Class SignatureValidator

Method Details

• verify

  public abstract void verify(org.bouncycastle.openpgp.PGPSignature signature) throws SignatureValidationException

  Throws:

  SignatureValidationException

• wasPossiblyMadeByKey

  public static SignatureValidator wasPossiblyMadeByKey(org.bouncycastle.openpgp.PGPPublicKey signingKey)

  Check, whether there is the possibility that the given signature was created by the given key. verify(PGPSignature) throws a SignatureValidationException if we can say with certainty that the signature was not created by the given key (e.g. if the sig carries another issuer, issuer fingerprint packet). If there is no information found in the signature about who created it (no issuer, no fingerprint), verify(PGPSignature) will simply return since it is plausible that the given key created the sig.

  Parameters:

  signingKey - signing key

  Returns:

  validator that throws a SignatureValidationException if the signature was not possibly made by the given key.

• hasValidPrimaryKeyBindingSignatureIfRequired

  public static SignatureValidator hasValidPrimaryKeyBindingSignatureIfRequired(org.bouncycastle.openpgp.PGPPublicKey primaryKey, org.bouncycastle.openpgp.PGPPublicKey subkey, Policy policy, Date referenceDate)

  Verify that a subkey binding signature - if the subkey is signing-capable - contains a valid primary key binding signature.

  Parameters:

  primaryKey - primary key

  subkey - subkey

  policy - policy

  referenceDate - reference date for signature verification

  Returns:

  validator

• signatureStructureIsAcceptable

  public static SignatureValidator signatureStructureIsAcceptable(org.bouncycastle.openpgp.PGPPublicKey signingKey, Policy policy)

  Verify that a signature has an acceptable structure.

  Parameters:

  signingKey - signing key

  policy - policy

  Returns:

  validator

• signatureUsesAcceptablePublicKeyAlgorithm

  public static SignatureValidator signatureUsesAcceptablePublicKeyAlgorithm(Policy policy, org.bouncycastle.openpgp.PGPPublicKey signingKey)

  Verify that a signature was made using an acceptable PublicKeyAlgorithm.

  Parameters:

  policy - policy

  signingKey - signing key

  Returns:

  validator

• signatureUsesAcceptableHashAlgorithm

  public static SignatureValidator signatureUsesAcceptableHashAlgorithm(Policy policy)

  Verify that a signature uses an acceptable HashAlgorithm.

  Parameters:

  policy - policy

  Returns:

  validator

• signatureDoesNotHaveCriticalUnknownNotations

  public static SignatureValidator signatureDoesNotHaveCriticalUnknownNotations(NotationRegistry registry)

  Verify that a signature does not carry critical unknown notations.

  Parameters:

  registry - notation registry of known notations

  Returns:

  validator

• signatureDoesNotHaveCriticalUnknownSubpackets

  public static SignatureValidator signatureDoesNotHaveCriticalUnknownSubpackets()

  Verify that a signature does not contain critical unknown subpackets.

  Returns:

  validator

• signatureIsEffective

  public static SignatureValidator signatureIsEffective()

  Verify that a signature is effective right now.

  Returns:

  validator

• signatureIsEffective

  public static SignatureValidator signatureIsEffective(Date referenceDate)

  Verify that a signature is effective at the given reference date.

  Parameters:

  referenceDate - reference date for signature verification

  Returns:

  validator

• signatureIsAlreadyEffective

  public static SignatureValidator signatureIsAlreadyEffective(Date referenceDate)

  Verify that a signature was created prior to the given reference date.

  Parameters:

  referenceDate - reference date for signature verification

  Returns:

  validator

• signatureIsNotYetExpired

  public static SignatureValidator signatureIsNotYetExpired(Date referenceDate)

  Verify that a signature is not yet expired.

  Parameters:

  referenceDate - reference date for signature verification

  Returns:

  validator

• signatureIsNotMalformed

  public static SignatureValidator signatureIsNotMalformed(org.bouncycastle.openpgp.PGPPublicKey creator)

  Verify that a signature is not malformed. A signature is malformed if it has no hashed creation time subpacket, it predates the creation time of the signing key, or it predates the creation date of the signing key binding signature.

  Parameters:

  creator - signing key

  Returns:

  validator

• signatureDoesNotPredateSignee

  public static SignatureValidator signatureDoesNotPredateSignee(org.bouncycastle.openpgp.PGPPublicKey signee)

• signatureHasHashedCreationTime

  public static SignatureValidator signatureHasHashedCreationTime()

  Verify that a signature has a hashed creation time subpacket.

  Returns:

  validator

• signatureDoesNotPredateSigningKey

  public static SignatureValidator signatureDoesNotPredateSigningKey(org.bouncycastle.openpgp.PGPPublicKey key)

  Verify that a signature does not predate the creation time of the signing key.

  Parameters:

  key - signing key

  Returns:

  validator

• signatureDoesNotPredateKeyCreation

  public static SignatureValidator signatureDoesNotPredateKeyCreation(org.bouncycastle.openpgp.PGPPublicKey key)

  Verify that a signature does not predate the creation time of the given key.

  Parameters:

  key - key

  Returns:

  validator

• signatureDoesNotPredateSigningKeyBindingDate

  public static SignatureValidator signatureDoesNotPredateSigningKeyBindingDate(org.bouncycastle.openpgp.PGPPublicKey signingKey)

  Verify that a signature does not predate the binding date of the signing key.

  Parameters:

  signingKey - signing key

  Returns:

  validator

• correctSubkeyBindingSignature

  public static SignatureValidator correctSubkeyBindingSignature(org.bouncycastle.openpgp.PGPPublicKey primaryKey, org.bouncycastle.openpgp.PGPPublicKey subkey)

  Verify that a subkey binding signature is correct.

  Parameters:

  primaryKey - primary key

  subkey - subkey

  Returns:

  validator

• correctPrimaryKeyBindingSignature

  public static SignatureValidator correctPrimaryKeyBindingSignature(org.bouncycastle.openpgp.PGPPublicKey primaryKey, org.bouncycastle.openpgp.PGPPublicKey subkey)

  Verify that a primary key binding signature is correct.

  Parameters:

  primaryKey - primary key

  subkey - subkey

  Returns:

  validator

• correctSignatureOverKey

  public static SignatureValidator correctSignatureOverKey(org.bouncycastle.openpgp.PGPPublicKey signer, org.bouncycastle.openpgp.PGPPublicKey signee)

  Verify that a direct-key signature is correct.

  Parameters:

  signer - signing key

  signee - signed key

  Returns:

  validator

• signatureIsCertification

  public static SignatureValidator signatureIsCertification()

  Verify that a signature is a certification signature.

  Returns:

  validator

• signatureIsOfType

  public static SignatureValidator signatureIsOfType(SignatureType... signatureTypes)

  Verify that a signature type equals one of the given SignatureTypes.

  Parameters:

  signatureTypes - one or more signature types

  Returns:

  validator

• correctSignatureOverUserId

  public static SignatureValidator correctSignatureOverUserId(String userId, org.bouncycastle.openpgp.PGPPublicKey certifiedKey, org.bouncycastle.openpgp.PGPPublicKey certifyingKey)

  Verify that a signature over a user-id is correct.

  Parameters:

  userId - user-id

  certifiedKey - key carrying the user-id

  certifyingKey - key that created the signature.

  Returns:

  validator

• correctSignatureOverUserAttributes

  public static SignatureValidator correctSignatureOverUserAttributes(org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector userAttributes, org.bouncycastle.openpgp.PGPPublicKey certifiedKey, org.bouncycastle.openpgp.PGPPublicKey certifyingKey)

  Verify that a signature over a user-attribute packet is correct.

  Parameters:

  userAttributes - user attributes

  certifiedKey - key carrying the user-attributes

  certifyingKey - key that created the certification signature

  Returns:

  validator

• signatureWasCreatedInBounds

  public static SignatureValidator signatureWasCreatedInBounds(Date notBefore, Date notAfter)