Class SigningOptions
- java.lang.Object
-
- org.pgpainless.encryption_signing.SigningOptions
-
public final class SigningOptions extends java.lang.Object
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
SigningOptions.SigningMethod
A method of signing.
-
Constructor Summary
Constructors Constructor Description SigningOptions()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description SigningOptions
addDetachedSignature(SecretKeyRingProtector secretKeyDecryptor, org.bouncycastle.openpgp.PGPSecretKeyRing signingKey)
Create a detached signature.SigningOptions
addDetachedSignature(SecretKeyRingProtector secretKeyDecryptor, org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, long keyId)
Create a detached binary signature using the signing key with the given keyId.SigningOptions
addDetachedSignature(SecretKeyRingProtector secretKeyDecryptor, org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, long keyId, DocumentSignatureType signatureType, BaseSignatureSubpackets.Callback subpacketsCallback)
Create a detached signature using the signing key with the given keyId.SigningOptions
addDetachedSignature(SecretKeyRingProtector secretKeyDecryptor, org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, java.lang.CharSequence userId, DocumentSignatureType signatureType)
Create a detached signature.SigningOptions
addDetachedSignature(SecretKeyRingProtector secretKeyDecryptor, org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, java.lang.CharSequence userId, DocumentSignatureType signatureType, BaseSignatureSubpackets.Callback subpacketCallback)
Create a detached signature.SigningOptions
addDetachedSignature(SecretKeyRingProtector secretKeyDecryptor, org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, DocumentSignatureType signatureType)
Create a detached signature.SigningOptions
addDetachedSignatures(SecretKeyRingProtector secretKeyDecryptor, java.lang.Iterable<org.bouncycastle.openpgp.PGPSecretKeyRing> signingKeys, DocumentSignatureType signatureType)
Add detached signatures with all key rings from the provided secret key ring collection.SigningOptions
addInlineSignature(SecretKeyRingProtector secretKeyDecryptor, org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, long keyId)
Create a binary inline signature using the signing key with the given keyId.SigningOptions
addInlineSignature(SecretKeyRingProtector secretKeyDecryptor, org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, long keyId, DocumentSignatureType signatureType, BaseSignatureSubpackets.Callback subpacketsCallback)
Create an inline signature using the signing key with the given keyId.SigningOptions
addInlineSignature(SecretKeyRingProtector secretKeyDecryptor, org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, java.lang.CharSequence userId, DocumentSignatureType signatureType)
Add an inline-signature.SigningOptions
addInlineSignature(SecretKeyRingProtector secretKeyDecryptor, org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, java.lang.CharSequence userId, DocumentSignatureType signatureType, BaseSignatureSubpackets.Callback subpacketsCallback)
Add an inline-signature.SigningOptions
addInlineSignature(SecretKeyRingProtector secretKeyDecryptor, org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, DocumentSignatureType signatureType)
Add an inline-signature.SigningOptions
addInlineSignatures(SecretKeyRingProtector secrectKeyDecryptor, java.lang.Iterable<org.bouncycastle.openpgp.PGPSecretKeyRing> signingKeys, DocumentSignatureType signatureType)
Add inline signatures with all secret key rings in the provided secret key ring collection.SigningOptions
addSignature(SecretKeyRingProtector signingKeyProtector, org.bouncycastle.openpgp.PGPSecretKeyRing signingKey)
Sign the message using an inline signature made by the provided signing key.static SigningOptions
get()
HashAlgorithm
getHashAlgorithmOverride()
Return the hash algorithm override (or null if no override is set).SigningOptions
overrideHashAlgorithm(HashAlgorithm hashAlgorithmOverride)
Override hash algorithm negotiation by dictating which hash algorithm needs to be used.
-
-
-
Method Detail
-
get
@Nonnull public static SigningOptions get()
-
addSignature
@Nonnull public SigningOptions addSignature(@Nonnull SecretKeyRingProtector signingKeyProtector, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing signingKey) throws org.bouncycastle.openpgp.PGPException
Sign the message using an inline signature made by the provided signing key.- Parameters:
signingKeyProtector
- protector to unlock the signing keysigningKey
- key ring containing the signing key- Returns:
- this
- Throws:
KeyException
- if something is wrong with the keyorg.bouncycastle.openpgp.PGPException
- if the key cannot be unlocked or a signing method cannot be created
-
addInlineSignatures
@Nonnull public SigningOptions addInlineSignatures(@Nonnull SecretKeyRingProtector secrectKeyDecryptor, @Nonnull java.lang.Iterable<org.bouncycastle.openpgp.PGPSecretKeyRing> signingKeys, @Nonnull DocumentSignatureType signatureType) throws KeyException, org.bouncycastle.openpgp.PGPException
Add inline signatures with all secret key rings in the provided secret key ring collection.- Parameters:
secrectKeyDecryptor
- decryptor to unlock the signing secret keyssigningKeys
- collection of signing keyssignatureType
- type of signature (binary, canonical text)- Returns:
- this
- Throws:
KeyException
- if something is wrong with any of the keysorg.bouncycastle.openpgp.PGPException
- if any of the keys cannot be unlocked or a signing method cannot be created
-
addInlineSignature
@Nonnull public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, @Nonnull DocumentSignatureType signatureType) throws KeyException, org.bouncycastle.openpgp.PGPException
Add an inline-signature. Inline signatures are being embedded into the message itself and can be processed in one pass, thanks to the use of one-pass-signature packets.- Parameters:
secretKeyDecryptor
- decryptor to unlock the signing secret keysecretKey
- signing keysignatureType
- type of signature (binary, canonical text)- Returns:
- this
- Throws:
KeyException
- if something is wrong with the keyorg.bouncycastle.openpgp.PGPException
- if the key cannot be unlocked or the signing method cannot be created
-
addInlineSignature
@Nonnull public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, @Nullable java.lang.CharSequence userId, @Nonnull DocumentSignatureType signatureType) throws KeyException, org.bouncycastle.openpgp.PGPException
Add an inline-signature. Inline signatures are being embedded into the message itself and can be processed in one pass, thanks to the use of one-pass-signature packets.This method uses the passed in user-id to select user-specific hash algorithms.
- Parameters:
secretKeyDecryptor
- decryptor to unlock the signing secret keysecretKey
- signing keyuserId
- user-id of the signersignatureType
- signature type (binary, canonical text)- Returns:
- this
- Throws:
KeyException
- if something is wrong with the keyorg.bouncycastle.openpgp.PGPException
- if the key cannot be unlocked or the signing method cannot be created
-
addInlineSignature
@Nonnull public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, @Nullable java.lang.CharSequence userId, @Nonnull DocumentSignatureType signatureType, @Nullable BaseSignatureSubpackets.Callback subpacketsCallback) throws KeyException, org.bouncycastle.openpgp.PGPException
Add an inline-signature. Inline signatures are being embedded into the message itself and can be processed in one pass, thanks to the use of one-pass-signature packets.This method uses the passed in user-id to select user-specific hash algorithms.
- Parameters:
secretKeyDecryptor
- decryptor to unlock the signing secret keysecretKey
- signing keyuserId
- user-id of the signersignatureType
- signature type (binary, canonical text)subpacketsCallback
- callback to modify the hashed and unhashed subpackets of the signature- Returns:
- this
- Throws:
KeyException
- if the key is invalidorg.bouncycastle.openpgp.PGPException
- if the key cannot be unlocked or the signing method cannot be created
-
addInlineSignature
@Nonnull public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, long keyId) throws org.bouncycastle.openpgp.PGPException
Create a binary inline signature using the signing key with the given keyId.- Parameters:
secretKeyDecryptor
- decryptor to unlock the secret keysecretKey
- secret key ringkeyId
- keyId of the signing (sub-)key- Returns:
- builder
- Throws:
org.bouncycastle.openpgp.PGPException
- if the secret key cannot be unlocked or if no signing method can be created.KeyException.UnacceptableSigningKeyException
- if the key ring does not carry any signing-capable subkeysKeyException.MissingSecretKeyException
- if the key ring does not contain the identified secret key
-
addInlineSignature
@Nonnull public SigningOptions addInlineSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, long keyId, @Nonnull DocumentSignatureType signatureType, @Nullable BaseSignatureSubpackets.Callback subpacketsCallback) throws org.bouncycastle.openpgp.PGPException
Create an inline signature using the signing key with the given keyId.- Parameters:
secretKeyDecryptor
- decryptor to unlock the secret keysecretKey
- secret key ringkeyId
- keyId of the signing (sub-)keysignatureType
- signature typesubpacketsCallback
- callback to modify the signatures subpackets- Returns:
- builder
- Throws:
org.bouncycastle.openpgp.PGPException
- if the secret key cannot be unlocked or if no signing method can be created.KeyException.UnacceptableSigningKeyException
- if the key ring does not carry any signing-capable subkeysKeyException.MissingSecretKeyException
- if the key ring does not contain the identified secret key
-
addDetachedSignatures
@Nonnull public SigningOptions addDetachedSignatures(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull java.lang.Iterable<org.bouncycastle.openpgp.PGPSecretKeyRing> signingKeys, @Nonnull DocumentSignatureType signatureType) throws org.bouncycastle.openpgp.PGPException
Add detached signatures with all key rings from the provided secret key ring collection.- Parameters:
secretKeyDecryptor
- decryptor to unlock the secret signing keyssigningKeys
- collection of signing key ringssignatureType
- type of the signature (binary, canonical text)- Returns:
- this
- Throws:
KeyException
- if something is wrong with any of the keysorg.bouncycastle.openpgp.PGPException
- if any of the keys cannot be validated or unlocked, or if any signing method cannot be created
-
addDetachedSignature
@Nonnull public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing signingKey) throws org.bouncycastle.openpgp.PGPException
Create a detached signature. The signature will be of typeDocumentSignatureType.BINARY_DOCUMENT
.- Parameters:
secretKeyDecryptor
- decryptor to unlock the secret signing keysigningKey
- signing key- Returns:
- this
- Throws:
KeyException
- if something is wrong with the keyorg.bouncycastle.openpgp.PGPException
- if the key cannot be validated or unlocked, or if no signature method can be created
-
addDetachedSignature
@Nonnull public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, @Nonnull DocumentSignatureType signatureType) throws org.bouncycastle.openpgp.PGPException
Create a detached signature. Detached signatures are not being added into the PGP message itself. Instead, they can be distributed separately to the message. Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).- Parameters:
secretKeyDecryptor
- decryptor to unlock the secret signing keysecretKey
- signing keysignatureType
- type of data that is signed (binary, canonical text)- Returns:
- this
- Throws:
KeyException
- if something is wrong with the keyorg.bouncycastle.openpgp.PGPException
- if the key cannot be validated or unlocked, or if no signature method can be created
-
addDetachedSignature
@Nonnull public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, @Nullable java.lang.CharSequence userId, @Nonnull DocumentSignatureType signatureType) throws org.bouncycastle.openpgp.PGPException
Create a detached signature. Detached signatures are not being added into the PGP message itself. Instead, they can be distributed separately to the message. Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).This method uses the passed in user-id to select user-specific hash algorithms.
- Parameters:
secretKeyDecryptor
- decryptor to unlock the secret signing keysecretKey
- signing keyuserId
- user-idsignatureType
- type of data that is signed (binary, canonical text)- Returns:
- this
- Throws:
KeyException
- if something is wrong with the keyorg.bouncycastle.openpgp.PGPException
- if the key cannot be validated or unlocked, or if no signature method can be created
-
addDetachedSignature
@Nonnull public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, @Nullable java.lang.CharSequence userId, @Nonnull DocumentSignatureType signatureType, @Nullable BaseSignatureSubpackets.Callback subpacketCallback) throws org.bouncycastle.openpgp.PGPException
Create a detached signature. Detached signatures are not being added into the PGP message itself. Instead, they can be distributed separately to the message. Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).This method uses the passed in user-id to select user-specific hash algorithms.
- Parameters:
secretKeyDecryptor
- decryptor to unlock the secret signing keysecretKey
- signing keyuserId
- user-idsignatureType
- type of data that is signed (binary, canonical text)subpacketCallback
- callback to modify hashed and unhashed subpackets of the signature- Returns:
- this
- Throws:
KeyException
- if something is wrong with the keyorg.bouncycastle.openpgp.PGPException
- if the key cannot be validated or unlocked, or if no signature method can be created
-
addDetachedSignature
@Nonnull public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, long keyId) throws org.bouncycastle.openpgp.PGPException
Create a detached binary signature using the signing key with the given keyId.- Parameters:
secretKeyDecryptor
- decryptor to unlock the secret keysecretKey
- secret key ringkeyId
- keyId of the signing (sub-)key- Returns:
- builder
- Throws:
org.bouncycastle.openpgp.PGPException
- if the secret key cannot be unlocked or if no signing method can be created.KeyException.UnacceptableSigningKeyException
- if the key ring does not carry any signing-capable subkeysKeyException.MissingSecretKeyException
- if the key ring does not contain the identified secret key
-
addDetachedSignature
@Nonnull public SigningOptions addDetachedSignature(@Nonnull SecretKeyRingProtector secretKeyDecryptor, @Nonnull org.bouncycastle.openpgp.PGPSecretKeyRing secretKey, long keyId, @Nonnull DocumentSignatureType signatureType, @Nullable BaseSignatureSubpackets.Callback subpacketsCallback) throws org.bouncycastle.openpgp.PGPException
Create a detached signature using the signing key with the given keyId.- Parameters:
secretKeyDecryptor
- decryptor to unlock the secret keysecretKey
- secret key ringkeyId
- keyId of the signing (sub-)keysignatureType
- signature typesubpacketsCallback
- callback to modify the signatures subpackets- Returns:
- builder
- Throws:
org.bouncycastle.openpgp.PGPException
- if the secret key cannot be unlocked or if no signing method can be created.KeyException.UnacceptableSigningKeyException
- if the key ring does not carry any signing-capable subkeysKeyException.MissingSecretKeyException
- if the key ring does not contain the identified secret key
-
overrideHashAlgorithm
@Nonnull public SigningOptions overrideHashAlgorithm(@Nonnull HashAlgorithm hashAlgorithmOverride)
Override hash algorithm negotiation by dictating which hash algorithm needs to be used. If no override has been set, an accetable algorithm will be negotiated instead.Note: To override the hash algorithm for signing, call this method *before* calling
addInlineSignature(SecretKeyRingProtector, PGPSecretKeyRing, DocumentSignatureType)
oraddDetachedSignature(SecretKeyRingProtector, PGPSecretKeyRing, DocumentSignatureType)
.- Parameters:
hashAlgorithmOverride
- override hash algorithm- Returns:
- this
-
getHashAlgorithmOverride
@Nullable public HashAlgorithm getHashAlgorithmOverride()
Return the hash algorithm override (or null if no override is set).- Returns:
- hash algorithm override
-
-