Class KeyRingInfo

java.lang.Object
org.pgpainless.key.info.KeyRingInfo

public class KeyRingInfo extends Object
Utility class to quickly extract certain information from a PGPPublicKeyRing/PGPSecretKeyRing.
  • Constructor Details

    • KeyRingInfo

      public KeyRingInfo(org.bouncycastle.openpgp.PGPKeyRing keys)
      Evaluate the key ring right now.
      Parameters:
      keys - key ring
    • KeyRingInfo

      public KeyRingInfo(org.bouncycastle.openpgp.PGPKeyRing keys, Date referenceDate)
      Evaluate the key ring at the provided validation date.
      Parameters:
      keys - key ring
      referenceDate - date of validation
    • KeyRingInfo

      public KeyRingInfo(org.bouncycastle.openpgp.PGPKeyRing keys, Policy policy, Date referenceDate)
      Evaluate the key ring at the provided validation date.
      Parameters:
      keys - key ring
      policy - policy
      referenceDate - validation date
  • Method Details

    • evaluateForSignature

      public static KeyRingInfo evaluateForSignature(org.bouncycastle.openpgp.PGPKeyRing keyRing, org.bouncycastle.openpgp.PGPSignature signature)
      Evaluate the key ring at creation time of the given signature.
      Parameters:
      keyRing - key ring
      signature - signature
      Returns:
      info of key ring at signature creation time
    • getPublicKey

      public org.bouncycastle.openpgp.PGPPublicKey getPublicKey()
      Return the first PGPPublicKey of this key ring.
      Returns:
      public key
    • getPublicKey

      @Nullable public org.bouncycastle.openpgp.PGPPublicKey getPublicKey(OpenPgpFingerprint fingerprint)
      Return the public key with the given fingerprint.
      Parameters:
      fingerprint - fingerprint
      Returns:
      public key or null
    • getPublicKey

      @Nullable public org.bouncycastle.openpgp.PGPPublicKey getPublicKey(long keyId)
      Return the public key with the given key id.
      Parameters:
      keyId - key id
      Returns:
      public key or null
    • getPublicKey

      @Nullable public static org.bouncycastle.openpgp.PGPPublicKey getPublicKey(org.bouncycastle.openpgp.PGPKeyRing keyRing, long keyId)
      Return the public key with the given key id from the provided key ring.
      Parameters:
      keyRing - key ring
      keyId - key id
      Returns:
      public key or null
    • isKeyValidlyBound

      public boolean isKeyValidlyBound(long keyId)
      Return true if the public key with the given key id is bound to the key ring properly.
      Parameters:
      keyId - key id
      Returns:
      true if key is bound validly
    • getPublicKeys

      public List<org.bouncycastle.openpgp.PGPPublicKey> getPublicKeys()
      Return all PGPPublicKeys of this key ring. The first key in the list being the primary key. Note that the list is unmodifiable.
      Returns:
      list of public keys
    • getSecretKey

      @Nullable public org.bouncycastle.openpgp.PGPSecretKey getSecretKey()
      Return the primary PGPSecretKey of this key ring or null if the key ring is not a PGPSecretKeyRing.
      Returns:
      primary secret key or null if the key ring is public
    • getSecretKey

      @Nullable public org.bouncycastle.openpgp.PGPSecretKey getSecretKey(OpenPgpFingerprint fingerprint)
      Return the secret key with the given fingerprint.
      Parameters:
      fingerprint - fingerprint
      Returns:
      secret key or null
    • getSecretKey

      @Nullable public org.bouncycastle.openpgp.PGPSecretKey getSecretKey(long keyId)
      Return the secret key with the given key id.
      Parameters:
      keyId - key id
      Returns:
      secret key or null
    • getSecretKeys

      public List<org.bouncycastle.openpgp.PGPSecretKey> getSecretKeys()
      Return all secret keys of the key ring. If the key ring is a PGPPublicKeyRing, then return an empty list. Note that the list is unmodifiable.
      Returns:
      list of secret keys
    • getKeyId

      public long getKeyId()
      Return the key id of the primary key of this key ring.
      Returns:
      key id
    • getFingerprint

      public OpenPgpFingerprint getFingerprint()
      Return the OpenPgpFingerprint of this key ring.
      Returns:
      fingerprint
    • getPrimaryUserId

      @Nullable public String getPrimaryUserId()
    • getUserIds

      public List<String> getUserIds()
      Return a list of all user-ids of the primary key. Note: This list might also contain expired / revoked user-ids. Consider using getValidUserIds() instead.
      Returns:
      list of user-ids
    • getValidUserIds

      public List<String> getValidUserIds()
      Return a list of valid user-ids.
      Returns:
      valid user-ids
    • getValidAndExpiredUserIds

      public List<String> getValidAndExpiredUserIds()
      Return a list of all user-ids that were valid at some point, but might be expired by now.
      Returns:
      bound user-ids
    • isUserIdValid

      public boolean isUserIdValid(String userId)
      Return true if the provided user-id is valid.
      Parameters:
      userId - user-id
      Returns:
      true if user-id is valid
    • getEmailAddresses

      public List<String> getEmailAddresses()
      Return a list of all user-ids of the primary key that appear to be email-addresses. Note: This list might contain expired / revoked user-ids.
      Returns:
      email addresses
    • getLatestDirectKeySelfSignature

      @Nullable public org.bouncycastle.openpgp.PGPSignature getLatestDirectKeySelfSignature()
      Return the latest direct-key self signature. Note: This signature might be expired (check with SignatureUtils.isSignatureExpired(PGPSignature)).
      Returns:
      latest direct key self-signature or null
    • getRevocationSelfSignature

      @Nullable public org.bouncycastle.openpgp.PGPSignature getRevocationSelfSignature()
      Return the latest revocation self-signature on the primary key.
      Returns:
      revocation or null
    • getLatestUserIdCertification

      @Nullable public org.bouncycastle.openpgp.PGPSignature getLatestUserIdCertification(String userId)
      Return the latest certification self-signature on the provided user-id.
      Parameters:
      userId - user-id
      Returns:
      certification signature or null
    • getUserIdRevocation

      @Nullable public org.bouncycastle.openpgp.PGPSignature getUserIdRevocation(String userId)
      Return the latest user-id revocation signature for the provided user-id.
      Parameters:
      userId - user-id
      Returns:
      revocation or null
    • getCurrentSubkeyBindingSignature

      @Nullable public org.bouncycastle.openpgp.PGPSignature getCurrentSubkeyBindingSignature(long keyId)
      Return the currently active subkey binding signature for the subkey with the provided key-id.
      Parameters:
      keyId - subkey id
      Returns:
      subkey binding signature or null
    • getSubkeyRevocationSignature

      @Nullable public org.bouncycastle.openpgp.PGPSignature getSubkeyRevocationSignature(long keyId)
      Return the latest subkey binding revocation signature for the subkey with the given key-id.
      Parameters:
      keyId - subkey id
      Returns:
      subkey binding revocation or null
    • getKeyFlagsOf

      @Nonnull public List<KeyFlag> getKeyFlagsOf(long keyId)
      Return a list of KeyFlags that apply to the subkey with the provided key id.
      Parameters:
      keyId - key-id
      Returns:
      list of key flags
    • getKeyFlagsOf

      @Nonnull public List<KeyFlag> getKeyFlagsOf(String userId)
      Return a list of KeyFlags that apply to the given user-id.
      Parameters:
      userId - user-id
      Returns:
      key flags
    • getAlgorithm

      @Nonnull public PublicKeyAlgorithm getAlgorithm()
      Return the algorithm of the primary key.
      Returns:
      public key algorithm
    • getCreationDate

      public Date getCreationDate()
      Return the creation date of the primary key.
      Returns:
      creation date
    • getLastModified

      @Nullable public Date getLastModified()
      Return the date on which the key ring was last modified. This date corresponds to the date of the last signature that was made on this key ring by the primary key.
      Returns:
      last modification date.
    • getLatestKeyCreationDate

      @Nonnull public Date getLatestKeyCreationDate()
      Return the creation time of the latest added subkey.
      Returns:
      latest key creation time
    • getRevocationState

      public RevocationState getRevocationState()
    • getRevocationDate

      @Nullable public Date getRevocationDate()
      Return the date on which the primary key was revoked, or null if it has not yet been revoked.
      Returns:
      revocation date or null
    • getPrimaryKeyExpirationDate

      @Nullable public Date getPrimaryKeyExpirationDate()
      Return the date of expiration of the primary key or null if the key has no expiration date.
      Returns:
      expiration date
    • getPossiblyExpiredPrimaryUserId

      public String getPossiblyExpiredPrimaryUserId()
    • getSubkeyExpirationDate

      @Nullable public Date getSubkeyExpirationDate(OpenPgpFingerprint fingerprint)
      Return the expiration date of the subkey with the provided fingerprint.
      Parameters:
      fingerprint - subkey fingerprint
      Returns:
      expiration date or null
    • getExpirationDateForUse

      public Date getExpirationDateForUse(KeyFlag use)
      Return the latest date on which the key ring is still usable for the given key flag. If only a subkey is carrying the required flag and the primary key expires earlier than the subkey, the expiry date of the primary key is returned. This method might return null, if the primary key and a subkey with the required flag does not expire.
      Parameters:
      use - key flag representing the use case, e.g. KeyFlag.SIGN_DATA or KeyFlag.ENCRYPT_COMMS/KeyFlag.ENCRYPT_STORAGE.
      Returns:
      latest date on which the key ring can be used for the given use case, or null if it can be used indefinitely.
    • isHardRevoked

      public boolean isHardRevoked(String userId)
    • isSecretKey

      public boolean isSecretKey()
      Return true if the key ring is a PGPSecretKeyRing. If it is a PGPPublicKeyRing return false and if it is neither, throw an AssertionError.
      Returns:
      true if the key ring is a secret key ring.
    • isFullyDecrypted

      public boolean isFullyDecrypted()
      Returns true when every secret key on the key ring is not encrypted. If there is at least one encrypted secret key on the key ring, returns false. If the key ring is a PGPPublicKeyRing, returns true. Sub-keys with S2K of a type GNU_DUMMY_S2K do not affect the result.
      Returns:
      true if all secret keys are unencrypted.
    • isFullyEncrypted

      public boolean isFullyEncrypted()
      Returns true when every secret key on the key ring is encrypted. If there is at least one not encrypted secret key on the key ring, returns false. If the key ring is a PGPPublicKeyRing, returns false. Sub-keys with S2K of a type GNU_DUMMY_S2K do not affect a result.
      Returns:
      true if all secret keys are encrypted.
    • getVersion

      public int getVersion()
      Return the version number of the public keys format.
      Returns:
      version
    • getEncryptionSubkeys

      @Nonnull public List<org.bouncycastle.openpgp.PGPPublicKey> getEncryptionSubkeys(EncryptionPurpose purpose)
      Return a list of all subkeys which can be used for encryption of the given purpose. This list does not include expired or revoked keys.
      Parameters:
      purpose - purpose (encrypt data at rest / communications)
      Returns:
      encryption subkeys
    • getKeysWithKeyFlag

      public List<org.bouncycastle.openpgp.PGPPublicKey> getKeysWithKeyFlag(KeyFlag flag)
      Return a list of all keys which carry the provided key flag in their signature.
      Parameters:
      flag - flag
      Returns:
      keys with flag
    • getEncryptionSubkeys

      @Nonnull public List<org.bouncycastle.openpgp.PGPPublicKey> getEncryptionSubkeys(String userId, EncryptionPurpose purpose)
      Return a list of all subkeys that can be used for encryption with the given user-id. This list does not include expired or revoked keys. TODO: Does it make sense to pass in a user-id? Aren't the encryption subkeys the same, regardless of which user-id is used?
      Parameters:
      userId - user-id
      purpose - encryption purpose
      Returns:
      encryption subkeys
    • getSigningSubkeys

      @Nonnull public List<org.bouncycastle.openpgp.PGPPublicKey> getSigningSubkeys()
      Return a list of all subkeys which can be used to sign data.
      Returns:
      signing keys
    • getPreferredHashAlgorithms

      public Set<HashAlgorithm> getPreferredHashAlgorithms()
    • getPreferredHashAlgorithms

      public Set<HashAlgorithm> getPreferredHashAlgorithms(String userId)
    • getPreferredHashAlgorithms

      public Set<HashAlgorithm> getPreferredHashAlgorithms(long keyId)
    • getPreferredSymmetricKeyAlgorithms

      public Set<SymmetricKeyAlgorithm> getPreferredSymmetricKeyAlgorithms()
    • getPreferredSymmetricKeyAlgorithms

      public Set<SymmetricKeyAlgorithm> getPreferredSymmetricKeyAlgorithms(String userId)
    • getPreferredSymmetricKeyAlgorithms

      public Set<SymmetricKeyAlgorithm> getPreferredSymmetricKeyAlgorithms(long keyId)
    • getPreferredCompressionAlgorithms

      public Set<CompressionAlgorithm> getPreferredCompressionAlgorithms()
    • getPreferredCompressionAlgorithms

      public Set<CompressionAlgorithm> getPreferredCompressionAlgorithms(String userId)
    • getPreferredCompressionAlgorithms

      public Set<CompressionAlgorithm> getPreferredCompressionAlgorithms(long keyId)
    • isUsableForEncryption

      public boolean isUsableForEncryption()
      Returns true, if the certificate has at least one usable encryption subkey.
      Returns:
      true if usable for encryption
    • isUsableForEncryption

      public boolean isUsableForEncryption(@Nonnull EncryptionPurpose purpose)
      Returns true, if the certificate has at least one usable encryption subkey for the given purpose.
      Parameters:
      purpose - purpose of encryption
      Returns:
      true if usable for encryption
    • isSigningCapable

      public boolean isSigningCapable()
      Returns true, if the key ring is capable of signing. Contrary to isUsableForSigning(), this method also returns true, if this KeyRingInfo is based on a key ring which has at least one valid public key marked for signing. The secret key is not required for the key ring to qualify as signing capable.
      Returns:
      true if key corresponding to the cert is capable of signing
    • isUsableForSigning

      public boolean isUsableForSigning()
      Returns true, if this KeyRingInfo is based on a PGPSecretKeyRing, which has a valid signing key which is ready to be used (i.e. secret key is present and is not on a smart-card). If you just want to check, whether a key / certificate has signing capable subkeys, use isSigningCapable() instead.
      Returns:
      true if key is ready to be used for signing