Generate RSA pgp keys in Java

This chapter demonstrates how to generate an RSA based OpenPGP key pair with OpenPGP Library for Java.

When we create an OpenPGP key pair, a few parameters must be passed. These include:

  • Encryption key size in bytes (recommended between 1024 and 3072)
  • User ID
  • key algorithm (RSA or ELGAMAL)
  • private key password
  • list of preferred compression algorithms
  • list of preferred signature hash algorithms
  • list of preferred symmetric encryption algorithms
  • key expiration date (optional)

One note regarding the naming convention for the User ID parameter. The original PGP(r) software is delimiting the email in the User ID with < and > like : “Richard C.  <richard.c@site.com>”

An overloaded method exists that accepts key expiration date as a last parameter.

Table of Contents

1. Key generation with a KeyStore

2. Key generation directly

3. Exception handling

1. Key generation example

import com.didisoft.pgp.*;
 
public class GenerateKeyPairRSA {
 public static void main(String[] args) throws PGPException {
  // initialize the KeyStore where the key will be generated
  KeyStore ks = new KeyStore("pgp.keystore", "changeit");
 
  String keyAlgorithm = KeyAlgorithm.RSA;
 
  // user Id for the key pair
  String userId = "demo2@didisoft.com";
 
  // preferred hashing algorithms
  String[] hashingAlgorithms = new String[]
				 {HashAlgorithm.SHA1,
				  HashAlgorithm.SHA256,
				  HashAlgorithm.SHA384,
				  HashAlgorithm.SHA512,
				  HashAlgorithm.MD5};
 
  // preferred compression algorithms
  String[] compressions = new String[]
				{CompressionAlgorithm.ZIP,
				CompressionAlgorithm.ZLIB,
				CompressionAlgorithm.UNCOMPRESSED};
 
  // preferred symmetric key algorithms
  String[] cyphers = new String[]
			 {CypherAlgorithm.CAST5,
			  CypherAlgorithm.AES_128,
			  CypherAlgorithm.AES_192,
			  CypherAlgorithm.AES_256,
			  CypherAlgorithm.TWOFISH};
 
  String privateKeyPassword = "changeit";
 
  int keySizeInBytes = 2048;
  ks.generateKeyPair(keySizeInBytes,
			userId,
			keyAlgorithm,
			privateKeyPassword,
			compressions,
			hashingAlgorithms,
			cyphers);
 }
}

After the key pair is generated usually we will export the public key and send it to our partners.

Below is a screenshot of the generated key properties when we open it with PGP (r) 10:

RSA OpenPGP key properties

2. Key generation directly

We can avoid the use of a KeyStore class and generate a key pair in the memory in a PGPKeyPair object. In that case we also have to export it afterwards.

import com.didisoft.pgp.*;
 
public class GenerateKeyPairRSA {
 public static void main(String[] args) throws PGPException {
 
  String keyAlgorithm = KeyAlgorithm.RSA;
 
  // user Id for the key pair
  String userId = "demo2@didisoft.com";
 
  // preferred hashing algorithms
  String[] hashingAlgorithms = new String[]
				 {HashAlgorithm.SHA1,
				  HashAlgorithm.SHA256,
				  HashAlgorithm.SHA384,
				  HashAlgorithm.SHA512,
				  HashAlgorithm.MD5};
 
  // preferred compression algorithms
  String[] compressions = new String[]
				{CompressionAlgorithm.ZIP,
				CompressionAlgorithm.ZLIB,
				CompressionAlgorithm.UNCOMPRESSED};
 
  // preferred symmetric key algorithms
  String[] cyphers = new String[]
			 {CypherAlgorithm.CAST5,
			  CypherAlgorithm.AES_128,
			  CypherAlgorithm.AES_192,
			  CypherAlgorithm.AES_256,
			  CypherAlgorithm.TWOFISH};
 
  String privateKeyPassword = "changeit";
 
  int keySizeInBytes = 2048;
 
  // expiration date, pass 0 for no expiration
  long expiresAfterDays = 365;
 
  PGPKeyPair keypair = PGPKeyPair.generateKeyPair(keySizeInBytes,
			 userId,
			 keyAlgorithm,
			 privateKeyPassword,
			 compressions,
			 hashingAlgorithms,
			 cyphers,
                         expiresAfterDays);
  // keypair.export...
 }
}

3. Exception Handling

The key pair generation methods simply throw com.didisoft.pgp.PGPException in case the key generation fails.

Summary

This chapter demonstrated how to generate an RSA OpenPGP key pair with DidiSoft OpenPGP Library for Java.