Generate DH/DSS pgp key in Java

This chapter illustrates how to generate a Diffie Hellman (also known as DH/DSS) key pair with DidiSoft OpenPGP Library for Java. Such OpenPGP key consists of a DSA (Data Signature Algorithm) master key pair used for signing and an encryption sub key pair which is an implementation of the Diffie-Hellman algorithm called ElGamal (constant value com.didisoft.pgp.KeyAlgorithm.ELGAMAL)

Older versions of the library supported master DSA keys which were only 1024 bit long. As of version 3.1.1.7 of the library 2048 bit and 3076 bit master DSA keys are also supported.

1. DH/DSS OpenPGP key generation
2. Speed of key generation
3. Exception Handling

1. DH/DSS OpenPGP key generation

Thе two examples below demonstrate how to generate a DH/DSS OpenPGP key pair.

The first example uses the method generateElGamalKeyPair of the com.didisoft.pgp.KeyStore class and offers predefined set of key algorithm preferences (compression: all, hash: SHA256-512, SHA1, MD5, cipher: CAST5, TrippleDES, AES 128-256, Twofish):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
import com.didisoft.pgp.*;
 
public class GenerateKeyPairDHDSS {
 public static void main(String[] args) throws Exception {
  // initialize the KeyStore where the key will be generated
  KeyStore ks = new KeyStore("pgp.keystore", "keystore password");
 
  // key primary user Id
  String userId = "DH/DSS key demo <demo@didisoft.com>";
  String privateKeyPassword = "changeit";
 
  int keySize = 2048; // DSA key size
  int encryptionSubkeySize = 3076; // Diffie-Hellman key size
  ks.generateElGamalKeyPair(keySize, encryptionSubkeySize, userId, privateKeyPassword); }
}

The second example uses the general method generateKeyPair of the com.didisoft.pgp.KeyStore class and allow the key algorithm preferences to be specified explicitly:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import com.didisoft.pgp.*;
public class GenerateKeyPairDHDSS {
 public static void main(String[] args) throws Exception {
  // initialize the KeyStore where the key will be generated
  KeyStore ks = new KeyStore("pgp.keystore", "changeit");
 
  // to speed up the key generation by using pre-computed prime numbers from RFC 3526
  ks.setUsePrecomputedPrimes(true);
 
  // key primary user Id
  String userId = "DH/DSS key demo <demo@didisoft.com>";
 
  // preferred hashing algorithms
  String[] hashingAlgorithms = new String[]
			 {HashAlgorithm.SHA1,
			  HashAlgorithm.SHA256,
			  HashAlgorithm.SHA384,
			  HashAlgorithm.SHA512,
		          HashAlgorithm.MD5};
 
  // preferred compression algorithms
  String[] compressions = new String[]
			{CompressionAlgorithm.ZIP,
			CompressionAlgorithm.ZLIB,
			CompressionAlgorithm.UNCOMPRESSED};
 
  // preferred symmetric key algorithms
  String[] cyphers = new String[]
			 {CypherAlgorithm.AES_128,
			  CypherAlgorithm.AES_192,
			  CypherAlgorithm.AES_256,
			  CypherAlgorithm.CAST5,
                          CypherAlgorithm.TWOFISH};
 
  String privateKeyPassword = "changeit";
 
  int keySizeInBytes = 2048;
  ks.generateKeyPair(keySizeInBytes,			userId,
			KeyAlgorithm.ELGAMAL,
			privateKeyPassword,
			compressions,
			hashingAlgorithms,
			cyphers);
 }
}

After the key is generated it can be exported in a standalone file and imported into another OpenPGP software. The screenshot below shows the key properties for the exported public key in the PGP/Encryption Desktop application:

Java generate DH/DSS OpenPGP key

2. Speed of the key generation

The speed of the ElGamal key generation for key sizes 1024, 1536, 2048, 3072, and 4096 bits has been dramatically improved in version 3.1.1 of the library by using pre-computed prime numbers (p and g) for the encryption key, obtained from RFC 3526 by default.

This can be turned off by invoking the setUsePrecomputedPrimes(false) of the com.didisoft.pgp.KeyStore class before the invoking the key generation routines. Please keep in mind that in that case the all the parameters for the Diffie-Hellman algorithm will be calculated and this can take even minutes for keys with size bigger than 2048 bit.

3. Exception Handling

The key pair generation methods simply throw com.didisoft.pgp.PGPException in case the key generation fails.

Summary

This chapter discussed DH/DSS OpenPGP key pair generation. You may also check the chapter that shows RSA OpenPGP key generation.