Skip to content

VerifyingFiles

Jump to bottom
Justin Ludwig edited this page Jul 4, 2016 · 2 revisions

Verifying Files

JPGPJ automatically attempts to verify the signature of messages with the keys on the Decryptor object's key ring, and raise a VerificationException if a message is not signed or if its signature cannot be verified with at least one key. See DecryptingFiles for basic decryption and verification usage.

Verification Without Decryption

If a message has been signed but not encrypted, the Decryptor.decrypt() method will simply attempt to verify that the message was correctly signed with at least one of the keys on its ring with a subkey flagged as forVerification. By default, all the keys on a Decryptor object's ring are flagged as forVerification. If a message was encrypted, it cannot be verified without also decrypting it (if you want to simply verify the signature of an encrypted message, you just decrypt it and ignore the decrypted content).

Limiting the decryption keys

To allow only a subset of the keys on a ring to be used for decryption, either A) supply just the public key and not the secret key for any keys for which you don't want to attempt to decrypt the message (like in this example, load the full secret key for Alice, but just the public key for Bob):

Decryptor decryptor = new Decryptor(
    new Key(new File("/path/to/alice-sec.gpg"), "password123"),
    new Key(new File("/path/to/bob-pub.gpg"))
);

Or B) supply the passphrase just for the secret keys for which you want to attempt to decrypt (like in this example, load the secret keys for both Alice and Bob, but supply the passphrase only for Alice):

Decryptor decryptor = new Decryptor(
    new Key(new File("/path/to/alice-sec.gpg"), "password123"),
    new Key(new File("/path/to/bob-sec.gpg"))
);

Or C) extract just the public parts of any secret keys for which you don't want to attempt to decrypt (like in this example, load the secret keys for both Alice and Bob, but use just the public part for Bob):

Decryptor decryptor = new Decryptor(
    new Key(new File("/path/to/alice-sec.gpg"), "password123"),
    new Key(new File("/path/to/bob-sec.gpg"), "b0bru1z!").toPublicKey()
);

Or D) explicitly turn off the forDecryption flags of any secret keys for which you don't want to attempt to decrypt (like in this example, load the secret keys for both Alice and Bob, but turn off the forDecryption flag for Bob):

Decryptor decryptor = new Decryptor(
    new Key(new File("/path/to/alice-sec.gpg"), "password123"),
    new Key(new File("/path/to/bob-sec.gpg"), "b0bru1z!")
);
for (Key key: decryptor.getRing().findAll("bob"))
    for (Subkey subkey: key.getSubkeys())
        subkey.setForDecryption(false);
decryptor.decrypt(
    new File("path/to/ciphertext.txt.gpg"),
    new File("path/to/plaintext.txt")
);

See KeyRings#Setting Usage Flags for further details on subkey usage flags.

Detached Signatures

JPGPJ does not support verifying detached signatures (signed messages that do not embed the signed content within the message itself).

Clear Signing

JPGPJ does not support verifying clear-signed messages (a simplified sign-only message format, particularly useful for email).

Supported Verification Algorithms

JPGPJ can handle signatures made with any of the hashing algorithms specified in RFC 4880:

  • MD5
  • SHA1
  • RIPEMD160
  • SHA256
  • SHA384
  • SHA512
  • SHA224
Clone this wiki locally