncryptionSubkeys

        @Nonnull
        public java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getEncryptionSubkeys​(EncryptionPurpose purpose)
        Return a list of all subkeys which can be used for encryption of the given purpose. This list does not include expired or revoked keys.
        Parameters:
        purpose - purpose (encrypt data at rest / communications)
        Returns:
        encryption subkeys
      • getKeysWithKeyFlag

        public java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getKeysWithKeyFlag​(KeyFlag flag)
        Return a list of all keys which carry the provided key flag in their signature.
        Parameters:
        flag - flag
        Returns:
        keys with flag
      • getEncryptionSubkeys

        @Nonnull
        public java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getEncryptionSubkeys​(java.lang.String userId,
                                                                                          EncryptionPurpose purpose)
        Return a list of all subkeys that can be used for encryption with the given user-id. This list does not include expired or revoked keys. TODO: Does it make sense to pass in a user-id? Aren't the encryption subkeys the same, regardless of which user-id is used?
        Parameters:
        userId - user-id
        purpose - encryption purpose
        Returns:
        encryption subkeys
      • getSigningSubkeys

        @Nonnull
        public java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getSigningSubkeys()
        Return a list of all subkeys which can be used to sign data.
        Returns:
        signing keys
      • getPreferredHashAlgorithms

        public java.util.Set<HashAlgorithm> getPreferredHashAlgorithms​(@Nullable
                                                                       java.lang.String userId,
                                                                       long keyID)
        Return the (sorted) set of preferred hash algorithms of the given key.
        Parameters:
        userId - user-id. If this is non-null, the hash algorithms are being extracted from the user-id certification signature first.
        keyID - if of the key in question
        Returns:
        hash algorithm preferences
      • getPreferredSymmetricKeyAlgorithms

        public java.util.Set<SymmetricKeyAlgorithm> getPreferredSymmetricKeyAlgorithms​(@Nullable
                                                                                       java.lang.String userId,
                                                                                       long keyId)
        Return the (sorted) set of preferred symmetric encryption algorithms of the given key.
        Parameters:
        userId - user-id. If this is non-null, the symmetric encryption algorithms are being extracted from the user-id certification signature first.
        keyId - if of the key in question
        Returns:
        symmetric encryption algorithm preferences
      • getPreferredCompressionAlgorithms

        public java.util.Set<CompressionAlgorithm> getPreferredCompressionAlgorithms​(@Nullable
                                                                                     java.lang.String userId,
                                                                                     long keyId)
        Return the (sorted) set of preferred compression algorithms of the given key.
        Parameters:
        userId - user-id. If this is non-null, the compression algorithms are being extracted from the user-id certification signature first.
        keyId - if of the key in question
        Returns:
        compression algorithm preferences