This example demonstrates how to generate an RSA based OpenPGP key pair with OpenPGP Library for Java.
When we create an OpenPGP key pair, a few parameters must be passed. These include:
● Encryption key size in bytes (recommended between 1024 and 3072)
● User ID
● key algorithm (RSA or ELGAMAL)
● private key password
● list of preferred compression algorithms
● list of preferred signature hash algorithms
● list of preferred symmetric encryption algorithms
● key expiration date (optional)
One note regarding the naming convention for the User ID parameter. The original PGP(r) software is delimiting the email in the User ID with < and > like : “Richard C. <richard.c@site.com>”
The generated keys have no expiration date. An overloaded version exists that accepts expiration time parameter.
import com.didisoft.pgp.*;
public class GenerateKeyPairRSA {
public static void main(String[] args) throws Exception {
// initialize the KeyStore where the key will be generated
KeyStore ks = new KeyStore("pgp.keystore", "changeit");
// key primary user Id
String userId = "demo2@didisoft.com";
// preferred hashing algorithms
String[] hashingAlgorithms = new String[]
{HashAlgorithm.SHA1,
HashAlgorithm.SHA256,
HashAlgorithm.SHA384,
HashAlgorithm.SHA512,
HashAlgorithm.MD5};
// preferred compression algorithms
String[] compressions = new String[]
{CompressionAlgorithm.ZIP,
CompressionAlgorithm.ZLIB,
CompressionAlgorithm.UNCOMPRESSED};
// preferred symmetric key algorithms
String[] cyphers = new String[]
{CypherAlgorithm.CAST5,
CypherAlgorithm.AES_128,
CypherAlgorithm.AES_192,
CypherAlgorithm.AES_256,
CypherAlgorithm.TWOFISH};
String privateKeyPassword = "changeit";
int keySizeInBytes = 2048;
ks.generateKeyPair(keySizeInBytes,
userId,
KeyAlgorithm.RSA,
privateKeyPassword,
compressions,
hashingAlgorithms,
cyphers);
}
}
After the key pair is generated usually we will export the public key and send it to our partners.
Below is a screenshot of the generated key properties when we open it with PGP (r) 10:
2. Key generation directly
We can avoid the use of a KeyStore class and generate a key pair in the memory in a PGPKeyPair object. In that case we also have to export it afterwards.
import com.didisoft.pgp.*;
public class GenerateKeyPairRSA {
public static void main(String[] args) throws PGPException {
String keyAlgorithm = KeyAlgorithm.RSA;
// user Id for the key pair
String userId = "demo2@didisoft.com";
// preferred hashing algorithms
String[] hashingAlgorithms = new String[]
{HashAlgorithm.SHA1,
HashAlgorithm.SHA256,
HashAlgorithm.SHA384,
HashAlgorithm.SHA512,
HashAlgorithm.MD5};
// preferred compression algorithms
String[] compressions = new String[]
{CompressionAlgorithm.ZIP,
CompressionAlgorithm.ZLIB,
CompressionAlgorithm.UNCOMPRESSED};
// preferred symmetric key algorithms
String[] cyphers = new String[]
{CypherAlgorithm.CAST5,
CypherAlgorithm.AES_128,
CypherAlgorithm.AES_192,
CypherAlgorithm.AES_256,
CypherAlgorithm.TWOFISH};
String privateKeyPassword = "changeit";
int keySizeInBytes = 2048;
// expiration date, pass 0 for no expiration
long expiresAfterDays = 365;
PGPKeyPair keypair = PGPKeyPair.generateKeyPair(keySizeInBytes,
userId,
keyAlgorithm,
privateKeyPassword,
compressions,
hashingAlgorithms,
cyphers,
expiresAfterDays);
// keypair.export...
}
}
3. Exception Handling
The key pair generation methods simply throw com.didisoft.pgp.PGPException in case the key generation fails.