org.bouncycastle.openpgp.operator
Class PGPKeyPairGenerator

java.lang.Object
  org.bouncycastle.openpgp.operator.PGPKeyPairGenerator

public abstract class PGPKeyPairGenerator

extends java.lang.Object

Field Summary

protected java.util.Date	creationTime
protected KeyFingerPrintCalculator	fingerPrintCalculator
protected java.security.SecureRandom	random
protected int	version

Constructor Summary

PGPKeyPairGenerator(int version, java.util.Date creationTime, java.security.SecureRandom random, KeyFingerPrintCalculator fingerPrintCalculator)
Create an instance of the key pair generator.

Method Summary

abstract PGPKeyPair	generateECDHKeyPair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveOID) Generate an elliptic curve Diffie-Hellman encryption key pair over the curve identified by the given OID.
abstract PGPKeyPair	generateECDSAKeyPair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveOID) Generate an elliptic curve signing key over the curve identified by the given OID.
abstract PGPKeyPair	generateEd25519KeyPair() Generate an elliptic curve signing key over the twisted Edwards curve25519.
abstract PGPKeyPair	generateEd448KeyPair() Generate an elliptic curve signing key over the twisted Edwards curve448.
PGPKeyPair	generateEncryptionSubkey() Generate an encryption subkey.
abstract PGPKeyPair	generateLegacyEd25519KeyPair() Generate a legacy elliptic curve signing key pair over the twisted Edwards curve25519.
abstract PGPKeyPair	generateLegacyX25519KeyPair() Generate a legacy elliptic curve Diffie-Hellman encryption key pair over curve25519.
PGPKeyPair	generateNistP256ECDHKeyPair() Generate an ECDH elliptic curve encryption key over the NIST p-256 curve.
PGPKeyPair	generateNistP256ECDSAKeyPair() Generate an ECDSA elliptic curve signing key over the NIST p-256 curve.
PGPKeyPair	generateNistP384ECDHKeyPair() Generate an ECDH elliptic curve encryption key over the NIST p-384 curve.
PGPKeyPair	generateNistP384ECDSAKeyPair() Generate an ECDSA elliptic curve signing key over the NIST p-384 curve.
PGPKeyPair	generateNistP521ECDHKeyPair() Generate an ECDH elliptic curve encryption key over the NIST p-521 curve.
PGPKeyPair	generateNistP521ECDSAKeyPair() Generate an ECDSA elliptic curve signing key over the NIST p-521 curve.
PGPKeyPair	generatePrimaryKey() Generate a primary key.
abstract PGPKeyPair	generateRsaKeyPair(java.math.BigInteger exponent, int bitStrength) Generate a RSA key pair with the given bit-strength over a custom exponent.
PGPKeyPair	generateRsaKeyPair(int bitStrength) Generate a RSA key pair with the given bit-strength.
PGPKeyPair	generateSigningSubkey() Generate a signing subkey.
abstract PGPKeyPair	generateX25519KeyPair() Generate an elliptic curve Diffie-Hellman encryption key over curve25519.
abstract PGPKeyPair	generateX448KeyPair() Generate an elliptic curve Diffie-Hellman encryption key over curve448.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

creationTime

protected final java.util.Date creationTime

version

protected final int version

random

protected java.security.SecureRandom random

fingerPrintCalculator

protected final KeyFingerPrintCalculator fingerPrintCalculator

Constructor Detail

PGPKeyPairGenerator

public PGPKeyPairGenerator(int version,
                           java.util.Date creationTime,
                           java.security.SecureRandom random,
                           KeyFingerPrintCalculator fingerPrintCalculator)

Create an instance of the key pair generator.

Parameters:

version - public key version (PublicKeyPacket.VERSION_4 or PublicKeyPacket.VERSION_6).

creationTime - key creation time

random - secure random number generator

Method Detail

generatePrimaryKey

public PGPKeyPair generatePrimaryKey()
                              throws PGPException

Generate a primary key. A primary key MUST use a signing-capable public key algorithm.

Returns:

primary key pair

Throws:

PGPException - if the key pair cannot be generated

generateEncryptionSubkey

public PGPKeyPair generateEncryptionSubkey()
                                    throws PGPException

Generate an encryption subkey. An encryption subkey MUST use an encryption-capable public key algorithm.

Returns:

encryption subkey pair

Throws:

PGPException - if the key pair cannot be generated

generateSigningSubkey

public PGPKeyPair generateSigningSubkey()
                                 throws PGPException

Generate a signing subkey. A signing subkey MUST use a signing-capable public key algorithm.

Returns:

signing subkey pair

Throws:

PGPException - if the key pair cannot be generated

generateRsaKeyPair

public PGPKeyPair generateRsaKeyPair(int bitStrength)
                              throws PGPException

Generate a RSA key pair with the given bit-strength. It is recommended to use at least 2048 bits or more. The key will be generated over the default exponent 65537. RSA keys are deprecated for OpenPGP v6.

Parameters:

bitStrength - strength of the key pair in bits

Returns:

rsa key pair

Throws:

PGPException - if the key pair cannot be generated

generateRsaKeyPair

public abstract PGPKeyPair generateRsaKeyPair(java.math.BigInteger exponent,
                                              int bitStrength)
                                       throws PGPException

Generate a RSA key pair with the given bit-strength over a custom exponent. It is recommended to use at least 2048 bits or more. RSA keys are deprecated for OpenPGP v6.

Parameters:

exponent - RSA exponent e

bitStrength - strength of the key pair in bits

Returns:

rsa key pair

Throws:

PGPException - if the key pair cannot be generated

generateEd25519KeyPair

public abstract PGPKeyPair generateEd25519KeyPair()
                                           throws PGPException

Generate an elliptic curve signing key over the twisted Edwards curve25519. The key will use PublicKeyAlgorithmTags.Ed25519 which was introduced with RFC9580. For legacy Ed25519 keys use generateLegacyEd25519KeyPair().

Returns:

Ed25519 key pair

Throws:

PGPException - if the key pair cannot be generated

See Also:

RFC9580 - Public Key Algorithms

generateEd448KeyPair

public abstract PGPKeyPair generateEd448KeyPair()
                                         throws PGPException

Generate an elliptic curve signing key over the twisted Edwards curve448. The key will use PublicKeyAlgorithmTags.Ed448 which was introduced with RFC9580.

Returns:

Ed448 signing key pair

Throws:

PGPException - if the key pair cannot be generated

See Also:

RFC9580 - Public Key Algorithms

generateX25519KeyPair

public abstract PGPKeyPair generateX25519KeyPair()
                                          throws PGPException

Generate an elliptic curve Diffie-Hellman encryption key over curve25519. THe key will use PublicKeyAlgorithmTags.X25519 which was introduced with RFC9580. For legacy X25519 keys use generateLegacyX25519KeyPair() instead.

Returns:

X25519 encryption key pair

Throws:

PGPException - if the key pair cannot be generated

See Also:

RFC9580 - Public Key Algorithms

generateX448KeyPair

public abstract PGPKeyPair generateX448KeyPair()
                                        throws PGPException

Generate an elliptic curve Diffie-Hellman encryption key over curve448. THe key will use PublicKeyAlgorithmTags.X448 which was introduced with RFC9580.

Returns:

X448 encryption key pair

Throws:

PGPException - if the key pair cannot be generated

See Also:

RFC9580 - Public Key Algorithms

generateLegacyEd25519KeyPair

public abstract PGPKeyPair generateLegacyEd25519KeyPair()
                                                 throws PGPException

Generate a legacy elliptic curve signing key pair over the twisted Edwards curve25519. Legacy keys have good application support, but MUST NOT be used as OpenPGP v6 keys. The key will use PublicKeyAlgorithmTags.EDDSA_LEGACY as algorithm ID. For OpenPGP v6 (RFC9580) use generateEd25519KeyPair() instead.

Returns:

legacy Ed25519 key pair

Throws:

PGPException - if the key pair cannot be generated

See Also:

Legacy Draft: EdDSA for OpenPGP

generateLegacyX25519KeyPair

public abstract PGPKeyPair generateLegacyX25519KeyPair()
                                                throws PGPException

Generate a legacy elliptic curve Diffie-Hellman encryption key pair over curve25519. Legacy keys have good application support, but MUST NOT be used as OpenPGP v6 keys. The key will use PublicKeyAlgorithmTags.ECDH as algorithm ID. For OpenPGP v6 (RFC9580) use generateX25519KeyPair() instead.

Returns:

legacy X25519 key pair

Throws:

PGPException - if the key pair cannot be generated

generateNistP256ECDHKeyPair

public PGPKeyPair generateNistP256ECDHKeyPair()
                                       throws PGPException

Generate an ECDH elliptic curve encryption key over the NIST p-256 curve.

Returns:

NIST p-256 ECDSA encryption key pair

Throws:

PGPException - if the key pair cannot be generated

See Also:

RFC6637 - Elliptic Curve Cryptography in OpenPGP

generateNistP384ECDHKeyPair

public PGPKeyPair generateNistP384ECDHKeyPair()
                                       throws PGPException

Generate an ECDH elliptic curve encryption key over the NIST p-384 curve.

Returns:

NIST p-384 ECDSA encryption key pair

Throws:

PGPException - if the key pair cannot be generated

See Also:

RFC6637 - Elliptic Curve Cryptography in OpenPGP

generateNistP521ECDHKeyPair

public PGPKeyPair generateNistP521ECDHKeyPair()
                                       throws PGPException

Generate an ECDH elliptic curve encryption key over the NIST p-521 curve.

Returns:

NIST p-521 ECDSA encryption key pair

Throws:

PGPException - if the key pair cannot be generated

See Also:

RFC6637 - Elliptic Curve Cryptography in OpenPGP

generateNistP256ECDSAKeyPair

public PGPKeyPair generateNistP256ECDSAKeyPair()
                                        throws PGPException

Generate an ECDSA elliptic curve signing key over the NIST p-256 curve.

Returns:

NIST p-256 ECDSA signing key pair

Throws:

PGPException - if the key pair cannot be generated

See Also:

RFC6637 - Elliptic Curve Cryptography in OpenPGP

generateNistP384ECDSAKeyPair

public PGPKeyPair generateNistP384ECDSAKeyPair()
                                        throws PGPException

Generate an ECDSA elliptic curve signing key over the NIST p-384 curve.

Returns:

NIST p-384 ECDSA signing key pair

Throws:

PGPException - if the key pair cannot be generated

See Also:

RFC6637 - Elliptic Curve Cryptography in OpenPGP

generateNistP521ECDSAKeyPair

public PGPKeyPair generateNistP521ECDSAKeyPair()
                                        throws PGPException

Generate an ECDSA elliptic curve signing key over the NIST p-521 curve.

Returns:

NIST p-521 ECDSA signing key pair

Throws:

PGPException - if the key pair cannot be generated

See Also:

RFC6637 - Elliptic Curve Cryptography in OpenPGP

generateECDHKeyPair

public abstract PGPKeyPair generateECDHKeyPair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveOID)
                                        throws PGPException

Generate an elliptic curve Diffie-Hellman encryption key pair over the curve identified by the given OID.

Parameters:

curveOID - OID of the elliptic curve

Returns:

PGP key pair

Throws:

PGPException - if the key pair cannot be generated

generateECDSAKeyPair

public abstract PGPKeyPair generateECDSAKeyPair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveOID)
                                         throws PGPException

Generate an elliptic curve signing key over the curve identified by the given OID.

Parameters:

curveOID - OID of the elliptic curve

Returns:

PGP key pair

Throws:

PGPException - if the key pair cannot be generated