Package org.bouncycastle.openpgp.operator

Class PGPKeyPairGenerator

java.lang.Object
org.bouncycastle.openpgp.operator.PGPKeyPairGenerator
public abstract class PGPKeyPairGenerator extends Object

  • Field Details

    • creationTime

      protected final Date creationTime

    • version

      protected final int version

    • random

      protected SecureRandom random

    • fingerPrintCalculator

      protected final KeyFingerPrintCalculator fingerPrintCalculator

  • Constructor Details

  • Method Details

    • generatePrimaryKey

      public PGPKeyPair generatePrimaryKey() throws PGPException
      Generate a primary key. A primary key MUST use a signing-capable public key algorithm.
      Returns:
      primary key pair
      Throws:
      PGPException - if the key pair cannot be generated

    • generateEncryptionSubkey

      public PGPKeyPair generateEncryptionSubkey() throws PGPException
      Generate an encryption subkey. An encryption subkey MUST use an encryption-capable public key algorithm.
      Returns:
      encryption subkey pair
      Throws:
      PGPException - if the key pair cannot be generated

    • generateSigningSubkey

      public PGPKeyPair generateSigningSubkey() throws PGPException
      Generate a signing subkey. A signing subkey MUST use a signing-capable public key algorithm.
      Returns:
      signing subkey pair
      Throws:
      PGPException - if the key pair cannot be generated

    • generateRsaKeyPair

      public PGPKeyPair generateRsaKeyPair(int bitStrength) throws PGPException
      Generate a RSA key pair with the given bit-strength. It is recommended to use at least 2048 bits or more. The key will be generated over the default exponent 
      65537
      . RSA keys are deprecated for OpenPGP v6.
      Parameters:
      bitStrength - strength of the key pair in bits
      Returns:
      rsa key pair
      Throws:
      PGPException - if the key pair cannot be generated

    • generateRsaKeyPair

      public abstract PGPKeyPair generateRsaKeyPair(BigInteger exponent, int bitStrength) throws PGPException
      Generate a RSA key pair with the given bit-strength over a custom exponent. It is recommended to use at least 2048 bits or more. RSA keys are deprecated for OpenPGP v6.
      Parameters:
      exponent - RSA exponent 
      e
      bitStrength - strength of the key pair in bits
      Returns:
      rsa key pair
      Throws:
      PGPException - if the key pair cannot be generated

    • generateEd25519KeyPair

      public abstract PGPKeyPair generateEd25519KeyPair() throws PGPException
      Generate an elliptic curve signing key over the twisted Edwards curve25519. The key will use PublicKeyAlgorithmTags.Ed25519 which was introduced with RFC9580. For legacy Ed25519 keys use generateLegacyEd25519KeyPair().
      Returns:
      Ed25519 key pair
      Throws:
      PGPException - if the key pair cannot be generated
      See Also:

    • generateEd448KeyPair

      public abstract PGPKeyPair generateEd448KeyPair() throws PGPException
      Generate an elliptic curve signing key over the twisted Edwards curve448. The key will use PublicKeyAlgorithmTags.Ed448 which was introduced with RFC9580.
      Returns:
      Ed448 signing key pair
      Throws:
      PGPException - if the key pair cannot be generated
      See Also:

    • generateX25519KeyPair

      public abstract PGPKeyPair generateX25519KeyPair() throws PGPException
      Generate an elliptic curve Diffie-Hellman encryption key over curve25519. THe key will use PublicKeyAlgorithmTags.X25519 which was introduced with RFC9580. For legacy X25519 keys use generateLegacyX25519KeyPair() instead.
      Returns:
      X25519 encryption key pair
      Throws:
      PGPException - if the key pair cannot be generated
      See Also:

    • generateX448KeyPair

      public abstract PGPKeyPair generateX448KeyPair() throws PGPException
      Generate an elliptic curve Diffie-Hellman encryption key over curve448. THe key will use PublicKeyAlgorithmTags.X448 which was introduced with RFC9580.
      Returns:
      X448 encryption key pair
      Throws:
      PGPException - if the key pair cannot be generated
      See Also:

    • generateLegacyEd25519KeyPair

      public abstract PGPKeyPair generateLegacyEd25519KeyPair() throws PGPException
      Generate a legacy elliptic curve signing key pair over the twisted Edwards curve25519. Legacy keys have good application support, but MUST NOT be used as OpenPGP v6 keys. The key will use PublicKeyAlgorithmTags.EDDSA_LEGACY as algorithm ID. For OpenPGP v6 (RFC9580) use generateEd25519KeyPair() instead.
      Returns:
      legacy Ed25519 key pair
      Throws:
      PGPException - if the key pair cannot be generated
      See Also:

    • generateLegacyX25519KeyPair

      public abstract PGPKeyPair generateLegacyX25519KeyPair() throws PGPException
      Generate a legacy elliptic curve Diffie-Hellman encryption key pair over curve25519. Legacy keys have good application support, but MUST NOT be used as OpenPGP v6 keys. The key will use PublicKeyAlgorithmTags.ECDH as algorithm ID. For OpenPGP v6 (RFC9580) use generateX25519KeyPair() instead.
      Returns:
      legacy X25519 key pair
      Throws:
      PGPException - if the key pair cannot be generated

    • generateNistP256ECDHKeyPair

      public PGPKeyPair generateNistP256ECDHKeyPair() throws PGPException
      Generate an ECDH elliptic curve encryption key over the NIST p-256 curve.
      Returns:
      NIST p-256 ECDSA encryption key pair
      Throws:
      PGPException - if the key pair cannot be generated
      See Also:

    • generateNistP384ECDHKeyPair

      public PGPKeyPair generateNistP384ECDHKeyPair() throws PGPException
      Generate an ECDH elliptic curve encryption key over the NIST p-384 curve.
      Returns:
      NIST p-384 ECDSA encryption key pair
      Throws:
      PGPException - if the key pair cannot be generated
      See Also:

    • generateNistP521ECDHKeyPair

      public PGPKeyPair generateNistP521ECDHKeyPair() throws PGPException
      Generate an ECDH elliptic curve encryption key over the NIST p-521 curve.
      Returns:
      NIST p-521 ECDSA encryption key pair
      Throws:
      PGPException - if the key pair cannot be generated
      See Also:

    • generateNistP256ECDSAKeyPair

      public PGPKeyPair generateNistP256ECDSAKeyPair() throws PGPException
      Generate an ECDSA elliptic curve signing key over the NIST p-256 curve.
      Returns:
      NIST p-256 ECDSA signing key pair
      Throws:
      PGPException - if the key pair cannot be generated
      See Also:

    • generateNistP384ECDSAKeyPair

      public PGPKeyPair generateNistP384ECDSAKeyPair() throws PGPException
      Generate an ECDSA elliptic curve signing key over the NIST p-384 curve.
      Returns:
      NIST p-384 ECDSA signing key pair
      Throws:
      PGPException - if the key pair cannot be generated
      See Also:

    • generateNistP521ECDSAKeyPair

      public PGPKeyPair generateNistP521ECDSAKeyPair() throws PGPException
      Generate an ECDSA elliptic curve signing key over the NIST p-521 curve.
      Returns:
      NIST p-521 ECDSA signing key pair
      Throws:
      PGPException - if the key pair cannot be generated
      See Also:

    • generateECDHKeyPair

      public abstract PGPKeyPair generateECDHKeyPair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveOID) throws PGPException
      Generate an elliptic curve Diffie-Hellman encryption key pair over the curve identified by the given OID.
      Parameters:
      curveOID - OID of the elliptic curve
      Returns:
      PGP key pair
      Throws:
      PGPException - if the key pair cannot be generated

    • generateECDSAKeyPair

      public abstract PGPKeyPair generateECDSAKeyPair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveOID) throws PGPException
      Generate an elliptic curve signing key over the curve identified by the given OID.
      Parameters:
      curveOID - OID of the elliptic curve
      Returns:
      PGP key pair
      Throws:
      PGPException - if the key pair cannot be generated