This chapter demonstrates how to generate an RSA based OpenPGP key pair with OpenPGP Library for Java.
When we create an OpenPGP key pair, a few parameters must be passed. These include:
- Encryption key size in bytes (recommended between 1024 and 3072)
- User ID
- key algorithm (RSA or ELGAMAL)
- private key password
- list of preferred compression algorithms
- list of preferred signature hash algorithms
- list of preferred symmetric encryption algorithms
- key expiration date (optional)
One note regarding the naming convention for the User ID parameter. The original PGP(r) software is delimiting the email in the User ID with < and > like : “Richard C. <richard.c@site.com>”
An overloaded method exists that accepts the key expiration date as the last parameter.
Table of Contents
1. Key generation with a KeyStore
1. Key generation example
import com.didisoft.pgp.*; public class GenerateKeyPairRSA { public static void main(String[] args) throws PGPException { // initialize the KeyStore where the key will be generated KeyStore ks = new KeyStore("pgp.keystore", "changeit"); String keyAlgorithm = KeyAlgorithm.RSA; // user Id for the key pair String userId = "demo2@didisoft.com"; // preferred hashing algorithms String[] hashingAlgorithms = new String[] {HashAlgorithm.SHA1, HashAlgorithm.SHA256, HashAlgorithm.SHA384, HashAlgorithm.SHA512, HashAlgorithm.MD5}; // preferred compression algorithms String[] compressions = new String[] {CompressionAlgorithm.ZIP, CompressionAlgorithm.ZLIB, CompressionAlgorithm.UNCOMPRESSED}; // preferred symmetric key algorithms String[] cyphers = new String[] {CypherAlgorithm.CAST5, CypherAlgorithm.AES_128, CypherAlgorithm.AES_192, CypherAlgorithm.AES_256, CypherAlgorithm.TWOFISH}; String privateKeyPassword = "changeit"; int keySizeInBytes = 2048; ks.generateKeyPair(keySizeInBytes, userId, keyAlgorithm, privateKeyPassword, compressions, hashingAlgorithms, cyphers); } } |
After the key pair is generated usually we will export the public key and send it to our partners.
Below is a screenshot of the generated key properties when we open it with PGP (r) 10:
2. Key generation directly
We can avoid the use of a KeyStore class and generate a key pair in the memory in a PGPKeyPair object. In that case we also have to export it afterwards.
import com.didisoft.pgp.*; public class GenerateKeyPairRSA { public static void main(String[] args) throws PGPException { String keyAlgorithm = KeyAlgorithm.RSA; // user Id for the key pair String userId = "demo2@didisoft.com"; // preferred hashing algorithms String[] hashingAlgorithms = new String[] {HashAlgorithm.SHA1, HashAlgorithm.SHA256, HashAlgorithm.SHA384, HashAlgorithm.SHA512, HashAlgorithm.MD5}; // preferred compression algorithms String[] compressions = new String[] {CompressionAlgorithm.ZIP, CompressionAlgorithm.ZLIB, CompressionAlgorithm.UNCOMPRESSED}; // preferred symmetric key algorithms String[] cyphers = new String[] {CypherAlgorithm.CAST5, CypherAlgorithm.AES_128, CypherAlgorithm.AES_192, CypherAlgorithm.AES_256, CypherAlgorithm.TWOFISH}; String privateKeyPassword = "changeit"; int keySizeInBytes = 2048; // expiration date, pass 0 for no expiration long expiresAfterDays = 365; PGPKeyPair keypair = PGPKeyPair.generateKeyPair(keySizeInBytes, userId, keyAlgorithm, privateKeyPassword, compressions, hashingAlgorithms, cyphers, expiresAfterDays); // keypair.export... } } |
3. Exception Handling
The key pair generation methods simply throw com.didisoft.pgp.PGPException in case the key generation fails.
Summary
This chapter demonstrated how to generate an RSA OpenPGP key pair with DidiSoft OpenPGP Library for Java.
