The current OpenPGP standard uses key pairs with RSA, DH/DSS, and ECC asymmetric encryption keys. In this chapter, we are going to generate an RSA key pair with DidiSoft OpenPGP Library for .NET.
Each OpenPGP key pair contains additional information which we have to specify upfront:
- User ID of the key owner, usually in the form “Person name or Organization name <owners_email@website>“
- Size in bits of the encryption key (must be over 1024 and up to 4096)
- list of preferred symmetric encryption algorithms
- list of preferred hash algorithms
- list of preferred compression algorithms
- key expiration date (if the key will be with a time-limited use)
The original PGP(r) software uses a naming convention for delimiting the email in the User ID label with < and > like: “Richard C. <richard.c@site.com>”
Generate RSA based OpenPGP key pair
Below is a short example program that shows how to generate an RSA OpenPGP key pair in a KeyStore object.
C# example
using System; using DidiSoft.Pgp; public class GenerateKeyPairRSA { public void Test() ( // initialize the key store where the generated key // will be produced, if the file does not exist // it will be created KeyStore ks = new KeyStore(@"c:\key.store", "key store password"); String userId = "RSA Demo demo@didisoft.com"; // Preferred symmetric key algorithms for this key CypherAlgorithm[] cypher = { CypherAlgorithm.CAST5, CypherAlgorithm.AES_128 }; // Preferred digital signature (hash) algorithms for this key HashAlgorithm[] hashing = { HashAlgorithm.SHA1, HashAlgorithm.MD5, HashAlgorithm.SHA256 }; // Preferred compression algorithms for this key CompressionAlgorithm[] compression = { CompressionAlgorithm.ZIP, CompressionAlgorithm.UNCOMPRESSED}; int keySizeInBits = 2048; ks.GenerateKeyPair(keySizeInBits, userId, KeyAlgorithm.RSA, "private key password", compression, hashing, cypher); // Now we can use the key from the KeyStore or export it ) } |
VB.NET example
Imports System Imports DidiSoft.Pgp Public Class GenerateKeyPairRSA Public Sub Test() ' initialize the key store where the generated key ' will be produced, if the file does not exist ' it will be created Dim ks As New KeyStore("c:\key.store", _ "key store password") Dim userId As String = "RSA Demo demo@didisoft.com" ' Preferred symmetric key algorithms for this key Dim cypher As CypherAlgorithm() = {CypherAlgorithm.CAST5, _ CypherAlgorithm.AES_128} ' Preferred digital signature algorithms for this key Dim hashing As HashAlgorithm() = {HashAlgorithm.SHA1, _ HashAlgorithm.MD5, _ HashAlgorithm.SHA256} ' Preferred compression algorithms for this key Dim compression As CompressionAlgorithm() = _ {CompressionAlgorithm.ZIP, _ CompressionAlgorithm.UNCOMPRESSED} Dim keySizeInBits As Int = 2048 ks.GenerateKeyPair(keySizeInBits, _ userId, _ KeyAlgorithm.RSA, _ "private key password", _ compression, _ hashing, _ cypher) ' Now we can use the key from the KeyStore or export it End Sub End Class |
The above code generates a key pair that does not expire. An overloaded method exists that accepts an expiration date as the last parameter. A key pair can also be generated without using a KeyStore, through a similar method in the PGPKeyPair class.
After the key pair is generated it can be exported. Usually, we will send the public key part of it to our partners.
Below is a screenshot of the key properties after the key is imported in PGP (r) Desktop version 10. Please note that in our example above we have omitted the < > around the email part of the User ID and that’s why PGP(r) displays the name and email part of the User ID together.
Async support
In order to create a key pair asynchronously, we have to use the DidiSoft.Pgp.KeyStoreAsync class which provides the same key creation methods with Async suffixes.
Summary
In this chapter, we have discussed RSA OpenPGP key generation with DidiSoft OpenPGP Library for .NET.
You may also consider reading DH/DSS OpenPGP key pair generation, ECC key pair generation, keys exporting and importing.
Example application
In the library installation folder under the Examples subfolder, you can find the project KeyToolCS (KeyToolVB for VB.NET), a demo WinForms application that illustrates OpenPGP key generation as well as many other operations that can be performed over OpenPGP keys.
List of methods used:
KeyStore.GenerateKeyPair
KeyStore.GenerateRsaKeyPair