Generate RSA keys

Examples ›› Programs ››
Parent Previous Next

This example demonstrates how to generate an RSA based OpenPGP key pair with OpenPGP Library for Java.


When we create an OpenPGP key pair, a few parameters must be passed. These include:


Encryption key size in bytes (recommended between 1024 and 3072)

User ID

key algorithm (RSA or ELGAMAL)

private key password

list of preferred compression algorithms

list of preferred signature hash algorithms

list of preferred symmetric encryption algorithms

key expiration date (optional)


One note regarding the naming convention for the User ID parameter. The original PGP(r) software is delimiting the email in the User ID with < and > like : “Richard C.  <richard.c@site.com>”


The generated keys have no expiration date. An overloaded version exists that accepts expiration time parameter.


import com.didisoft.pgp.*;

public class GenerateKeyPairRSA {

public static void main(String[] args) throws Exception {

 // initialize the KeyStore where the key will be generated

 KeyStore ks = new KeyStore("pgp.keystore", "changeit");

 // key primary user Id

 String userId = "demo2@didisoft.com";

 // preferred hashing algorithms

 String[] hashingAlgorithms = new String[]

                                {HashAlgorithm.SHA1,

                                 HashAlgorithm.SHA256,

                                 HashAlgorithm.SHA384,

                                 HashAlgorithm.SHA512,

                                 HashAlgorithm.MD5};

 // preferred compression algorithms

 String[] compressions = new String[]

                               {CompressionAlgorithm.ZIP,

                               CompressionAlgorithm.ZLIB,

                               CompressionAlgorithm.UNCOMPRESSED};

 // preferred symmetric key algorithms

 String[] cyphers = new String[]

                        {CypherAlgorithm.CAST5,

                         CypherAlgorithm.AES_128,

                         CypherAlgorithm.AES_192,

                         CypherAlgorithm.AES_256,

                         CypherAlgorithm.TWOFISH};

 String privateKeyPassword = "changeit";

 int keySizeInBytes = 2048;

 ks.generateKeyPair(keySizeInBytes,

                       userId,

                       KeyAlgorithm.RSA,

                       privateKeyPassword,

                       compressions,

                       hashingAlgorithms,

                       cyphers);

}

}


After the key pair is generated usually we will export the public key and send it to our partners.


Below is a screenshot of the generated key properties when we open it with PGP (r) 10:



2. Key generation directly


We can avoid the use of a KeyStore class and generate a key pair in the memory in a PGPKeyPair object. In that case we also have to export it afterwards.


import com.didisoft.pgp.*;

public class GenerateKeyPairRSA {

public static void main(String[] args) throws PGPException {

 String keyAlgorithm = KeyAlgorithm.RSA;

 // user Id for the key pair

 String userId = "demo2@didisoft.com";

 // preferred hashing algorithms

 String[] hashingAlgorithms = new String[]

                                {HashAlgorithm.SHA1,

                                 HashAlgorithm.SHA256,

                                 HashAlgorithm.SHA384,

                                 HashAlgorithm.SHA512,

                                 HashAlgorithm.MD5};

 // preferred compression algorithms

 String[] compressions = new String[]

                               {CompressionAlgorithm.ZIP,

                               CompressionAlgorithm.ZLIB,

                               CompressionAlgorithm.UNCOMPRESSED};

 // preferred symmetric key algorithms

 String[] cyphers = new String[]

                        {CypherAlgorithm.CAST5,

                         CypherAlgorithm.AES_128,

                         CypherAlgorithm.AES_192,

                         CypherAlgorithm.AES_256,

                         CypherAlgorithm.TWOFISH};

 String privateKeyPassword = "changeit";

 int keySizeInBytes = 2048;

 // expiration date, pass 0 for no expiration

 long expiresAfterDays = 365;

 PGPKeyPair keypair = PGPKeyPair.generateKeyPair(keySizeInBytes,

                        userId,

                        keyAlgorithm,

                        privateKeyPassword,

                        compressions,

                        hashingAlgorithms,

                        cyphers,

                        expiresAfterDays);

 // keypair.export...

}

}


3. Exception Handling


The key pair generation methods simply throw com.didisoft.pgp.PGPException in case the key generation fails.