Package org.pgpainless.key.info

Class KeyRingInfo

  • public class KeyRingInfo
extends java.lang.Object
    Utility class to quickly extract certain information from a PGPPublicKeyRing/PGPSecretKeyRing.

    • Constructor Detail

      • KeyRingInfo

        public KeyRingInfo​(@Nonnull
                   org.bouncycastle.openpgp.PGPKeyRing keys)
        Evaluate the key ring right now.
        Parameters:
        keys - key ring

      • KeyRingInfo

        public KeyRingInfo​(@Nonnull
                   org.bouncycastle.openpgp.PGPKeyRing keys,
                   @Nonnull
                   java.util.Date referenceDate)
        Evaluate the key ring at the provided validation date.
        Parameters:
        keys - key ring
        referenceDate - date of validation

      • KeyRingInfo

        public KeyRingInfo​(@Nonnull
                   org.bouncycastle.openpgp.PGPKeyRing keys,
                   @Nonnull
                   Policy policy,
                   @Nonnull
                   java.util.Date referenceDate)
        Evaluate the key ring at the provided validation date.
        Parameters:
        keys - key ring
        policy - policy
        referenceDate - validation date

    • Method Detail

      • evaluateForSignature

        @Nonnull
public static KeyRingInfo evaluateForSignature​(@Nonnull
                                               org.bouncycastle.openpgp.PGPKeyRing keyRing,
                                               @Nonnull
                                               org.bouncycastle.openpgp.PGPSignature signature)
        Evaluate the key ring at creation time of the given signature.
        Parameters:
        keyRing - key ring
        signature - signature
        Returns:
        info of key ring at signature creation time

      • getPublicKey

        @Nonnull
public org.bouncycastle.openpgp.PGPPublicKey getPublicKey()
        Return the first PGPPublicKey of this key ring.
        Returns:
        public key

      • getPublicKey

        @Nullable
public org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(@Nonnull
                                                          OpenPgpFingerprint fingerprint)
        Return the public key with the given fingerprint.
        Parameters:
        fingerprint - fingerprint
        Returns:
        public key or null

      • getPublicKey

        @Nullable
public org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(long keyId)
        Return the public key with the given key id.
        Parameters:
        keyId - key id
        Returns:
        public key or null

      • getPublicKey

        @Nullable
public static org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(@Nonnull
                                                                 org.bouncycastle.openpgp.PGPKeyRing keyRing,
                                                                 long keyId)
        Return the public key with the given key id from the provided key ring.
        Parameters:
        keyRing - key ring
        keyId - key id
        Returns:
        public key or null

      • isKeyValidlyBound

        public boolean isKeyValidlyBound​(long keyId)
        Return true if the public key with the given key id is bound to the key ring properly.
        Parameters:
        keyId - key id
        Returns:
        true if key is bound validly

      • getPublicKeys

        @Nonnull
public java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getPublicKeys()
        Return all PGPPublicKeys of this key ring. The first key in the list being the primary key. Note that the list is unmodifiable.
        Returns:
        list of public keys

      • getSecretKey

        @Nullable
public org.bouncycastle.openpgp.PGPSecretKey getSecretKey()
        Return the primary PGPSecretKey of this key ring or null if the key ring is not a PGPSecretKeyRing.
        Returns:
        primary secret key or null if the key ring is public

      • getSecretKey

        @Nullable
public org.bouncycastle.openpgp.PGPSecretKey getSecretKey​(@Nonnull
                                                          OpenPgpFingerprint fingerprint)
        Return the secret key with the given fingerprint.
        Parameters:
        fingerprint - fingerprint
        Returns:
        secret key or null

      • getSecretKey

        @Nullable
public org.bouncycastle.openpgp.PGPSecretKey getSecretKey​(long keyId)
        Return the secret key with the given key id.
        Parameters:
        keyId - key id
        Returns:
        secret key or null

      • getSecretKeys

        @Nonnull
public java.util.List<org.bouncycastle.openpgp.PGPSecretKey> getSecretKeys()
        Return all secret keys of the key ring. If the key ring is a PGPPublicKeyRing, then return an empty list. Note that the list is unmodifiable.
        Returns:
        list of secret keys

      • getKeyId

        public long getKeyId()
        Return the key id of the primary key of this key ring.
        Returns:
        key id

      • getPrimaryUserId

        @Nullable
public java.lang.String getPrimaryUserId()

      • getUserIds

        @Nonnull
public java.util.List<java.lang.String> getUserIds()
        Return a list of all user-ids of the primary key. Note: This list might also contain expired / revoked user-ids. Consider using getValidUserIds() instead.
        Returns:
        list of user-ids

      • getValidUserIds

        @Nonnull
public java.util.List<java.lang.String> getValidUserIds()
        Return a list of valid user-ids.
        Returns:
        valid user-ids

      • getValidAndExpiredUserIds

        @Nonnull
public java.util.List<java.lang.String> getValidAndExpiredUserIds()
        Return a list of all user-ids that were valid at some point, but might be expired by now.
        Returns:
        bound user-ids

      • isUserIdValid

        public boolean isUserIdValid​(@Nonnull
                             java.lang.CharSequence userId)
        Return true if the provided user-id is valid.
        Parameters:
        userId - user-id
        Returns:
        true if user-id is valid

      • getEmailAddresses

        @Nonnull
public java.util.List<java.lang.String> getEmailAddresses()
        Return a list of all user-ids of the primary key that appear to be email-addresses. Note: This list might contain expired / revoked user-ids.
        Returns:
        email addresses

      • getLatestDirectKeySelfSignature

        @Nullable
public org.bouncycastle.openpgp.PGPSignature getLatestDirectKeySelfSignature()
        Return the latest direct-key self signature.

        Note: This signature might be expired (check with SignatureUtils.isSignatureExpired(PGPSignature)).

        Returns:
        latest direct key self-signature or null

      • getRevocationSelfSignature

        @Nullable
public org.bouncycastle.openpgp.PGPSignature getRevocationSelfSignature()
        Return the latest revocation self-signature on the primary key.
        Returns:
        revocation or null

      • getLatestUserIdCertification

        @Nullable
public org.bouncycastle.openpgp.PGPSignature getLatestUserIdCertification​(@Nonnull
                                                                          java.lang.CharSequence userId)
        Return the latest certification self-signature on the provided user-id.
        Parameters:
        userId - user-id
        Returns:
        certification signature or null

      • getUserIdRevocation

        @Nullable
public org.bouncycastle.openpgp.PGPSignature getUserIdRevocation​(@Nonnull
                                                                 java.lang.CharSequence userId)
        Return the latest user-id revocation signature for the provided user-id.
        Parameters:
        userId - user-id
        Returns:
        revocation or null

      • getCurrentSubkeyBindingSignature

        @Nullable
public org.bouncycastle.openpgp.PGPSignature getCurrentSubkeyBindingSignature​(long keyId)
        Return the currently active subkey binding signature for the subkey with the provided key-id.
        Parameters:
        keyId - subkey id
        Returns:
        subkey binding signature or null

      • getSubkeyRevocationSignature

        @Nullable
public org.bouncycastle.openpgp.PGPSignature getSubkeyRevocationSignature​(long keyId)
        Return the latest subkey binding revocation signature for the subkey with the given key-id.
        Parameters:
        keyId - subkey id
        Returns:
        subkey binding revocation or null

      • getKeyFlagsOf

        @Nonnull
public java.util.List<KeyFlag> getKeyFlagsOf​(long keyId)
        Return a list of KeyFlags that apply to the subkey with the provided key id.
        Parameters:
        keyId - key-id
        Returns:
        list of key flags

      • getKeyFlagsOf

        @Nonnull
public java.util.List<KeyFlag> getKeyFlagsOf​(java.lang.String userId)
        Return a list of KeyFlags that apply to the given user-id.
        Parameters:
        userId - user-id
        Returns:
        key flags

      • getAlgorithm

        @Nonnull
public PublicKeyAlgorithm getAlgorithm()
        Return the algorithm of the primary key.
        Returns:
        public key algorithm

      • getCreationDate

        @Nonnull
public java.util.Date getCreationDate()
        Return the creation date of the primary key.
        Returns:
        creation date

      • getLastModified

        @Nonnull
public java.util.Date getLastModified()
        Return the date on which the key ring was last modified. This date corresponds to the date of the last signature that was made on this key ring by the primary key.
        Returns:
        last modification date.

      • getLatestKeyCreationDate

        @Nonnull
public java.util.Date getLatestKeyCreationDate()
        Return the creation time of the latest added subkey.
        Returns:
        latest key creation time

      • getRevocationState

        @Nonnull
public RevocationState getRevocationState()

      • getRevocationDate

        @Nullable
public java.util.Date getRevocationDate()
        Return the date on which the primary key was revoked, or null if it has not yet been revoked.
        Returns:
        revocation date or null

      • getPrimaryKeyExpirationDate

        @Nullable
public java.util.Date getPrimaryKeyExpirationDate()
        Return the date of expiration of the primary key or null if the key has no expiration date.
        Returns:
        expiration date

      • getPossiblyExpiredPrimaryUserId

        @Nullable
public java.lang.String getPossiblyExpiredPrimaryUserId()

      • getSubkeyExpirationDate

        @Nullable
public java.util.Date getSubkeyExpirationDate​(OpenPgpFingerprint fingerprint)
        Return the expiration date of the subkey with the provided fingerprint.
        Parameters:
        fingerprint - subkey fingerprint
        Returns:
        expiration date or null

      • getExpirationDateForUse

        @Nullable
public java.util.Date getExpirationDateForUse​(KeyFlag use)
        Return the latest date on which the key ring is still usable for the given key flag. If only a subkey is carrying the required flag and the primary key expires earlier than the subkey, the expiry date of the primary key is returned.

        This method might return null, if the primary key and a subkey with the required flag does not expire.

        Parameters:
        use - key flag representing the use case, e.g. KeyFlag.SIGN_DATA or KeyFlag.ENCRYPT_COMMS/KeyFlag.ENCRYPT_STORAGE.
        Returns:
        latest date on which the key ring can be used for the given use case, or null if it can be used indefinitely.

      • isHardRevoked

        public boolean isHardRevoked​(@Nonnull
                             java.lang.CharSequence userId)

      • isSecretKey

        public boolean isSecretKey()
        Return true if the key ring is a PGPSecretKeyRing. If it is a PGPPublicKeyRing return false and if it is neither, throw an AssertionError.
        Returns:
        true if the key ring is a secret key ring.

      • isFullyDecrypted

        public boolean isFullyDecrypted()
        Returns true when every secret key on the key ring is not encrypted. If there is at least one encrypted secret key on the key ring, returns false. If the key ring is a PGPPublicKeyRing, returns true. Sub-keys with S2K of a type GNU_DUMMY_S2K do not affect the result.
        Returns:
        true if all secret keys are unencrypted.

      • isFullyEncrypted

        public boolean isFullyEncrypted()
        Returns true when every secret key on the key ring is encrypted. If there is at least one not encrypted secret key on the key ring, returns false. If the key ring is a PGPPublicKeyRing, returns false. Sub-keys with S2K of a type GNU_DUMMY_S2K do not affect a result.
        Returns:
        true if all secret keys are encrypted.

      • getVersion

        public int getVersion()
        Return the version number of the public keys format.
        Returns:
        version

      • getEncryptionSubkeys

        @Nonnull
public java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getEncryptionSubkeys​(@Nonnull
                                                                                  EncryptionPurpose purpose)
        Return a list of all subkeys which can be used for encryption of the given purpose. This list does not include expired or revoked keys.
        Parameters:
        purpose - purpose (encrypt data at rest / communications)
        Returns:
        encryption subkeys

      • getDecryptionSubkeys

        @Nonnull
public java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getDecryptionSubkeys()
        Return a list of all subkeys that could potentially be used to decrypt a message. Contrary to getEncryptionSubkeys(EncryptionPurpose), this method also includes revoked, expired keys, as well as keys which do not carry any encryption keyflags. Merely keys which use algorithms that cannot be used for encryption at all are excluded. That way, decryption of messages produced by faulty implementations can still be decrypted.
        Returns:
        decryption keys

      • getKeysWithKeyFlag

        @Nonnull
public java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getKeysWithKeyFlag​(@Nonnull
                                                                                KeyFlag flag)
        Return a list of all keys which carry the provided key flag in their signature.
        Parameters:
        flag - flag
        Returns:
        keys with flag

      • getEncryptionSubkeys

        @Nonnull
public java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getEncryptionSubkeys​(@Nullable
                                                                                  java.lang.CharSequence userId,
                                                                                  @Nonnull
                                                                                  EncryptionPurpose purpose)
        Return a list of all subkeys that can be used for encryption with the given user-id. This list does not include expired or revoked keys. TODO: Does it make sense to pass in a user-id? Aren't the encryption subkeys the same, regardless of which user-id is used?
        Parameters:
        userId - user-id
        purpose - encryption purpose
        Returns:
        encryption subkeys

      • getSigningSubkeys

        @Nonnull
public java.util.List<org.bouncycastle.openpgp.PGPPublicKey> getSigningSubkeys()
        Return a list of all subkeys which can be used to sign data.
        Returns:
        signing keys

      • getPreferredHashAlgorithms

        @Nonnull
public java.util.Set<HashAlgorithm> getPreferredHashAlgorithms()

      • getPreferredHashAlgorithms

        @Nonnull
public java.util.Set<HashAlgorithm> getPreferredHashAlgorithms​(@Nullable
                                                               java.lang.CharSequence userId)

      • getPreferredHashAlgorithms

        @Nonnull
public java.util.Set<HashAlgorithm> getPreferredHashAlgorithms​(long keyId)

      • getPreferredSymmetricKeyAlgorithms

        @Nonnull
public java.util.Set<SymmetricKeyAlgorithm> getPreferredSymmetricKeyAlgorithms()

      • getPreferredSymmetricKeyAlgorithms

        @Nonnull
public java.util.Set<SymmetricKeyAlgorithm> getPreferredSymmetricKeyAlgorithms​(@Nullable
                                                                               java.lang.CharSequence userId)

      • getPreferredSymmetricKeyAlgorithms

        @Nonnull
public java.util.Set<SymmetricKeyAlgorithm> getPreferredSymmetricKeyAlgorithms​(long keyId)

      • getPreferredCompressionAlgorithms

        @Nonnull
public java.util.Set<CompressionAlgorithm> getPreferredCompressionAlgorithms()

      • getPreferredCompressionAlgorithms

        @Nonnull
public java.util.Set<CompressionAlgorithm> getPreferredCompressionAlgorithms​(@Nullable
                                                                             java.lang.CharSequence userId)

      • getPreferredCompressionAlgorithms

        @Nonnull
public java.util.Set<CompressionAlgorithm> getPreferredCompressionAlgorithms​(long keyId)

      • isUsableForEncryption

        public boolean isUsableForEncryption()
        Returns true, if the certificate has at least one usable encryption subkey.
        Returns:
        true if usable for encryption

      • isUsableForEncryption

        public boolean isUsableForEncryption​(@Nonnull
                                     EncryptionPurpose purpose)
        Returns true, if the certificate has at least one usable encryption subkey for the given purpose.
        Parameters:
        purpose - purpose of encryption
        Returns:
        true if usable for encryption

      • isSigningCapable

        public boolean isSigningCapable()
        Returns true, if the key ring is capable of signing. Contrary to isUsableForSigning(), this method also returns true, if this KeyRingInfo is based on a key ring which has at least one valid public key marked for signing. The secret key is not required for the key ring to qualify as signing capable.
        Returns:
        true if key corresponding to the cert is capable of signing

      • isUsableForSigning

        public boolean isUsableForSigning()
        Returns true, if this KeyRingInfo is based on a PGPSecretKeyRing, which has a valid signing key which is ready to be used (i.e. secret key is present and is not on a smart-card).

        If you just want to check, whether a key / certificate has signing capable subkeys, use isSigningCapable() instead.

        Returns:
        true if key is ready to be used for signing

      • isSecretKeyAvailable

        public boolean isSecretKeyAvailable​(long keyId)