Class Key
- All Implemented Interfaces:
Cloneable
- Direct Known Subclasses:
KeyForDecryption
,KeyForEncryption
,KeyForSigning
,KeyForVerification
Subkey
s.
A key whose subkeys contain only the public part of their public-key pair
is considered a "public key"; whereas a key whose subkeys contain both
the public part and private part their public-key pair is considered
a "secret key".
A key can be constructed from an armored key text block with the
Key(String)
constructor; or constructed from a key file with the
Key(File)
constructor; or constructed from an input stream
containing a key file (or armored key text block) with the
Key(InputStream)
constructor. A key can also be constructed
as an empty key (Key()
) and the key loaded later —
either via load(String)
, load(File)
, or
load(InputStream)
); or by adding individual Subkey
s
to the list of subkeys that can be accessed via getSubkeys()
.
The purposes for which a key can be used are indicated by these four methods:
isForSigning()
: true if can be used for signing messagesisForVerification()
: true if can be used for verifying messagesisForEncryption()
: true if can be used for encrypting messagesisForDecryption()
: true if can be used for decrypting messages
The subkey to use for each purpose is made available by these four methods:
getSigning()
: subkey to use for signing messages, or nullgetVerification()
: subkey to use for verifying messages, or nullgetEncryption()
: subkey to use for encrypting messages, or nullgetDecryption()
: subkey to use for decrypting messages, or null
You can list the key's user IDs (the human-readable identification
of the key, like "Alice (work) alice@example.com") via the
getUids()
method. When signing with a key that includes multiple
user IDs, you can specify the user ID to embed in the signature
via the setSigningUid(java.lang.String)
method (otherwise this defaults to the first
user ID; also note that when verifying the message, other clients
may ignore this setting, and display an arbitrary user ID,
or all user IDs, as the message signer).
-
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionKey()
Constructs a new empty key.Loads first key from the specified file.Loads first key from the specified file, and sets the passphrase of all subkeys to the specified passphrase.Loads first key from the specified file, and sets the passphrase of all subkeys to the specified passphrase.Key
(InputStream stream) Loads first key from the specified input stream.Key
(InputStream stream, char[] passphraseChars) Loads first key from the specified input stream, and sets the passphrase of all subkeys to the specified passphrase.Key
(InputStream stream, String passphrase) Loads first key from the specified input stream, and sets the passphrase of all subkeys to the specified passphrase.Loads first key from the specified armored text.Loads first key from the specified armored text, and sets the passphrase of all subkeys to the specified passphrase.Loads first key from the specified armored text, and sets the passphrase of all subkeys to the specified passphrase.Constructs a new key with the specified subkeys. -
Method Summary
Modifier and TypeMethodDescriptionvoid
Zeroes-out the cached passphrase for all subkeys, and releases the extracted private key material for garbage collection.clone()
All subkeys for which the specified string is a case-insensitive substring of either: any subkey's full ID (eg "0x1234567890ABCDEF") any subkey's fingerprint (eg "1234567890ABCDEF1234567890ABCDEF12345678") any one of any subkey's user IDs (eg "Alice (work) <alice@example.com>")All subkeys for which the specified pattern matches any part of either: any subkey's full ID (eg "0x1234567890ABCDEF") any subkey's fingerprint (eg "1234567890ABCDEF1234567890ABCDEF12345678") any one of any subkey's user IDs (eg "Alice (work) <alice@example.com>")Subkey with the specified full ID, or null.Last subkey that can decrypt, or null.Last subkey that can encrypt, or null.First subkey or null.Last subkey that can sign, or null.User ID to use for signing, or empty string.All subkeys, or an empty list.getUids()
User ID strings for master subkey (ex ["My Name (comment) <me@example.com>"]).Last subkey that can verify, or null.boolean
True if any subkey can be used for decryption.boolean
True if any subkey can be used for encryption.boolean
True if any subkey can be used for signing.boolean
True if any subkey can be used for verification.void
Loads first key from the specified file.void
load
(InputStream stream) Loads first key from the specified input stream.void
Loads first key from the specified armored text.boolean
True if the string is a case-insensitive substring of either: any subkey's full ID (eg "0x1234567890ABCDEF") any subkey's fingerprint (eg "1234567890ABCDEF1234567890ABCDEF12345678") any one of any subkey's user IDs (eg "Alice (work) <alice@example.com>")boolean
True if the specified pattern matches any part of either: any subkey's full ID (eg "0x1234567890ABCDEF") any subkey's fingerprint (eg "1234567890ABCDEF1234567890ABCDEF12345678") any one of any subkey's user IDs (eg "Alice (work) <alice@example.com>")protected Ring
newRing()
void
setNoPassphrase
(boolean x) True to flag all subkeys as needing no passphrase to unlock; false to require a passphrase to be (re-)set on all subkeys.void
Sets the passphrase of all subkeys.void
setPassphraseChars
(char[] x) Sets the passphrase of all subkeys.void
User ID to use for signing, or empty string.protected void
setSubkeys
(List<Subkey> x) All subkeys, or an empty list.Creates a copy of this with only the public parts of the key.toString()
Display string for the key, including each subkey's usage flags, short ID, and user IDs.
-
Field Details
-
NO_PASSPHRASE
Use this value to set the passphrase of a passphrase-less key. -
signingUid
-
subkeys
-
-
Constructor Details
-
Key
public Key()Constructs a new empty key. -
Key
Constructs a new key with the specified subkeys. -
Key
Loads first key from the specified armored text.- Throws:
org.bouncycastle.openpgp.PGPException
- if the text contains no keys.IOException
-
Key
public Key(String armor, char[] passphraseChars) throws IOException, org.bouncycastle.openpgp.PGPException Loads first key from the specified armored text, and sets the passphrase of all subkeys to the specified passphrase.- Throws:
org.bouncycastle.openpgp.PGPException
- if the text contains no keys.IOException
-
Key
public Key(String armor, String passphrase) throws IOException, org.bouncycastle.openpgp.PGPException Loads first key from the specified armored text, and sets the passphrase of all subkeys to the specified passphrase. PreferKey(String, char[])
to avoid creating extra copies of the passphrase in memory that cannot be cleaned up.- Throws:
org.bouncycastle.openpgp.PGPException
- if the text contains no keys.IOException
-
Key
Loads first key from the specified file.- Throws:
org.bouncycastle.openpgp.PGPException
- if the file contains no keys.IOException
-
Key
public Key(File file, char[] passphraseChars) throws IOException, org.bouncycastle.openpgp.PGPException Loads first key from the specified file, and sets the passphrase of all subkeys to the specified passphrase.- Throws:
org.bouncycastle.openpgp.PGPException
- if the file contains no keys.IOException
-
Key
Loads first key from the specified file, and sets the passphrase of all subkeys to the specified passphrase. PreferKey(File, char[])
to avoid creating extra copies of the passphrase in memory that cannot be cleaned up.- Throws:
org.bouncycastle.openpgp.PGPException
- if the file contains no keys.IOException
-
Key
Loads first key from the specified input stream.- Throws:
org.bouncycastle.openpgp.PGPException
- if the input streame contains no keys.IOException
-
Key
public Key(InputStream stream, char[] passphraseChars) throws IOException, org.bouncycastle.openpgp.PGPException Loads first key from the specified input stream, and sets the passphrase of all subkeys to the specified passphrase.- Throws:
org.bouncycastle.openpgp.PGPException
- if the input streame contains no keys.IOException
-
Key
public Key(InputStream stream, String passphrase) throws IOException, org.bouncycastle.openpgp.PGPException Loads first key from the specified input stream, and sets the passphrase of all subkeys to the specified passphrase. PreferKey(InputStream, char[])
to avoid creating extra copies of the passphrase in memory that cannot be cleaned up.- Throws:
org.bouncycastle.openpgp.PGPException
- if the input streame contains no keys.IOException
-
-
Method Details
-
toPublicKey
Creates a copy of this with only the public parts of the key.- Throws:
org.bouncycastle.openpgp.PGPException
-
toString
Display string for the key, including each subkey's usage flags, short ID, and user IDs. -
clone
-
setPassphraseChars
public void setPassphraseChars(char[] x) Sets the passphrase of all subkeys.- See Also:
-
setPassphrase
Sets the passphrase of all subkeys. PrefersetPassphraseChars(char[])
to avoid creating extra copies of the passphrase in memory that cannot be cleaned up.- See Also:
-
setNoPassphrase
public void setNoPassphrase(boolean x) True to flag all subkeys as needing no passphrase to unlock; false to require a passphrase to be (re-)set on all subkeys. -
getUids
User ID strings for master subkey (ex ["My Name (comment) <me@example.com>"]). -
getSigningUid
User ID to use for signing, or empty string. By default, this is first user ID listed by the master subkey. -
setSigningUid
User ID to use for signing, or empty string. -
isForSigning
public boolean isForSigning()True if any subkey can be used for signing. -
isForVerification
public boolean isForVerification()True if any subkey can be used for verification. -
isForEncryption
public boolean isForEncryption()True if any subkey can be used for encryption. -
isForDecryption
public boolean isForDecryption()True if any subkey can be used for decryption. -
getMaster
First subkey or null. -
getSigning
Last subkey that can sign, or null. -
getVerification
Last subkey that can verify, or null. -
getEncryption
Last subkey that can encrypt, or null. -
getDecryption
Last subkey that can decrypt, or null. -
getSubkeys
All subkeys, or an empty list. -
setSubkeys
All subkeys, or an empty list. -
findById
Subkey with the specified full ID, or null. -
findAll
All subkeys for which the specified string is a case-insensitive substring of either:- any subkey's full ID (eg "0x1234567890ABCDEF")
- any subkey's fingerprint (eg "1234567890ABCDEF1234567890ABCDEF12345678")
- any one of any subkey's user IDs (eg "Alice (work) <alice@example.com>")
So for example, a string "0x1234" would match the above full ID; a string "90ab" would match the above fingerprint; and a string "alice (work)" would match the above user ID.
-
findAll
All subkeys for which the specified pattern matches any part of either:- any subkey's full ID (eg "0x1234567890ABCDEF")
- any subkey's fingerprint (eg "1234567890ABCDEF1234567890ABCDEF12345678")
- any one of any subkey's user IDs (eg "Alice (work) <alice@example.com>")
So for example, a pattern /0x1234/ would match the above full ID; a pattern /(?i)90ab/ would match the above fingerprint; and a pattern /Alice .work./ would match the above user ID.
-
matches
True if the string is a case-insensitive substring of either:- any subkey's full ID (eg "0x1234567890ABCDEF")
- any subkey's fingerprint (eg "1234567890ABCDEF1234567890ABCDEF12345678")
- any one of any subkey's user IDs (eg "Alice (work) <alice@example.com>")
So for example, a string "0x1234" would match the above full ID; a string "90ab" would match the above fingerprint; and a string "alice (work)" would match the above user ID.
-
matches
True if the specified pattern matches any part of either:- any subkey's full ID (eg "0x1234567890ABCDEF")
- any subkey's fingerprint (eg "1234567890ABCDEF1234567890ABCDEF12345678")
- any one of any subkey's user IDs (eg "Alice (work) <alice@example.com>")
So for example, a pattern /0x1234/ would match the above full ID; a pattern /(?i)90ab/ would match the above fingerprint; and a pattern /Alice .work./ would match the above user ID.
-
clearSecrets
public void clearSecrets()Zeroes-out the cached passphrase for all subkeys, and releases the extracted private key material for garbage collection. Note that ifsetPassphrase(java.lang.String)
is used to access the passphrase, the passphrase data cannot be zeroed (so instead usesetPassphraseChars(char[])
). -
load
Loads first key from the specified armored text.- Throws:
org.bouncycastle.openpgp.PGPException
- if the text contains no keys.IOException
-
load
Loads first key from the specified file.- Throws:
org.bouncycastle.openpgp.PGPException
- if the file contains no keys.IOException
-
load
Loads first key from the specified input stream.- Throws:
org.bouncycastle.openpgp.PGPException
- if the input streame contains no keys.IOException
-
newRing
-