Class ConsumerOptions
- java.lang.Object
-
- org.pgpainless.decryption_verification.ConsumerOptions
-
public class ConsumerOptions extends java.lang.Object
Options for decryption and signature verification.
-
-
Constructor Summary
Constructors Constructor Description ConsumerOptions()
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description ConsumerOptions
addDecryptionKey(org.bouncycastle.openpgp.PGPSecretKeyRing key)
Add a key for message decryption.ConsumerOptions
addDecryptionKey(org.bouncycastle.openpgp.PGPSecretKeyRing key, SecretKeyRingProtector keyRingProtector)
Add a key for message decryption.ConsumerOptions
addDecryptionKeys(org.bouncycastle.openpgp.PGPSecretKeyRingCollection keys, SecretKeyRingProtector keyRingProtector)
Add the keys in the provided key collection for message decryption.ConsumerOptions
addDecryptionPassphrase(Passphrase passphrase)
Add a passphrase for message decryption.ConsumerOptions
addVerificationCert(org.bouncycastle.openpgp.PGPPublicKeyRing verificationCert)
Add a certificate (public key ring) for signature verification.ConsumerOptions
addVerificationCerts(org.bouncycastle.openpgp.PGPPublicKeyRingCollection verificationCerts)
Add a set of certificates (public key rings) for signature verification.ConsumerOptions
addVerificationOfDetachedSignature(org.bouncycastle.openpgp.PGPSignature detachedSignature)
Add a detached signature for the signature verification process.ConsumerOptions
addVerificationOfDetachedSignatures(java.io.InputStream signatureInputStream)
ConsumerOptions
addVerificationOfDetachedSignatures(java.util.List<org.bouncycastle.openpgp.PGPSignature> detachedSignatures)
java.util.Set<org.bouncycastle.openpgp.PGPPublicKeyRing>
getCertificates()
java.util.Set<org.bouncycastle.openpgp.PGPSecretKeyRing>
getDecryptionKeys()
java.util.Set<Passphrase>
getDecryptionPassphrases()
java.util.Set<org.bouncycastle.openpgp.PGPSignature>
getDetachedSignatures()
MissingPublicKeyCallback
getMissingCertificateCallback()
MultiPassStrategy
getMultiPassStrategy()
Return the currently configuredMultiPassStrategy
.SecretKeyRingProtector
getSecretKeyProtector(org.bouncycastle.openpgp.PGPSecretKeyRing decryptionKeyRing)
byte[]
getSessionKey()
Return the session key.java.util.Date
getVerifyNotAfter()
Return the latest possible creation date on which signatures made on the message are considered valid.java.util.Date
getVerifyNotBefore()
Return the earliest creation date on which signatures on the message are considered valid.ConsumerOptions
setIgnoreMDCErrors(boolean ignoreMDCErrors)
Deprecated.ConsumerOptions
setMissingCertificateCallback(MissingPublicKeyCallback callback)
Set a callback that's used when a certificate (public key) is missing for signature verification.ConsumerOptions
setMissingKeyPassphraseStrategy(MissingKeyPassphraseStrategy strategy)
Specify theMissingKeyPassphraseStrategy
.ConsumerOptions
setMultiPassStrategy(MultiPassStrategy multiPassStrategy)
Set a custom multi-pass strategy for processing cleartext-signed messages.ConsumerOptions
setSessionKey(byte[] sessionKey)
Attempt decryption using a session key.ConsumerOptions
verifyNotAfter(java.util.Date timestamp)
Consider signatures on the message made after the given timestamp invalid.ConsumerOptions
verifyNotBefore(java.util.Date timestamp)
Consider signatures on the message made before the given timestamp invalid.
-
-
-
Method Detail
-
verifyNotBefore
public ConsumerOptions verifyNotBefore(java.util.Date timestamp)
Consider signatures on the message made before the given timestamp invalid. Null means no limitation.- Parameters:
timestamp
- timestamp- Returns:
- options
-
getVerifyNotBefore
@Nullable public java.util.Date getVerifyNotBefore()
Return the earliest creation date on which signatures on the message are considered valid. Signatures made earlier than this date are considered invalid.- Returns:
- earliest allowed signature creation date or null
-
verifyNotAfter
public ConsumerOptions verifyNotAfter(java.util.Date timestamp)
Consider signatures on the message made after the given timestamp invalid. Null means no limitation.- Parameters:
timestamp
- timestamp- Returns:
- options
-
getVerifyNotAfter
public java.util.Date getVerifyNotAfter()
Return the latest possible creation date on which signatures made on the message are considered valid. Signatures made later than this date are considered invalid.- Returns:
- Latest possible creation date or null.
-
addVerificationCert
public ConsumerOptions addVerificationCert(org.bouncycastle.openpgp.PGPPublicKeyRing verificationCert)
Add a certificate (public key ring) for signature verification.- Parameters:
verificationCert
- certificate for signature verification- Returns:
- options
-
addVerificationCerts
public ConsumerOptions addVerificationCerts(org.bouncycastle.openpgp.PGPPublicKeyRingCollection verificationCerts)
Add a set of certificates (public key rings) for signature verification.- Parameters:
verificationCerts
- certificates for signature verification- Returns:
- options
-
addVerificationOfDetachedSignatures
public ConsumerOptions addVerificationOfDetachedSignatures(java.io.InputStream signatureInputStream) throws java.io.IOException, org.bouncycastle.openpgp.PGPException
- Throws:
java.io.IOException
org.bouncycastle.openpgp.PGPException
-
addVerificationOfDetachedSignatures
public ConsumerOptions addVerificationOfDetachedSignatures(java.util.List<org.bouncycastle.openpgp.PGPSignature> detachedSignatures)
-
addVerificationOfDetachedSignature
public ConsumerOptions addVerificationOfDetachedSignature(org.bouncycastle.openpgp.PGPSignature detachedSignature)
Add a detached signature for the signature verification process.- Parameters:
detachedSignature
- detached signature- Returns:
- options
-
setMissingCertificateCallback
public ConsumerOptions setMissingCertificateCallback(MissingPublicKeyCallback callback)
Set a callback that's used when a certificate (public key) is missing for signature verification.- Parameters:
callback
- callback- Returns:
- options
-
setSessionKey
public ConsumerOptions setSessionKey(@Nonnull byte[] sessionKey)
Attempt decryption using a session key. Note: PGPainless does not yet support decryption with session keys. TODO: Add support for decryption using session key.- Parameters:
sessionKey
- session key- Returns:
- options
- See Also:
- RFC4880 on Session Keys
-
getSessionKey
@Nullable public byte[] getSessionKey()
Return the session key.- Returns:
- session key or null
-
addDecryptionKey
public ConsumerOptions addDecryptionKey(@Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing key)
Add a key for message decryption. The key is expected to be unencrypted.- Parameters:
key
- unencrypted key- Returns:
- options
-
addDecryptionKey
public ConsumerOptions addDecryptionKey(@Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing key, @Nonnull SecretKeyRingProtector keyRingProtector)
Add a key for message decryption. If the key is encrypted, theSecretKeyRingProtector
is used to decrypt it when needed.- Parameters:
key
- keykeyRingProtector
- protector for the secret key- Returns:
- options
-
addDecryptionKeys
public ConsumerOptions addDecryptionKeys(@Nonnull org.bouncycastle.openpgp.PGPSecretKeyRingCollection keys, @Nonnull SecretKeyRingProtector keyRingProtector)
Add the keys in the provided key collection for message decryption.- Parameters:
keys
- key collectionkeyRingProtector
- protector for encrypted secret keys- Returns:
- options
-
addDecryptionPassphrase
public ConsumerOptions addDecryptionPassphrase(@Nonnull Passphrase passphrase)
Add a passphrase for message decryption. This passphrase will be used to try to decrypt messages which were symmetrically encrypted for a passphrase.- Parameters:
passphrase
- passphrase- Returns:
- options
- See Also:
- Symmetrically Encrypted Data Packet
-
getDecryptionKeys
@Nonnull public java.util.Set<org.bouncycastle.openpgp.PGPSecretKeyRing> getDecryptionKeys()
-
getDecryptionPassphrases
@Nonnull public java.util.Set<Passphrase> getDecryptionPassphrases()
-
getCertificates
@Nonnull public java.util.Set<org.bouncycastle.openpgp.PGPPublicKeyRing> getCertificates()
-
getMissingCertificateCallback
@Nullable public MissingPublicKeyCallback getMissingCertificateCallback()
-
getSecretKeyProtector
@Nonnull public SecretKeyRingProtector getSecretKeyProtector(org.bouncycastle.openpgp.PGPSecretKeyRing decryptionKeyRing)
-
getDetachedSignatures
@Nonnull public java.util.Set<org.bouncycastle.openpgp.PGPSignature> getDetachedSignatures()
-
setIgnoreMDCErrors
@Deprecated public ConsumerOptions setIgnoreMDCErrors(boolean ignoreMDCErrors)
Deprecated.By default, PGPainless will require encrypted messages to make use of SEIP data packets. Those are Symmetrically Encrypted Integrity Protected Data packets. Symmetrically Encrypted Data Packets without integrity protection are rejected by default. Furthermore, PGPainless will throw an exception if verification of the MDC error detection code of the SEIP packet fails. Failure of MDC verification indicates a tampered ciphertext, which might be the cause of an attack or data corruption. This method can be used to ignore MDC errors and allow PGPainless to consume encrypted data without integrity protection. If the flagignoreMDCErrors
is set to true, PGPainless will- not throw exceptions for SEIP packets with tampered ciphertext
- not throw exceptions for SEIP packets with tampered MDC
- not throw exceptions for MDCs with bad CTB
- not throw exceptions for MDCs with bad length
- Parameters:
ignoreMDCErrors
- true if MDC errors or missing MDCs shall be ignored, false otherwise.- Returns:
- options
- See Also:
- Sym. Encrypted Integrity Protected Data Packet
-
setMissingKeyPassphraseStrategy
public ConsumerOptions setMissingKeyPassphraseStrategy(MissingKeyPassphraseStrategy strategy)
Specify theMissingKeyPassphraseStrategy
. This strategy defines, how missing passphrases for unlocking secret keys are handled. In interactive mode (MissingKeyPassphraseStrategy.INTERACTIVE
) PGPainless will try to obtain missing passphrases for secret keys via theSecretKeyRingProtectors
SecretKeyPassphraseProvider
callback. In non-interactice mode (MissingKeyPassphraseStrategy.THROW_EXCEPTION
, PGPainless will instead throw aMissingPassphraseException
containing the ids of all keys for which there are missing passphrases.- Parameters:
strategy
- strategy- Returns:
- options
-
setMultiPassStrategy
public ConsumerOptions setMultiPassStrategy(@Nonnull MultiPassStrategy multiPassStrategy)
Set a custom multi-pass strategy for processing cleartext-signed messages. UsesInMemoryMultiPassStrategy
by default.- Parameters:
multiPassStrategy
- multi-pass caching strategy- Returns:
- builder
-
getMultiPassStrategy
public MultiPassStrategy getMultiPassStrategy()
Return the currently configuredMultiPassStrategy
. Defaults toInMemoryMultiPassStrategy
.- Returns:
- multi-pass strategy
-
-