Generate RSA pgp key with C# and VB.NET

The current OpenPGP standard uses key pairs with RSA, DH/DSS, and ECC asymmetric encryption keys. In this chapter, we are going to generate an RSA key pair with DidiSoft OpenPGP Library for .NET.

Each OpenPGP key pair contains additional information which we have to specify upfront:

  • User ID of the key owner, usually in the form “Person name or Organization name <owners_email@website>
  • Size in bits of the encryption key (must be over 1024 and up to 4096)
  • list of preferred symmetric encryption algorithms
  • list of preferred hash algorithms
  • list of preferred compression algorithms
  • key expiration date (if the key will be with a time-limited use)

The original PGP(r) software uses a naming convention for delimiting the email in the User ID label with < and > like: “Richard C. <richard.c@site.com>”

Generate RSA based OpenPGP key pair

Below is a short example program that shows how to generate an RSA OpenPGP key pair in a KeyStore object.

C# example

using System;
using DidiSoft.Pgp;
 
public class GenerateKeyPairRSA
{
  public void Test()
  (
    // initialize the key store where the generated key
    // will be produced, if the file does not exist
    // it will be created
    KeyStore ks = new KeyStore(@"c:\key.store",
                              "key store password");
 
    String userId = "RSA Demo demo@didisoft.com";
 
    // Preferred symmetric key algorithms for this key
    CypherAlgorithm[] cypher = { CypherAlgorithm.CAST5,
                                 CypherAlgorithm.AES_128 };
 
    // Preferred digital signature (hash) algorithms for this key
    HashAlgorithm[] hashing = { HashAlgorithm.SHA1,
                              HashAlgorithm.MD5,
			      HashAlgorithm.SHA256 };
 
    // Preferred compression algorithms for this key
    CompressionAlgorithm[] compression =
	            { CompressionAlgorithm.ZIP,
		     CompressionAlgorithm.UNCOMPRESSED};
 
    int keySizeInBits = 2048;
    ks.GenerateKeyPair(keySizeInBits, 
                   userId,
                   KeyAlgorithm.RSA,
		   "private key password",
	           compression,
		   hashing,
		   cypher);
 
    // Now we can use the key from the KeyStore or export it 
 )
}

VB.NET example

Imports System
Imports DidiSoft.Pgp
 
Public Class GenerateKeyPairRSA
  Public Sub Test()
   ' initialize the key store where the generated key
   ' will be produced, if the file does not exist
   ' it will be created
   Dim ks As New KeyStore("c:\key.store", _
                          "key store password")
 
   Dim userId As String = "RSA Demo demo@didisoft.com"
 
   ' Preferred symmetric key algorithms for this key
   Dim cypher As CypherAlgorithm() = {CypherAlgorithm.CAST5, _
                                      CypherAlgorithm.AES_128}
 
   ' Preferred digital signature algorithms for this key
   Dim hashing As HashAlgorithm() = {HashAlgorithm.SHA1, _
                                     HashAlgorithm.MD5, _
                                     HashAlgorithm.SHA256}
 
   ' Preferred compression algorithms for this key
   Dim compression As CompressionAlgorithm() = _
                     {CompressionAlgorithm.ZIP, _
                     CompressionAlgorithm.UNCOMPRESSED}
 
   Dim keySizeInBits As Int = 2048
   ks.GenerateKeyPair(keySizeInBits, _
                userId, _
		KeyAlgorithm.RSA, _
		"private key password", _
		compression, _
		hashing, _
		cypher)
 
    ' Now we can use the key from the KeyStore or export it 
 End Sub
End Class

The above code generates a key pair that does not expire. An overloaded method exists that accepts an expiration date as the last parameter. A key pair can also be generated without using a KeyStore, through a similar method in the PGPKeyPair class.

After the key pair is generated it can be exported. Usually, we will send the public key part of it to our partners.

Below is a screenshot of the key properties after the key is imported in PGP (r) Desktop version 10. Please note that in our example above we have omitted the < > around the email part of the User ID and that’s why PGP(r) displays the name and email part of the User ID together.

RSA OpenPGP key properties

Async support

In order to create a key pair asynchronously, we have to use the DidiSoft.Pgp.KeyStoreAsync class which provides the same key creation methods with Async suffixes.

Summary

In this chapter, we have discussed RSA OpenPGP key generation with DidiSoft OpenPGP Library for .NET.

You may also consider reading DH/DSS OpenPGP key pair generation, ECC key pair generation, keys exporting and importing.

Example application

In the library installation folder under the Examples subfolder, you can find the project KeyToolCS (KeyToolVB for VB.NET), a demo WinForms application that illustrates OpenPGP key generation as well as many other operations that can be performed over OpenPGP keys.

List of methods used:

KeyStore.GenerateKeyPair
KeyStore.GenerateRsaKeyPair