Package org.pgpainless.key.info

Class KeyRingInfo

  • public class KeyRingInfo
extends Object
    Utility class to quickly extract certain information from a PGPPublicKeyRing/PGPSecretKeyRing.

    • Constructor Detail

      • KeyRingInfo

        public KeyRingInfo​(org.bouncycastle.openpgp.PGPKeyRing keys)
        Evaluate the key ring right now.
        Parameters:
        keys - key ring

      • KeyRingInfo

        public KeyRingInfo​(org.bouncycastle.openpgp.PGPKeyRing keys,
                   Date validationDate)
        Evaluate the key ring at the provided validation date.
        Parameters:
        keys - key ring
        validationDate - date of validation

    • Method Detail

      • evaluateForSignature

        public static KeyRingInfo evaluateForSignature​(org.bouncycastle.openpgp.PGPKeyRing keyRing,
                                               org.bouncycastle.openpgp.PGPSignature signature)
        Evaluate the key ring at creation time of the given signature.
        Parameters:
        keyRing - key ring
        signature - signature
        Returns:
        info of key ring at signature creation time

      • getPublicKey

        public org.bouncycastle.openpgp.PGPPublicKey getPublicKey()
        Return the first PGPPublicKey of this key ring.
        Returns:
        public key

      • getPublicKey

        @Nullable
public org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(OpenPgpFingerprint fingerprint)
        Return the public key with the given fingerprint.
        Parameters:
        fingerprint - fingerprint
        Returns:
        public key or null

      • getPublicKey

        @Nullable
public org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(long keyId)
        Return the public key with the given key id.
        Parameters:
        keyId - key id
        Returns:
        public key or null

      • getPublicKey

        @Nullable
public static org.bouncycastle.openpgp.PGPPublicKey getPublicKey​(org.bouncycastle.openpgp.PGPKeyRing keyRing,
                                                                 long keyId)
        Return the public key with the given key id from the provided key ring.
        Parameters:
        keyRing - key ring
        keyId - key id
        Returns:
        public key or null

      • isKeyValidlyBound

        public boolean isKeyValidlyBound​(long keyId)
        Return true if the public key with the given key id is bound to the key ring properly.
        Parameters:
        keyId - key id
        Returns:
        true if key is bound validly

      • getPublicKeys

        public List<org.bouncycastle.openpgp.PGPPublicKey> getPublicKeys()
        Return all PGPPublicKeys of this key ring. The first key in the list being the primary key. Note that the list is unmodifiable.
        Returns:
        list of public keys

      • getSecretKey

        @Nullable
public org.bouncycastle.openpgp.PGPSecretKey getSecretKey()
        Return the primary PGPSecretKey of this key ring or null if the key ring is not a PGPSecretKeyRing.
        Returns:
        primary secret key or null if the key ring is public

      • getSecretKey

        @Nullable
public org.bouncycastle.openpgp.PGPSecretKey getSecretKey​(OpenPgpFingerprint fingerprint)
        Return the secret key with the given fingerprint.
        Parameters:
        fingerprint - fingerprint
        Returns:
        secret key or null

      • getSecretKey

        @Nullable
public org.bouncycastle.openpgp.PGPSecretKey getSecretKey​(long keyId)
        Return the secret key with the given key id.
        Parameters:
        keyId - key id
        Returns:
        secret key or null

      • getSecretKeys

        public List<org.bouncycastle.openpgp.PGPSecretKey> getSecretKeys()
        Return all secret keys of the key ring. If the key ring is a PGPPublicKeyRing, then return an empty list. Note that the list is unmodifiable.
        Returns:
        list of secret keys

      • getKeyId

        public long getKeyId()
        Return the key id of the primary key of this key ring.
        Returns:
        key id

      • getUserIds

        public List<StringgetUserIds()
        Return a list of all user-ids of the primary key. Note: This list might also contain expired / revoked user-ids. Consider using getValidUserIds() instead.
        Returns:
        list of user-ids

      • getValidAndExpiredUserIds

        public List<StringgetValidAndExpiredUserIds()
        Return a list of all user-ids that were valid at some point, but might be expired by now.
        Returns:
        bound user-ids

      • isUserIdValid

        public boolean isUserIdValid​(String userId)
        Return true if the provided user-id is valid.
        Parameters:
        userId - user-id
        Returns:
        true if user-id is valid

      • getEmailAddresses

        public List<StringgetEmailAddresses()
        Return a list of all user-ids of the primary key that appear to be email-addresses. Note: This list might contain expired / revoked user-ids.
        Returns:
        email addresses

      • getRevocationSelfSignature

        @Nullable
public org.bouncycastle.openpgp.PGPSignature getRevocationSelfSignature()
        Return the latest revocation self-signature on the primary key.
        Returns:
        revocation or null

      • getLatestUserIdCertification

        @Nullable
public org.bouncycastle.openpgp.PGPSignature getLatestUserIdCertification​(String userId)
        Return the latest certification self-signature on the provided user-id.
        Parameters:
        userId - user-id
        Returns:
        certification signature or null

      • getUserIdRevocation

        @Nullable
public org.bouncycastle.openpgp.PGPSignature getUserIdRevocation​(String userId)
        Return the latest user-id revocation signature for the provided user-id.
        Parameters:
        userId - user-id
        Returns:
        revocation or null

      • getCurrentSubkeyBindingSignature

        @Nullable
public org.bouncycastle.openpgp.PGPSignature getCurrentSubkeyBindingSignature​(long keyId)
        Return the currently active subkey binding signature for the subkey with the provided key-id.
        Parameters:
        keyId - subkey id
        Returns:
        subkey binding signature or null

      • getSubkeyRevocationSignature

        @Nullable
public org.bouncycastle.openpgp.PGPSignature getSubkeyRevocationSignature​(long keyId)
        Return the latest subkey binding revocation signature for the subkey with the given key-id.
        Parameters:
        keyId - subkey id
        Returns:
        subkey binding revocation or null

      • getKeyFlagsOf

        @Nonnull
public List<KeyFlaggetKeyFlagsOf​(long keyId)
        Return a list of KeyFlags that apply to the subkey with the provided key id.
        Parameters:
        keyId - key-id
        Returns:
        list of key flags

      • getCreationDate

        public Date getCreationDate()
        Return the creation date of the primary key.
        Returns:
        creation date

      • getLastModified

        @Nullable
public Date getLastModified()
        Return the date on which the key ring was last modified. This date corresponds to the date of the last signature that was made on this key ring by the primary key.
        Returns:
        last modification date.

      • getRevocationDate

        @Nullable
public Date getRevocationDate()
        Return the date on which the primary key was revoked, or null if it has not yet been revoked.
        Returns:
        revocation date or null

      • getPrimaryKeyExpirationDate

        @Nullable
public Date getPrimaryKeyExpirationDate()
        Return the date of expiration of the primary key or null if the key has no expiration date.
        Returns:
        expiration date

      • getExpirationDateForUse

        public Date getExpirationDateForUse​(KeyFlag use)
        Return the latest date on which the key ring is still usable for the given key flag. If only a subkey is carrying the required flag and the primary key expires earlier than the subkey, the expiry date of the primary key is returned. This method might return null, if the primary key and a subkey with the required flag does not expire.
        Parameters:
        use - key flag representing the use case, e.g. KeyFlag.SIGN_DATA or KeyFlag.ENCRYPT_COMMS/KeyFlag.ENCRYPT_STORAGE.
        Returns:
        latest date on which the key ring can be used for the given use case, or null if it can be used indefinitely.

      • isSecretKey

        public boolean isSecretKey()
        Return true if the key ring is a PGPSecretKeyRing. If it is a PGPPublicKeyRing return false and if it is neither, throw an AssertionError.
        Returns:
        true if the key ring is a secret key ring.

      • isFullyDecrypted

        public boolean isFullyDecrypted()
        Returns true when every secret key on the key ring is not encrypted. If there is at least one encrypted secret key on the key ring, returns false. If the key ring is a PGPPublicKeyRing, returns true. Sub-keys with S2K of a type GNU_DUMMY_S2K do not affect the result.
        Returns:
        true if all secret keys are unencrypted.

      • isFullyEncrypted

        public boolean isFullyEncrypted()
        Returns true when every secret key on the key ring is encrypted. If there is at least one not encrypted secret key on the key ring, returns false. If the key ring is a PGPPublicKeyRing, returns false. Sub-keys with S2K of a type GNU_DUMMY_S2K do not affect a result.
        Returns:
        true if all secret keys are encrypted.

      • getVersion

        public int getVersion()
        Return the version number of the public keys format.
        Returns:
        version

      • getEncryptionSubkeys

        @Nonnull
public List<org.bouncycastle.openpgp.PGPPublicKey> getEncryptionSubkeys​(EncryptionPurpose purpose)
        Return a list of all subkeys which can be used for encryption of the given purpose. This list does not include expired or revoked keys.
        Parameters:
        purpose - purpose (encrypt data at rest / communications)
        Returns:
        encryption subkeys

      • getKeysWithKeyFlag

        public List<org.bouncycastle.openpgp.PGPPublicKey> getKeysWithKeyFlag​(KeyFlag flag)
        Return a list of all keys which carry the provided key flag in their signature.
        Parameters:
        flag - flag
        Returns:
        keys with flag

      • getEncryptionSubkeys

        @Nonnull
public List<org.bouncycastle.openpgp.PGPPublicKey> getEncryptionSubkeys​(String userId,
                                                                        EncryptionPurpose purpose)
        Return a list of all subkeys that can be used for encryption with the given user-id. This list does not include expired or revoked keys. TODO: Does it make sense to pass in a user-id? Aren't the encryption subkeys the same, regardless of which user-id is used?
        Parameters:
        userId - user-id
        purpose - encryption purpose
        Returns:
        encryption subkeys

      • getSigningSubkeys

        @Nonnull
public List<org.bouncycastle.openpgp.PGPPublicKey> getSigningSubkeys()
        Return a list of all subkeys which can be used to sign data.
        Returns:
        signing keys