Class Policy

Method Details

• getInstance

  public static Policy getInstance()

  Return the singleton instance of PGPainless' policy.

  Returns:

  singleton instance

• getSignatureHashAlgorithmPolicy

  public Policy.HashAlgorithmPolicy getSignatureHashAlgorithmPolicy()

  Return the hash algorithm policy for signatures.

  Returns:

  hash algorithm policy

• setSignatureHashAlgorithmPolicy

  public void setSignatureHashAlgorithmPolicy(Policy.HashAlgorithmPolicy policy)

  Set a custom hash algorithm policy for signatures.

  Parameters:

  policy - custom policy

• getRevocationSignatureHashAlgorithmPolicy

  public Policy.HashAlgorithmPolicy getRevocationSignatureHashAlgorithmPolicy()

  Return the hash algorithm policy for revocations. This policy is separate from getSignatureHashAlgorithmPolicy(), as PGPainless by default uses a less strict policy when it comes to acceptable algorithms.

  Returns:

  revocation signature hash algorithm policy

• setRevocationSignatureHashAlgorithmPolicy

  public void setRevocationSignatureHashAlgorithmPolicy(Policy.HashAlgorithmPolicy policy)

  Set a custom hash algorithm policy for revocations.

  Parameters:

  policy - custom policy

• getSymmetricKeyEncryptionAlgorithmPolicy

  public Policy.SymmetricKeyAlgorithmPolicy getSymmetricKeyEncryptionAlgorithmPolicy()

  Return the symmetric encryption algorithm policy for encryption. This policy defines which symmetric algorithms are acceptable when producing encrypted messages.

  Returns:

  symmetric algorithm policy for encryption

• getSymmetricKeyDecryptionAlgorithmPolicy

  public Policy.SymmetricKeyAlgorithmPolicy getSymmetricKeyDecryptionAlgorithmPolicy()

  Return the symmetric encryption algorithm policy for decryption. This policy defines which symmetric algorithms are acceptable when decrypting encrypted messages.

  Returns:

  symmetric algorithm policy for decryption

• setSymmetricKeyEncryptionAlgorithmPolicy

  public void setSymmetricKeyEncryptionAlgorithmPolicy(Policy.SymmetricKeyAlgorithmPolicy policy)

  Set a custom symmetric encryption algorithm policy for encrypting messages.

  Parameters:

  policy - custom policy

• setSymmetricKeyDecryptionAlgorithmPolicy

  public void setSymmetricKeyDecryptionAlgorithmPolicy(Policy.SymmetricKeyAlgorithmPolicy policy)

  Set a custom symmetric encryption algorithm policy for decrypting messages.

  Parameters:

  policy - custom policy

• getCompressionAlgorithmPolicy

  public Policy.CompressionAlgorithmPolicy getCompressionAlgorithmPolicy()

• setCompressionAlgorithmPolicy

  public void setCompressionAlgorithmPolicy(Policy.CompressionAlgorithmPolicy policy)

• getPublicKeyAlgorithmPolicy

  public Policy.PublicKeyAlgorithmPolicy getPublicKeyAlgorithmPolicy()

  Return the current public key algorithm policy.

  Returns:

  public key algorithm policy

• setPublicKeyAlgorithmPolicy

  public void setPublicKeyAlgorithmPolicy(Policy.PublicKeyAlgorithmPolicy publicKeyAlgorithmPolicy)

  Set a custom public key algorithm policy.

  Parameters:

  publicKeyAlgorithmPolicy - custom policy

• getNotationRegistry

  public NotationRegistry getNotationRegistry()

  Return the NotationRegistry of PGPainless. The notation registry is used to decide, whether a Notation is known or not. Background: Critical unknown notations render signatures invalid.

  Returns:

  Notation registry

• getKeyGenerationAlgorithmSuite

  @Nonnull public AlgorithmSuite getKeyGenerationAlgorithmSuite()

  Return the current AlgorithmSuite which defines preferred algorithms used during key generation.

  Returns:

  current algorithm suite

• setKeyGenerationAlgorithmSuite

  public void setKeyGenerationAlgorithmSuite(@Nonnull AlgorithmSuite algorithmSuite)

  Set a custom AlgorithmSuite which defines preferred algorithms used during key generation.

  Parameters:

  algorithmSuite - custom algorithm suite

• getSignerUserIdValidationLevel

  public Policy.SignerUserIdValidationLevel getSignerUserIdValidationLevel()

  Return the level of validation PGPainless shall do on SignerUserID subpackets. By default, this value is Policy.SignerUserIdValidationLevel.DISABLED.

  Returns:

  the level of validation

• setSignerUserIdValidationLevel

  public Policy setSignerUserIdValidationLevel(Policy.SignerUserIdValidationLevel signerUserIdValidationLevel)

  Specify, how SignerUserID subpackets on signatures shall be validated.

  Parameters:

  signerUserIdValidationLevel - level of verification PGPainless shall do on SignerUserID subpackets.

  Returns:

  policy instance

• setEnableKeyParameterValidation

  public Policy setEnableKeyParameterValidation(boolean enable)

  Enable or disable validation of public key parameters when unlocking private keys. Disabled by default. When enabled, PGPainless will validate, whether public key parameters have been tampered with. This is a countermeasure against possible attacks described in the paper "Victory by KO: Attacking OpenPGP Using Key Overwriting" by Lara Bruseghini, Daniel Huigens, and Kenneth G. Paterson. Since these attacks are only possible in very special conditions (attacker has access to the encrypted private key), and the countermeasures are very costly, they are disabled by default, but can be enabled using this method.

  Parameters:

  enable - boolean

  Returns:

  this

  See Also:

  • KOpenPGP.com

• isEnableKeyParameterValidation

  public boolean isEnableKeyParameterValidation()

  Return true, if countermeasures against the KOpenPGP attacks are enabled, false otherwise.

  Returns:

  true if countermeasures are enabled, false otherwise.