Package org.bouncycastle.openpgp

Class PGPSignature

  • public class PGPSignature
extends java.lang.Object
    A PGP signature object.

    • Method Detail

      • getVersion

        public int getVersion()
        Return the OpenPGP version number for this signature.
        Returns:
        signature version number.

      • getKeyAlgorithm

        public int getKeyAlgorithm()
        Return the key algorithm associated with this signature.
        Returns:
        signature key algorithm.

      • getHashAlgorithm

        public int getHashAlgorithm()
        Return the hash algorithm associated with this signature.
        Returns:
        signature hash algorithm.

      • getDigestPrefix

        public byte[] getDigestPrefix()
        Return the digest prefix of the signature.
        Returns:
        digest prefix

      • isCertification

        public boolean isCertification()
        Return true if this signature represents a certification.
        Returns:
        true if this signature represents a certification, false otherwise.

      • verify

        public boolean verify()
               throws PGPException
        Finish the verification and return true if the signature is "correct". Note: The fact that this method returned 
        true
        does not yet mean that the signature is valid. A correct signature may very well be expired, the issuer key may be revoked, etc. All these constraints are not checked by this method.
        Returns:
        true if the signature is correct
        Throws:
        PGPException

      • verifyCertification

        public boolean verifyCertification​(PGPUserAttributeSubpacketVector userAttributes,
                                   PGPPublicKey key)
                            throws PGPException
        Verify the signature as certifying the passed in public key as associated with the passed in user attributes.
        Parameters:
        userAttributes - user attributes the key was stored under
        key - the key to be verified.
        Returns:
        true if the signature matches, false otherwise.
        Throws:
        PGPException

      • verifyCertification

        public boolean verifyCertification​(java.lang.String id,
                                   PGPPublicKey key)
                            throws PGPException
        Verify the signature as certifying the passed in public key as associated with the passed in id.
        Parameters:
        id - id the key was stored under
        key - the key to be verified.
        Returns:
        true if the signature matches, false otherwise.
        Throws:
        PGPException

      • verifyCertification

        public boolean verifyCertification​(byte[] rawID,
                                   PGPPublicKey key)
                            throws PGPException
        Verify the signature as certifying the passed in public key as associated with the passed in rawID.
        Parameters:
        rawID - id the key was stored under in its raw byte form.
        key - the key to be verified.
        Returns:
        true if the signature matches, false otherwise.
        Throws:
        PGPException

      • verifyCertification

        public boolean verifyCertification​(PGPPublicKey masterKey,
                                   PGPPublicKey pubKey)
                            throws PGPException
        Verify a certification for the passed in key against the passed in master key.
        Parameters:
        masterKey - the key we are verifying against.
        pubKey - the key we are verifying.
        Returns:
        true if the certification is valid, false otherwise.
        Throws:
        PGPException

      • verifyCertification

        public boolean verifyCertification​(PGPPublicKey pubKey)
                            throws PGPException
        Verify a key certification, such as a revocation, for the passed in key.
        Parameters:
        pubKey - the key we are checking.
        Returns:
        true if the certification is valid, false otherwise.
        Throws:
        PGPException

      • getSignatureType

        public int getSignatureType()
        Return the type id of the signature.
        Returns:
        type id
        See Also:
        RFC9580 - Signature Types

      • getKeyID

        public long getKeyID()
        Return the id of the key that created the signature. Note: Since signatures of version 4 or later encode the issuer information inside a signature subpacket (IssuerKeyID or IssuerFingerprint), there is not a single source of truth for the key-id. To match any suitable issuer keys, use getKeyIdentifiers() instead.
        Returns:
        keyID of the signatures corresponding key.

      • getUnhashedKeyIdentifiers

        public java.util.List<KeyIdentifier> getUnhashedKeyIdentifiers()
        Return a list of all KeyIdentifiers that could be derived from any IssuerFingerprint or IssuerKeyID subpackets of the unhashed signature subpacket area.
        Returns:
        unhashed key identifiers

      • getCreationTime

        public java.util.Date getCreationTime()
        Return the creation time of the signature.
        Returns:
        the signature creation time.

      • getSignatureTrailer

        public byte[] getSignatureTrailer()

      • hasSubpackets

        public boolean hasSubpackets()
        Return true if the signature has either hashed or unhashed subpackets.
        Returns:
        true if either hashed or unhashed subpackets are present, false otherwise.

      • getHashedSubPackets

        public PGPSignatureSubpacketVector getHashedSubPackets()
        Return the hashed subpackets of the signature. Hashed signature subpackets are covered by the signature.
        Returns:
        hashed signature subpackets

      • getUnhashedSubPackets

        public PGPSignatureSubpacketVector getUnhashedSubPackets()
        Return the unhashed subpackets of the signature. As unhashed signature subpackets are NOT covered by the signature, an attacker might inject false information after the fact, therefore only "self-authenticating" information from this area can be trusted. Self-authenticating information are for example the IssuerKeyID or IssuerFingerprint, whose authenticity can be confirmed by verifying the signature using the declared key.
        Returns:
        unhashed signature subpackets

      • getSignature

        public byte[] getSignature()
                    throws PGPException
        Return the cryptographic raw signature contained in the OpenPGP signature packet. The value is dependent on the signing algorithm.
        Returns:
        cryptographic signature
        Throws:
        PGPException

      • getEncoded

        public byte[] getEncoded()
                  throws java.io.IOException
        Return the OpenPGP packet encoding of the signature.
        Returns:
        OpenPGP packet encoding
        Throws:
        java.io.IOException

      • getEncoded

        public byte[] getEncoded​(boolean forTransfer)
                  throws java.io.IOException
        Return an encoding of the signature, with trust packets stripped out if forTransfer is true.
        Parameters:
        forTransfer - if the purpose of encoding is to send key to other users.
        Returns:
        a encoded byte array representing the key.
        Throws:
        java.io.IOException - in case of encoding error.

      • encode

        public void encode​(java.io.OutputStream outStream)
            throws java.io.IOException
        Encode the signature to an OpenPGP packet stream. This method does not strip out any trust packets.
        Parameters:
        outStream - packet stream
        Throws:
        java.io.IOException

      • encode

        public void encode​(java.io.OutputStream outStream,
                   boolean forTransfer)
            throws java.io.IOException
        Encode the signature to outStream, with trust packets stripped out if forTransfer is true.
        Parameters:
        outStream - stream to write the key encoding to.
        forTransfer - if the purpose of encoding is to send key to other users.
        Throws:
        java.io.IOException - in case of encoding error.

      • isCertification

        public static boolean isCertification​(int signatureType)
        Return true if the passed in signature type represents a certification, false if the signature type is not.
        Parameters:
        signatureType -
        Returns:
        true if signatureType is a certification, false otherwise.

      • isSignatureEncodingEqual

        public static boolean isSignatureEncodingEqual​(PGPSignature sig1,
                                               PGPSignature sig2)
        Return true, if the cryptographic signature encoding of the two signatures match.
        Parameters:
        sig1 - first signature
        sig2 - second signature
        Returns:
        true if both signatures contain the same cryptographic signature

      • join

        public static PGPSignature join​(PGPSignature sig1,
                                PGPSignature sig2)
                         throws PGPException
        Join two copies of the same signature. As an entity might append additional information to an existing signatures unhashed subpacket area (e.g. an embedded THIRD_PARTY_CONFIRMATION signature), an implementation might want to join an existing instance of a signature with an updated copy, e.g. retrieved from a key server. This method merges both signature instances by joining unhashed subpackets.
        Parameters:
        sig1 - first signature
        sig2 - second signature
        Returns:
        merged signature
        Throws:
        PGPException

      • update

        public void update​(byte b)

      • update

        public void update​(byte[] b)

      • update

        public void update​(byte[] b,
                   int off,
                   int len)

      • blockUpdate

        protected void blockUpdate​(byte[] block,
                           int off,
                           int len)

      • updateWithIdData

        protected void updateWithIdData​(int header,
                                byte[] idBytes)