Package org.pgpainless.policy

Class Policy

  • public final class Policy
extends java.lang.Object
    Policy class used to configure acceptable algorithm suites etc.

    • Method Detail

      • getInstance

        public static Policy getInstance()
        Return the singleton instance of PGPainless' policy.
        Returns:
        singleton instance

      • getSignatureHashAlgorithmPolicy

        public Policy.HashAlgorithmPolicy getSignatureHashAlgorithmPolicy()
        Return the hash algorithm policy for signatures.
        Returns:
        hash algorithm policy

      • setSignatureHashAlgorithmPolicy

        public void setSignatureHashAlgorithmPolicy​(Policy.HashAlgorithmPolicy policy)
        Set a custom hash algorithm policy for signatures.
        Parameters:
        policy - custom policy

      • getRevocationSignatureHashAlgorithmPolicy

        public Policy.HashAlgorithmPolicy getRevocationSignatureHashAlgorithmPolicy()
        Return the hash algorithm policy for revocations. This policy is separate from getSignatureHashAlgorithmPolicy(), as PGPainless by default uses a less strict policy when it comes to acceptable algorithms.
        Returns:
        revocation signature hash algorithm policy

      • setRevocationSignatureHashAlgorithmPolicy

        public void setRevocationSignatureHashAlgorithmPolicy​(Policy.HashAlgorithmPolicy policy)
        Set a custom hash algorithm policy for revocations.
        Parameters:
        policy - custom policy

      • getSymmetricKeyEncryptionAlgorithmPolicy

        public Policy.SymmetricKeyAlgorithmPolicy getSymmetricKeyEncryptionAlgorithmPolicy()
        Return the symmetric encryption algorithm policy for encryption. This policy defines which symmetric algorithms are acceptable when producing encrypted messages.
        Returns:
        symmetric algorithm policy for encryption

      • getSymmetricKeyDecryptionAlgorithmPolicy

        public Policy.SymmetricKeyAlgorithmPolicy getSymmetricKeyDecryptionAlgorithmPolicy()
        Return the symmetric encryption algorithm policy for decryption. This policy defines which symmetric algorithms are acceptable when decrypting encrypted messages.
        Returns:
        symmetric algorithm policy for decryption

      • setSymmetricKeyEncryptionAlgorithmPolicy

        public void setSymmetricKeyEncryptionAlgorithmPolicy​(Policy.SymmetricKeyAlgorithmPolicy policy)
        Set a custom symmetric encryption algorithm policy for encrypting messages.
        Parameters:
        policy - custom policy

      • setSymmetricKeyDecryptionAlgorithmPolicy

        public void setSymmetricKeyDecryptionAlgorithmPolicy​(Policy.SymmetricKeyAlgorithmPolicy policy)
        Set a custom symmetric encryption algorithm policy for decrypting messages.
        Parameters:
        policy - custom policy

      • getPublicKeyAlgorithmPolicy

        public Policy.PublicKeyAlgorithmPolicy getPublicKeyAlgorithmPolicy()
        Return the current public key algorithm policy.
        Returns:
        public key algorithm policy

      • setPublicKeyAlgorithmPolicy

        public void setPublicKeyAlgorithmPolicy​(Policy.PublicKeyAlgorithmPolicy publicKeyAlgorithmPolicy)
        Set a custom public key algorithm policy.
        Parameters:
        publicKeyAlgorithmPolicy - custom policy

      • getNotationRegistry

        public NotationRegistry getNotationRegistry()
        Return the NotationRegistry of PGPainless. The notation registry is used to decide, whether a Notation is known or not. Background: Critical unknown notations render signatures invalid.
        Returns:
        Notation registry

      • getKeyGenerationAlgorithmSuite

        @Nonnull
public AlgorithmSuite getKeyGenerationAlgorithmSuite()
        Return the current AlgorithmSuite which defines preferred algorithms used during key generation.
        Returns:
        current algorithm suite

      • setKeyGenerationAlgorithmSuite

        public void setKeyGenerationAlgorithmSuite​(@Nonnull
                                           AlgorithmSuite algorithmSuite)
        Set a custom AlgorithmSuite which defines preferred algorithms used during key generation.
        Parameters:
        algorithmSuite - custom algorithm suite

      • setSignerUserIdValidationLevel

        public Policy setSignerUserIdValidationLevel​(Policy.SignerUserIdValidationLevel signerUserIdValidationLevel)
        Specify, how SignerUserID subpackets on signatures shall be validated.
        Parameters:
        signerUserIdValidationLevel - level of verification PGPainless shall do on SignerUserID subpackets.
        Returns:
        policy instance

      • setEnableKeyParameterValidation

        public Policy setEnableKeyParameterValidation​(boolean enable)
        Enable or disable validation of public key parameters when unlocking private keys. Disabled by default. When enabled, PGPainless will validate, whether public key parameters have been tampered with. This is a countermeasure against possible attacks described in the paper "Victory by KO: Attacking OpenPGP Using Key Overwriting" by Lara Bruseghini, Daniel Huigens, and Kenneth G. Paterson. Since these attacks are only possible in very special conditions (attacker has access to the encrypted private key), and the countermeasures are very costly, they are disabled by default, but can be enabled using this method.
        Parameters:
        enable - boolean
        Returns:
        this
        See Also:
        KOpenPGP.com

      • isEnableKeyParameterValidation

        public boolean isEnableKeyParameterValidation()
        Return true, if countermeasures against the KOpenPGP attacks are enabled, false otherwise.
        Returns:
        true if countermeasures are enabled, false otherwise.