Document Signature Subpacket classes

Author: vanitasvitae

pg/src/main/java/org/bouncycastle/bcpg/attr/ImageAttribute.java

@@ -7,7 +7,12 @@
 import org.bouncycastle.bcpg.UserAttributeSubpacketTags;
 
 /**
- * Basic type for a image attribute packet.
+ * User-Attribute Subpacket used to encode an image, e.g. the user's avatar.
+ *
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4880#section-5.12.1">
+ *     RFC4880 - Image Attribute Subpacket</a>
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-the-image-attribute-subpack">
+ *     C-R - Image Attribute Subpacket</a>
  */
 public class ImageAttribute 
     extends UserAttributeSubpacket

pg/src/main/java/org/bouncycastle/bcpg/sig/EmbeddedSignature.java

@@ -4,7 +4,15 @@
 import org.bouncycastle.bcpg.SignatureSubpacketTags;
 
 /**
- * Packet embedded signature
+ * Signature Subpacket for embedding one Signature into another.
+ * This packet is used e.g. for embedding a primary-key binding signature
+ * ({@link org.bouncycastle.openpgp.PGPSignature#PRIMARYKEY_BINDING}) into a subkey-binding signature
+ * ({@link org.bouncycastle.openpgp.PGPSignature#SUBKEY_BINDING}) for a signing-capable subkey.
+ *
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4880#section-5.2.3.26">
+ *     RFC4880 - Embedded Signature</a>
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-embedded-signature">
+ *     C-R: Embedded Signature</a>
  */
 public class EmbeddedSignature
     extends SignatureSubpacket

pg/src/main/java/org/bouncycastle/bcpg/sig/Exportable.java

@@ -4,7 +4,13 @@
 import org.bouncycastle.bcpg.SignatureSubpacketTags;
 
 /**
- * packet giving signature creation time.
+ * Signature Subpacket for marking a signature as exportable or non-exportable.
+ * Non-exportable signatures are not intended to be published.
+ *
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4880#section-5.2.3.11">
+ *     Exportable Certification</a>
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-exportable-certification">
+ *     C-R - Exportable Certification</a>
  */
 public class Exportable 
     extends SignatureSubpacket

pg/src/main/java/org/bouncycastle/bcpg/sig/Features.java

@@ -3,6 +3,14 @@
 import org.bouncycastle.bcpg.SignatureSubpacket;
 import org.bouncycastle.bcpg.SignatureSubpacketTags;
 
+/**
+ * Signature Subpacket encoding, which features are supported by the key-holders implementation.
+ *
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4880#section-5.2.3.24">
+ *     RFC4880 - Features</a>
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-features">
+ *     C-R - Features</a>
+ */
 public class Features
     extends SignatureSubpacket
 {

pg/src/main/java/org/bouncycastle/bcpg/sig/IntendedRecipientFingerprint.java

@@ -5,7 +5,11 @@
 import org.bouncycastle.util.Arrays;
 
 /**
- * packet giving the intended recipient fingerprint.
+ * Signature Subpacket containing the fingerprint of the intended recipients primary key.
+ * This packet can be used to prevent malicious forwarding/replay attacks.
+ *
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-intended-recipient-fingerpr">
+ *     C-R - Intended Recipient Fingerprint</a>
  */
 public class IntendedRecipientFingerprint
     extends SignatureSubpacket

pg/src/main/java/org/bouncycastle/bcpg/sig/IssuerFingerprint.java

@@ -7,7 +7,11 @@
 import org.bouncycastle.util.Arrays;
 
 /**
- * packet giving the issuer key fingerprint.
+ * Signature Subpacket containing the fingerprint of the issuers signing (sub-) key.
+ * This packet supersedes the {@link IssuerKeyID} subpacket.
+ *
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-issuer-fingerprint">
+ *     C-R - Issuer Fingerprint</a>
  */
 public class IssuerFingerprint
     extends SignatureSubpacket

pg/src/main/java/org/bouncycastle/bcpg/sig/IssuerKeyID.java

@@ -5,7 +5,14 @@
 import org.bouncycastle.bcpg.SignatureSubpacketTags;
 
 /**
- * packet giving the issuer key ID.
+ * Signature Subpacket containing the key-id of the issuers signing (sub-) key.
+ * If the version of that key is greater than 4, this subpacket MUST NOT be included in the signature.
+ * For these keys, consider the {@link IssuerFingerprint} subpacket instead.
+ *
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4880#section-5.2.3.5">
+ *     RFC4880 - Issuer</a>
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-issuer-key-id">
+ *     C-R - Issuer Key ID</a>
  */
 public class IssuerKeyID 
     extends SignatureSubpacket

pg/src/main/java/org/bouncycastle/bcpg/sig/KeyExpirationTime.java

@@ -4,7 +4,13 @@
 import org.bouncycastle.bcpg.SignatureSubpacketTags;
 
 /**
- * packet giving time after creation at which the key expires.
+ * Signature Subpacket containing the number of seconds after the key's creation date, after which the key expires.
+ * The special value of {@code 0} means that the key never expires.
+ *
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4880#section-5.2.3.6">
+ *     RFC4880 - Key Expiration Time</a>
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-key-expiration-time">
+ *     C-R - Key Expiration Time</a>
  */
 public class KeyExpirationTime 
     extends SignatureSubpacket

pg/src/main/java/org/bouncycastle/bcpg/sig/KeyFlags.java

@@ -4,17 +4,50 @@
 import org.bouncycastle.bcpg.SignatureSubpacketTags;
 
 /**
- * Packet holding the key flag values.
+ * Signature Subpacket encoding the capabilities / intended uses of a key.
+ *
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4880#section-5.2.3.21">
+ *     RFC4880 - Key Flags</a>
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-key-flags">
+ *     C-R - Key Flags</a>
  */
 public class KeyFlags 
     extends SignatureSubpacket
 {
+    /**
+     * This key may be used to make User ID certifications (signature type IDs 0x10-0x13)
+     * or direct key signatures (signature type ID 0x1F) over other peoples keys.
+     */
     public static final int CERTIFY_OTHER = 0x01;
+
+    /**
+     * This key may be used to sign data.
+     */
     public static final int SIGN_DATA = 0x02;
+
+    /**
+     * This key may be used to encrypt communications.
+     */
     public static final int ENCRYPT_COMMS = 0x04;
+
+    /**
+     * This key may be used to encrypt storage.
+     */
     public static final int ENCRYPT_STORAGE = 0x08;
+
+    /**
+     * The private component of this key may have been split by a secret-sharing mechanism.
+     */
     public static final int SPLIT = 0x10;
+
+    /**
+     * This key may be used for authentication.
+     */
     public static final int AUTHENTICATION = 0x20;
+
+    /**
+     * The private component of this key may be in the possession of more than one person.
+     */
     public static final int SHARED = 0x80;
 
     private static byte[] intToByteArray(

pg/src/main/java/org/bouncycastle/bcpg/sig/NotationData.java

@@ -7,8 +7,13 @@
 import org.bouncycastle.util.Strings;
 
 /**
- * Class provided a NotationData object according to
- * RFC2440, Chapter 5.2.3.15. Notation Data
+ * Signature Subpacket encoding custom notations.
+ * Notations are key-value pairs.
+ *
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4880#section-5.2.3.16">
+ *     RFC4880 - Notation Data</a>
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-notation-data">
+ *     C-R - Notation Data</a>
  */
 public class NotationData
     extends SignatureSubpacket