Allow third option between required verification and no verification
that records signature metadata and attempts to verify signatures,
but does not raise any verification exceptions.
To use this new third option, set decryptor verificationType property
to Optional:
List<FileMetadata.Signature> signatures =
new Decryptor(
new Key(new File("path/to/my/keys/alice-pub.gpg")),
new Key(new File("path/to/my/keys/bob-sec.gpg"), "b0bru1z!")
)
.withVerificationType(Decryptor.VerificationType.Optional)
.decrypt(
new File("path/to/ciphertext.txt.gpg"),
new File("path/back-to/plaintext.txt")
)
.getSignatures();
// for example, to reject messages with any unverified signatures
for (FileMetadata.Signature signature : signatures)
if (!signature.isVerified())
throw new VerificationException("unverified signature for key "
+ signature.getKeyId());
// for example, to require at least 2 verified signatures
int verified = 0;
for (FileMetadata.Signature signature : signatures)
if (signature.isVerified())
verified++;
if (verified < 2)
throw new VerificationException("requires 2 verified signatures");
During the decryption process, the internal implementation of the
decryptor used to always create a list of verifiers for every known key
used to sign a message, but skip creating verifiers for unknown or
unusable keys. Now it:
skips creating verifiers entirely when the verification type is None
creates verifiers even for unknown/unusable keys when the verification
type is not None
skips verifiers for unknown/unusable keys when running the
verification logic
It uses the verifiers for unknown/unusable keys (along with known keys)
to populate the FileMetadata signatures list at the final step of the
verification process.
Allow third option between required verification and no verification that records signature metadata and attempts to verify signatures, but does not raise any verification exceptions.
To use this new third option, set decryptor
verificationType
property toOptional
:During the decryption process, the internal implementation of the decryptor used to always create a list of verifiers for every known key used to sign a message, but skip creating verifiers for unknown or unusable keys. Now it:
None
None
It uses the verifiers for unknown/unusable keys (along with known keys) to populate the
FileMetadata
signatures list at the final step of the verification process.