Class SigningOptions


  • public final class SigningOptions
    extends java.lang.Object
    • Constructor Detail

      • SigningOptions

        public SigningOptions()
    • Method Detail

      • addSignature

        @Nonnull
        public SigningOptions addSignature​(@Nonnull
                                           SecretKeyRingProtector signingKeyProtector,
                                           @Nonnull
                                           org.bouncycastle.openpgp.PGPSecretKeyRing signingKey)
                                    throws org.bouncycastle.openpgp.PGPException
        Sign the message using an inline signature made by the provided signing key.
        Parameters:
        signingKeyProtector - protector to unlock the signing key
        signingKey - key ring containing the signing key
        Returns:
        this
        Throws:
        KeyException - if something is wrong with the key
        org.bouncycastle.openpgp.PGPException - if the key cannot be unlocked or a signing method cannot be created
      • addInlineSignatures

        @Nonnull
        public SigningOptions addInlineSignatures​(@Nonnull
                                                  SecretKeyRingProtector secrectKeyDecryptor,
                                                  @Nonnull
                                                  java.lang.Iterable<org.bouncycastle.openpgp.PGPSecretKeyRing> signingKeys,
                                                  @Nonnull
                                                  DocumentSignatureType signatureType)
                                           throws KeyException,
                                                  org.bouncycastle.openpgp.PGPException
        Add inline signatures with all secret key rings in the provided secret key ring collection.
        Parameters:
        secrectKeyDecryptor - decryptor to unlock the signing secret keys
        signingKeys - collection of signing keys
        signatureType - type of signature (binary, canonical text)
        Returns:
        this
        Throws:
        KeyException - if something is wrong with any of the keys
        org.bouncycastle.openpgp.PGPException - if any of the keys cannot be unlocked or a signing method cannot be created
      • addInlineSignature

        @Nonnull
        public SigningOptions addInlineSignature​(@Nonnull
                                                 SecretKeyRingProtector secretKeyDecryptor,
                                                 @Nonnull
                                                 org.bouncycastle.openpgp.PGPSecretKeyRing secretKey,
                                                 @Nonnull
                                                 DocumentSignatureType signatureType)
                                          throws KeyException,
                                                 org.bouncycastle.openpgp.PGPException
        Add an inline-signature. Inline signatures are being embedded into the message itself and can be processed in one pass, thanks to the use of one-pass-signature packets.
        Parameters:
        secretKeyDecryptor - decryptor to unlock the signing secret key
        secretKey - signing key
        signatureType - type of signature (binary, canonical text)
        Returns:
        this
        Throws:
        KeyException - if something is wrong with the key
        org.bouncycastle.openpgp.PGPException - if the key cannot be unlocked or the signing method cannot be created
      • addInlineSignature

        @Nonnull
        public SigningOptions addInlineSignature​(@Nonnull
                                                 SecretKeyRingProtector secretKeyDecryptor,
                                                 @Nonnull
                                                 org.bouncycastle.openpgp.PGPSecretKeyRing secretKey,
                                                 @Nullable
                                                 java.lang.CharSequence userId,
                                                 @Nonnull
                                                 DocumentSignatureType signatureType)
                                          throws KeyException,
                                                 org.bouncycastle.openpgp.PGPException
        Add an inline-signature. Inline signatures are being embedded into the message itself and can be processed in one pass, thanks to the use of one-pass-signature packets.

        This method uses the passed in user-id to select user-specific hash algorithms.

        Parameters:
        secretKeyDecryptor - decryptor to unlock the signing secret key
        secretKey - signing key
        userId - user-id of the signer
        signatureType - signature type (binary, canonical text)
        Returns:
        this
        Throws:
        KeyException - if something is wrong with the key
        org.bouncycastle.openpgp.PGPException - if the key cannot be unlocked or the signing method cannot be created
      • addInlineSignature

        @Nonnull
        public SigningOptions addInlineSignature​(@Nonnull
                                                 SecretKeyRingProtector secretKeyDecryptor,
                                                 @Nonnull
                                                 org.bouncycastle.openpgp.PGPSecretKeyRing secretKey,
                                                 @Nullable
                                                 java.lang.CharSequence userId,
                                                 @Nonnull
                                                 DocumentSignatureType signatureType,
                                                 @Nullable
                                                 BaseSignatureSubpackets.Callback subpacketsCallback)
                                          throws KeyException,
                                                 org.bouncycastle.openpgp.PGPException
        Add an inline-signature. Inline signatures are being embedded into the message itself and can be processed in one pass, thanks to the use of one-pass-signature packets.

        This method uses the passed in user-id to select user-specific hash algorithms.

        Parameters:
        secretKeyDecryptor - decryptor to unlock the signing secret key
        secretKey - signing key
        userId - user-id of the signer
        signatureType - signature type (binary, canonical text)
        subpacketsCallback - callback to modify the hashed and unhashed subpackets of the signature
        Returns:
        this
        Throws:
        KeyException - if the key is invalid
        org.bouncycastle.openpgp.PGPException - if the key cannot be unlocked or the signing method cannot be created
      • addInlineSignature

        @Nonnull
        public SigningOptions addInlineSignature​(@Nonnull
                                                 SecretKeyRingProtector secretKeyDecryptor,
                                                 @Nonnull
                                                 org.bouncycastle.openpgp.PGPSecretKeyRing secretKey,
                                                 long keyId)
                                          throws org.bouncycastle.openpgp.PGPException
        Create a binary inline signature using the signing key with the given keyId.
        Parameters:
        secretKeyDecryptor - decryptor to unlock the secret key
        secretKey - secret key ring
        keyId - keyId of the signing (sub-)key
        Returns:
        builder
        Throws:
        org.bouncycastle.openpgp.PGPException - if the secret key cannot be unlocked or if no signing method can be created.
        KeyException.UnacceptableSigningKeyException - if the key ring does not carry any signing-capable subkeys
        KeyException.MissingSecretKeyException - if the key ring does not contain the identified secret key
      • addInlineSignature

        @Nonnull
        public SigningOptions addInlineSignature​(@Nonnull
                                                 SecretKeyRingProtector secretKeyDecryptor,
                                                 @Nonnull
                                                 org.bouncycastle.openpgp.PGPSecretKeyRing secretKey,
                                                 long keyId,
                                                 @Nonnull
                                                 DocumentSignatureType signatureType,
                                                 @Nullable
                                                 BaseSignatureSubpackets.Callback subpacketsCallback)
                                          throws org.bouncycastle.openpgp.PGPException
        Create an inline signature using the signing key with the given keyId.
        Parameters:
        secretKeyDecryptor - decryptor to unlock the secret key
        secretKey - secret key ring
        keyId - keyId of the signing (sub-)key
        signatureType - signature type
        subpacketsCallback - callback to modify the signatures subpackets
        Returns:
        builder
        Throws:
        org.bouncycastle.openpgp.PGPException - if the secret key cannot be unlocked or if no signing method can be created.
        KeyException.UnacceptableSigningKeyException - if the key ring does not carry any signing-capable subkeys
        KeyException.MissingSecretKeyException - if the key ring does not contain the identified secret key
      • addDetachedSignatures

        @Nonnull
        public SigningOptions addDetachedSignatures​(@Nonnull
                                                    SecretKeyRingProtector secretKeyDecryptor,
                                                    @Nonnull
                                                    java.lang.Iterable<org.bouncycastle.openpgp.PGPSecretKeyRing> signingKeys,
                                                    @Nonnull
                                                    DocumentSignatureType signatureType)
                                             throws org.bouncycastle.openpgp.PGPException
        Add detached signatures with all key rings from the provided secret key ring collection.
        Parameters:
        secretKeyDecryptor - decryptor to unlock the secret signing keys
        signingKeys - collection of signing key rings
        signatureType - type of the signature (binary, canonical text)
        Returns:
        this
        Throws:
        KeyException - if something is wrong with any of the keys
        org.bouncycastle.openpgp.PGPException - if any of the keys cannot be validated or unlocked, or if any signing method cannot be created
      • addDetachedSignature

        @Nonnull
        public SigningOptions addDetachedSignature​(@Nonnull
                                                   SecretKeyRingProtector secretKeyDecryptor,
                                                   @Nonnull
                                                   org.bouncycastle.openpgp.PGPSecretKeyRing signingKey)
                                            throws org.bouncycastle.openpgp.PGPException
        Create a detached signature. The signature will be of type DocumentSignatureType.BINARY_DOCUMENT.
        Parameters:
        secretKeyDecryptor - decryptor to unlock the secret signing key
        signingKey - signing key
        Returns:
        this
        Throws:
        KeyException - if something is wrong with the key
        org.bouncycastle.openpgp.PGPException - if the key cannot be validated or unlocked, or if no signature method can be created
      • addDetachedSignature

        @Nonnull
        public SigningOptions addDetachedSignature​(@Nonnull
                                                   SecretKeyRingProtector secretKeyDecryptor,
                                                   @Nonnull
                                                   org.bouncycastle.openpgp.PGPSecretKeyRing secretKey,
                                                   @Nonnull
                                                   DocumentSignatureType signatureType)
                                            throws org.bouncycastle.openpgp.PGPException
        Create a detached signature. Detached signatures are not being added into the PGP message itself. Instead, they can be distributed separately to the message. Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).
        Parameters:
        secretKeyDecryptor - decryptor to unlock the secret signing key
        secretKey - signing key
        signatureType - type of data that is signed (binary, canonical text)
        Returns:
        this
        Throws:
        KeyException - if something is wrong with the key
        org.bouncycastle.openpgp.PGPException - if the key cannot be validated or unlocked, or if no signature method can be created
      • addDetachedSignature

        @Nonnull
        public SigningOptions addDetachedSignature​(@Nonnull
                                                   SecretKeyRingProtector secretKeyDecryptor,
                                                   @Nonnull
                                                   org.bouncycastle.openpgp.PGPSecretKeyRing secretKey,
                                                   @Nullable
                                                   java.lang.CharSequence userId,
                                                   @Nonnull
                                                   DocumentSignatureType signatureType)
                                            throws org.bouncycastle.openpgp.PGPException
        Create a detached signature. Detached signatures are not being added into the PGP message itself. Instead, they can be distributed separately to the message. Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).

        This method uses the passed in user-id to select user-specific hash algorithms.

        Parameters:
        secretKeyDecryptor - decryptor to unlock the secret signing key
        secretKey - signing key
        userId - user-id
        signatureType - type of data that is signed (binary, canonical text)
        Returns:
        this
        Throws:
        KeyException - if something is wrong with the key
        org.bouncycastle.openpgp.PGPException - if the key cannot be validated or unlocked, or if no signature method can be created
      • addDetachedSignature

        @Nonnull
        public SigningOptions addDetachedSignature​(@Nonnull
                                                   SecretKeyRingProtector secretKeyDecryptor,
                                                   @Nonnull
                                                   org.bouncycastle.openpgp.PGPSecretKeyRing secretKey,
                                                   @Nullable
                                                   java.lang.CharSequence userId,
                                                   @Nonnull
                                                   DocumentSignatureType signatureType,
                                                   @Nullable
                                                   BaseSignatureSubpackets.Callback subpacketCallback)
                                            throws org.bouncycastle.openpgp.PGPException
        Create a detached signature. Detached signatures are not being added into the PGP message itself. Instead, they can be distributed separately to the message. Detached signatures are useful if the data that is being signed shall not be modified (e.g. when signing a file).

        This method uses the passed in user-id to select user-specific hash algorithms.

        Parameters:
        secretKeyDecryptor - decryptor to unlock the secret signing key
        secretKey - signing key
        userId - user-id
        signatureType - type of data that is signed (binary, canonical text)
        subpacketCallback - callback to modify hashed and unhashed subpackets of the signature
        Returns:
        this
        Throws:
        KeyException - if something is wrong with the key
        org.bouncycastle.openpgp.PGPException - if the key cannot be validated or unlocked, or if no signature method can be created
      • addDetachedSignature

        @Nonnull
        public SigningOptions addDetachedSignature​(@Nonnull
                                                   SecretKeyRingProtector secretKeyDecryptor,
                                                   @Nonnull
                                                   org.bouncycastle.openpgp.PGPSecretKeyRing secretKey,
                                                   long keyId)
                                            throws org.bouncycastle.openpgp.PGPException
        Create a detached binary signature using the signing key with the given keyId.
        Parameters:
        secretKeyDecryptor - decryptor to unlock the secret key
        secretKey - secret key ring
        keyId - keyId of the signing (sub-)key
        Returns:
        builder
        Throws:
        org.bouncycastle.openpgp.PGPException - if the secret key cannot be unlocked or if no signing method can be created.
        KeyException.UnacceptableSigningKeyException - if the key ring does not carry any signing-capable subkeys
        KeyException.MissingSecretKeyException - if the key ring does not contain the identified secret key
      • addDetachedSignature

        @Nonnull
        public SigningOptions addDetachedSignature​(@Nonnull
                                                   SecretKeyRingProtector secretKeyDecryptor,
                                                   @Nonnull
                                                   org.bouncycastle.openpgp.PGPSecretKeyRing secretKey,
                                                   long keyId,
                                                   @Nonnull
                                                   DocumentSignatureType signatureType,
                                                   @Nullable
                                                   BaseSignatureSubpackets.Callback subpacketsCallback)
                                            throws org.bouncycastle.openpgp.PGPException
        Create a detached signature using the signing key with the given keyId.
        Parameters:
        secretKeyDecryptor - decryptor to unlock the secret key
        secretKey - secret key ring
        keyId - keyId of the signing (sub-)key
        signatureType - signature type
        subpacketsCallback - callback to modify the signatures subpackets
        Returns:
        builder
        Throws:
        org.bouncycastle.openpgp.PGPException - if the secret key cannot be unlocked or if no signing method can be created.
        KeyException.UnacceptableSigningKeyException - if the key ring does not carry any signing-capable subkeys
        KeyException.MissingSecretKeyException - if the key ring does not contain the identified secret key
      • getHashAlgorithmOverride

        @Nullable
        public HashAlgorithm getHashAlgorithmOverride()
        Return the hash algorithm override (or null if no override is set).
        Returns:
        hash algorithm override