Package org.pgpainless.key.modification.secretkeyring

Class SecretKeyRingEditor

    • Constructor Detail

      • SecretKeyRingEditor

        public SecretKeyRingEditor​(@Nonnull
                           org.bouncycastle.openpgp.PGPSecretKeyRing secretKeyRing)

      • SecretKeyRingEditor

        public SecretKeyRingEditor​(@Nonnull
                           org.bouncycastle.openpgp.PGPSecretKeyRing secretKeyRing,
                           @Nonnull
                           java.util.Date referenceTime)

    • Method Detail

      • addUserId

        public SecretKeyRingEditorInterface addUserId​(@Nonnull
                                              java.lang.CharSequence userId,
                                              @Nonnull
                                              SecretKeyRingProtector secretKeyRingProtector)
                                       throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Add a user-id to the key ring.
        Specified by:
        addUserId in interface SecretKeyRingEditorInterface
        Parameters:
        userId - user-id
        secretKeyRingProtector - protector to unlock the secret key
        Returns:
        the builder
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a signature for the user-id

      • addUserId

        public SecretKeyRingEditorInterface addUserId​(@Nonnull
                                              java.lang.CharSequence userId,
                                              @Nullable
                                              SelfSignatureSubpackets.Callback signatureSubpacketCallback,
                                              @Nonnull
                                              SecretKeyRingProtector protector)
                                       throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Add a user-id to the key ring.
        Specified by:
        addUserId in interface SecretKeyRingEditorInterface
        Parameters:
        userId - user-id
        signatureSubpacketCallback - callback that can be used to modify signature subpackets of the certification signature.
        protector - protector to unlock the primary secret key
        Returns:
        the builder
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a signature for the user-id

      • addPrimaryUserId

        public SecretKeyRingEditorInterface addPrimaryUserId​(@Nonnull
                                                     java.lang.CharSequence userId,
                                                     @Nonnull
                                                     SecretKeyRingProtector protector)
                                              throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Add a user-id to the key ring and mark it as primary. If the user-id is already present, a new certification signature will be created.
        Specified by:
        addPrimaryUserId in interface SecretKeyRingEditorInterface
        Parameters:
        userId - user id
        protector - protector to unlock the secret key
        Returns:
        the builder
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a signature for the user-id

      • replaceUserId

        public SecretKeyRingEditorInterface replaceUserId​(@Nonnull
                                                  java.lang.CharSequence oldUserId,
                                                  @Nonnull
                                                  java.lang.CharSequence newUserId,
                                                  @Nonnull
                                                  SecretKeyRingProtector protector)
                                           throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Replace a user-id on the key with a new one. The old user-id gets soft revoked and the new user-id gets bound with the same signature subpackets as the old one, with one exception: If the old user-id was implicitly primary (did not carry a PrimaryUserID packet, but effectively was primary, then the new user-id will be explicitly marked as primary.
        Specified by:
        replaceUserId in interface SecretKeyRingEditorInterface
        Parameters:
        oldUserId - old user-id
        newUserId - new user-id
        protector - protector to unlock the secret key
        Returns:
        the builder
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a revocation and certification signature

      • addSubKey

        public SecretKeyRingEditorInterface addSubKey​(@Nonnull
                                              KeySpec keySpec,
                                              @Nonnull
                                              Passphrase subKeyPassphrase,
                                              @Nonnull
                                              SecretKeyRingProtector secretKeyRingProtector)
                                       throws java.security.InvalidAlgorithmParameterException,
                                              java.security.NoSuchAlgorithmException,
                                              org.bouncycastle.openpgp.PGPException,
                                              java.io.IOException
        Description copied from interface: SecretKeyRingEditorInterface
        Add a subkey to the key ring. The subkey will be generated from the provided KeySpec.
        Specified by:
        addSubKey in interface SecretKeyRingEditorInterface
        Parameters:
        keySpec - key specification
        subKeyPassphrase - passphrase to encrypt the sub key
        secretKeyRingProtector - protector to unlock the secret key of the key ring
        Returns:
        the builder
        Throws:
        java.security.InvalidAlgorithmParameterException - in case the user wants to use invalid parameters for the key
        java.security.NoSuchAlgorithmException - in case of missing algorithm support in the crypto backend
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a binding signature for the subkey
        java.io.IOException - in case of an IO error

      • addSubKey

        public SecretKeyRingEditorInterface addSubKey​(@Nonnull
                                              KeySpec keySpec,
                                              @Nullable
                                              Passphrase subkeyPassphrase,
                                              @Nullable
                                              SelfSignatureSubpackets.Callback subpacketsCallback,
                                              @Nonnull
                                              SecretKeyRingProtector secretKeyRingProtector)
                                       throws org.bouncycastle.openpgp.PGPException,
                                              java.security.InvalidAlgorithmParameterException,
                                              java.security.NoSuchAlgorithmException,
                                              java.io.IOException
        Description copied from interface: SecretKeyRingEditorInterface
        Add a subkey to the key ring. The subkey will be generated from the provided KeySpec.
        Specified by:
        addSubKey in interface SecretKeyRingEditorInterface
        Parameters:
        keySpec - key spec of the subkey
        subkeyPassphrase - passphrase to encrypt the subkey
        subpacketsCallback - callback to modify the subpackets of the subkey binding signature
        secretKeyRingProtector - protector to unlock the primary key
        Returns:
        builder
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a binding signature for the subkey
        java.security.InvalidAlgorithmParameterException - in case the user wants to use invalid parameters for the key
        java.security.NoSuchAlgorithmException - in case of missing algorithm support in the crypto backend
        java.io.IOException - in case of an IO error

      • addSubKey

        public SecretKeyRingEditorInterface addSubKey​(@Nonnull
                                              org.bouncycastle.openpgp.PGPKeyPair subkey,
                                              @Nullable
                                              SelfSignatureSubpackets.Callback bindingSignatureCallback,
                                              @Nonnull
                                              SecretKeyRingProtector subkeyProtector,
                                              @Nonnull
                                              SecretKeyRingProtector primaryKeyProtector,
                                              @Nonnull
                                              KeyFlag keyFlag,
                                              KeyFlag... additionalKeyFlags)
                                       throws org.bouncycastle.openpgp.PGPException,
                                              java.io.IOException
        Description copied from interface: SecretKeyRingEditorInterface
        Add a subkey to the key ring.
        Specified by:
        addSubKey in interface SecretKeyRingEditorInterface
        Parameters:
        subkey - subkey key pair
        bindingSignatureCallback - callback to modify the subpackets of the subkey binding signature
        subkeyProtector - protector to unlock and encrypt the subkey
        primaryKeyProtector - protector to unlock the primary key
        keyFlag - first key flag for the subkey
        additionalKeyFlags - optional additional key flags
        Returns:
        builder
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a binding signature for the subkey
        java.io.IOException - in case of an IO error

      • revoke

        public SecretKeyRingEditorInterface revoke​(@Nonnull
                                           SecretKeyRingProtector secretKeyRingProtector,
                                           @Nullable
                                           RevocationAttributes revocationAttributes)
                                    throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Revoke the key ring using the provided revocation attributes. The attributes define, whether the revocation was a hard revocation or not.
        Specified by:
        revoke in interface SecretKeyRingEditorInterface
        Parameters:
        secretKeyRingProtector - protector of the primary key
        revocationAttributes - reason for the revocation
        Returns:
        the builder
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a revocation signature

      • revokeSubKey

        public SecretKeyRingEditorInterface revokeSubKey​(long subKeyId,
                                                 SecretKeyRingProtector protector,
                                                 RevocationAttributes revocationAttributes)
                                          throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Revoke the subkey binding signature of a subkey. The subkey with the provided key-id will be revoked. If no suitable subkey is found, a NoSuchElementException will be thrown.
        Specified by:
        revokeSubKey in interface SecretKeyRingEditorInterface
        Parameters:
        subKeyId - id of the subkey
        protector - protector to unlock the primary key
        revocationAttributes - reason for the revocation
        Returns:
        the builder
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a revocation signature for the subkey

      • revokeSubKey

        public SecretKeyRingEditorInterface revokeSubKey​(long keyID,
                                                 @Nonnull
                                                 SecretKeyRingProtector secretKeyRingProtector,
                                                 @Nullable
                                                 RevocationSignatureSubpackets.Callback subpacketsCallback)
                                          throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Revoke the subkey binding signature of a subkey. The subkey with the provided key-id will be revoked. If no suitable subkey is found, q NoSuchElementException will be thrown. The provided subpackets callback is used to modify the revocation signatures subpackets.
        Specified by:
        revokeSubKey in interface SecretKeyRingEditorInterface
        Parameters:
        keyID - id of the subkey
        secretKeyRingProtector - protector to unlock the secret key ring
        subpacketsCallback - callback which can be used to modify the subpackets of the revocation signature
        Returns:
        the builder
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a revocation signature for the subkey

      • createRevocation

        public org.bouncycastle.openpgp.PGPSignature createRevocation​(@Nonnull
                                                              SecretKeyRingProtector secretKeyRingProtector,
                                                              @Nullable
                                                              RevocationAttributes revocationAttributes)
                                                       throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Create a detached revocation certificate, which can be used to revoke the whole key. The original key will not be modified by this method.
        Specified by:
        createRevocation in interface SecretKeyRingEditorInterface
        Parameters:
        secretKeyRingProtector - protector to unlock the primary key.
        revocationAttributes - reason for the revocation
        Returns:
        revocation certificate
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a revocation certificate

      • createRevocation

        public org.bouncycastle.openpgp.PGPSignature createRevocation​(long subkeyId,
                                                              @Nonnull
                                                              SecretKeyRingProtector secretKeyRingProtector,
                                                              @Nullable
                                                              RevocationAttributes revocationAttributes)
                                                       throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Create a detached revocation certificate, which can be used to revoke the specified subkey. The original key will not be modified by this method.
        Specified by:
        createRevocation in interface SecretKeyRingEditorInterface
        Parameters:
        subkeyId - id of the subkey to be revoked
        secretKeyRingProtector - protector to unlock the primary key.
        revocationAttributes - reason for the revocation
        Returns:
        revocation certificate
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a revocation certificate

      • createRevocation

        public org.bouncycastle.openpgp.PGPSignature createRevocation​(long subkeyId,
                                                              @Nonnull
                                                              SecretKeyRingProtector secretKeyRingProtector,
                                                              @Nullable
                                                              RevocationSignatureSubpackets.Callback certificateSubpacketsCallback)
                                                       throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Create a detached revocation certificate, which can be used to revoke the specified subkey. The original key will not be modified by this method.
        Specified by:
        createRevocation in interface SecretKeyRingEditorInterface
        Parameters:
        subkeyId - id of the subkey to be revoked
        secretKeyRingProtector - protector to unlock the primary key.
        certificateSubpacketsCallback - callback to modify the subpackets of the revocation certificate.
        Returns:
        revocation certificate
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a revocation certificate

      • revokeUserId

        public SecretKeyRingEditorInterface revokeUserId​(@Nonnull
                                                 java.lang.CharSequence userId,
                                                 @Nonnull
                                                 SecretKeyRingProtector secretKeyRingProtector,
                                                 @Nullable
                                                 RevocationAttributes revocationAttributes)
                                          throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Revoke the given userID using the provided revocation attributes.
        Specified by:
        revokeUserId in interface SecretKeyRingEditorInterface
        Parameters:
        userId - userId to revoke
        secretKeyRingProtector - protector to unlock the primary key
        revocationAttributes - reason for the revocation
        Returns:
        the builder
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a revocation signature for the user-id

      • revokeUserId

        public SecretKeyRingEditorInterface revokeUserId​(@Nonnull
                                                 java.lang.CharSequence userId,
                                                 @Nonnull
                                                 SecretKeyRingProtector secretKeyRingProtector,
                                                 @Nullable
                                                 RevocationSignatureSubpackets.Callback subpacketCallback)
                                          throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Revoke the provided user-id. Note: If you don't provide a RevocationSignatureSubpackets.Callback which sets a revocation reason (RevocationAttributes), the revocation might be considered hard. So if you intend to re-certify the user-id at a later point to make it valid again, make sure to set a soft revocation reason in the signatures hashed area using the subpacket callback.
        Specified by:
        revokeUserId in interface SecretKeyRingEditorInterface
        Parameters:
        userId - userid to be revoked
        secretKeyRingProtector - protector to unlock the primary secret key
        subpacketCallback - callback to modify the revocations subpackets
        Returns:
        builder
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a revocation signature for the user-id

      • setExpirationDate

        public SecretKeyRingEditorInterface setExpirationDate​(@Nullable
                                                      java.util.Date expiration,
                                                      @Nonnull
                                                      SecretKeyRingProtector secretKeyRingProtector)
                                               throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Set the expiration date for the primary key of the key ring. If the key is supposed to never expire, then an expiration date of null is expected.
        Specified by:
        setExpirationDate in interface SecretKeyRingEditorInterface
        Parameters:
        expiration - new expiration date or null
        secretKeyRingProtector - to unlock the secret key
        Returns:
        the builder
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a new self-signature with the changed expiration date

      • setExpirationDateOfSubkey

        public SecretKeyRingEditorInterface setExpirationDateOfSubkey​(@Nullable
                                                              java.util.Date expiration,
                                                              long keyId,
                                                              @Nonnull
                                                              SecretKeyRingProtector secretKeyRingProtector)
                                                       throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Set the expiration date for the subkey identified by the given keyId to the given expiration date. If the key is supposed to never expire, then an expiration date of null is expected.
        Specified by:
        setExpirationDateOfSubkey in interface SecretKeyRingEditorInterface
        Parameters:
        expiration - new expiration date of null
        keyId - id of the subkey
        secretKeyRingProtector - to unlock the secret key
        Returns:
        the builder
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a new subkey-binding or self-signature with the changed expiration date

      • createMinimalRevocationCertificate

        public org.bouncycastle.openpgp.PGPPublicKeyRing createMinimalRevocationCertificate​(@Nonnull
                                                                                    SecretKeyRingProtector secretKeyRingProtector,
                                                                                    @Nullable
                                                                                    RevocationAttributes keyRevocationAttributes)
                                                                             throws org.bouncycastle.openpgp.PGPException
        Description copied from interface: SecretKeyRingEditorInterface
        Create a minimal, self-authorizing revocation certificate, containing only the primary key and a revocation signature. This type of revocation certificates was introduced in OpenPGP v6. This method has no side effects on the original key and will leave it intact.
        Specified by:
        createMinimalRevocationCertificate in interface SecretKeyRingEditorInterface
        Parameters:
        secretKeyRingProtector - protector to unlock the primary key.
        keyRevocationAttributes - reason for the revocation (key revocation)
        Returns:
        minimal revocation certificate
        Throws:
        org.bouncycastle.openpgp.PGPException - in case we cannot generate a revocation signature