In this chapter we will introduce the rather new Elliptic Curve Cryptography (ECC or EC for short) OpenPGP keys.

Mar 10, 2014  With Named Curves. As with the key pair generation example, if you know the curve associated with the keys you have been given is for a named curve, you can replace the construction of the ECParmeterSpec above with a named curve lookup using one of the named curve tables from org.bouncycastle.jce. This security Java tutorial describes usage of digital signatures, keys, and cryptography services. Generate Public and Private Keys. In order to be able to create a digital signature, you need a private key. The sample code of this lesson always specifies the default SUN provider built into the JDK.

1. What are Elliptic Curve OpenPGP keys?
2. Example code
3. Compatibility Notes
4. Async code

What are Elliptic Curve OpenPGP keys?

ECC keys are rather new to the OpenPGP standard. They were first defined in RFC 6637. This extension of the OpenPGP standard defines only three NIST approved curves. Later the open source GnuPG software added three Brainpool curves (defined in RFC 5639).

Encryption with EC keys is based on the Elliptic Curve Diffie-Hellman (ECDH) key agreement protocol. Signing with EC keys is based on the Elliptic Curve DSA (ECDSA) algorithm.

The encryption with EC OpenPGP keys is considered to be much more secure compared to the current RSA and Elgamal (DH/DSS) keys.

Supported EC curves

Currently, DidiSoft OpenPGP library for .NET supports ECC keys based on these elliptic curves:

• NIST P-256 (DidiSoft.Pgp.EcCurve.P256)
• NIST-384 (DidiSoft.Pgp.EcCurve.P384)
• NIST-521 (DidiSoft.Pgp.EcCurve.P521)
• Brainpool 256 bit (DidiSoft.Pgp.EcCurve.Brainpool256)
• Brainpool 384 bit (DidiSoft.Pgp.EcCurve.Brainpool384)
• Brainpool 512 bit (DidiSoft.Pgp.EcCurve.Brainpool512)

Key generation speed

The key generation of EC keys is much faster compared to the traditional RSA and DH/DSS keys.

Example Code

The key generation is invoked by the methods GenerateEccKeyPair defined in the KeyStore and PGPKeyPair classes.

Below is a short example that illustrates how to generate EC OpenPGP keys with the library.

C# example

VB.NET example

The example code above will generate keys with no expiration date and predefined preferred algorithms for compression, hash function, and symmetric encryption. If you wish to specify manually those algorithms, please check one of the overloaded versions of the method GenerateEccKeyPair.

After the key generation, the keys can be exported from the KeyStore or you can directly generate a key in a PGPKeyPair object and export them from there.

Compatibility Issues

ECC OpenPGP keys were first introduced in version 1.7.7 of DidiSoft OpenPGP Library for .NET

Ecc Key Generation Code In Java Pdf

Elliptic curves OpenPGP keys are supported only by newer OpenPGP implementations like is Symantec (r) PGP Command line v. 10.2. and upper versions and GnuPGversion 2.1 and above. Attempts to use ECC OpenPGP keys with older software usually fails with error messages. For example, if you try to use such keys with older versions of our library you will receive exceptions with the message: “unknown PGP public key algorithm encountered“.

Async support

In order to create a key pair asynchronously, we have to use the DidiSoft.Pgp.KeyStoreAsync class which provides the same key creation methods with Async suffixes.

Summary

In this chapter, we have introduced the Elliptic Curve (EC) OpenPGP keys. The EC OpenPGP keys are still not adopted by the major OpenPGP software implementations but they will hopefully get traction soon.

They are considered superior by terms of cryptography security to the currently widespread RSA and DH/DSS keys.

In order to be able to create a digital signature, you need a private key. (Its corresponding public key will be needed in order to verify the authenticity of the signature.)

In some cases the key pair (private key and corresponding public key) are already available in files. In that case the program can import and use the private key for signing, as shown in Weaknesses and Alternatives.

In other cases the program needs to generate the key pair. A key pair is generated by using the KeyPairGenerator class.

In this example you will generate a public/private key pair for the Digital Signature Algorithm (DSA). You will generate keys with a 1024-bit length.

Generating a key pair requires several steps:

Free Source Code In Java

Create a Key Pair Generator

The first step is to get a key-pair generator object for generating keys for the DSA signature algorithm.

As with all engine classes, the way to get a KeyPairGenerator object for a particular type of algorithm is to call the getInstance static factory method on the KeyPairGenerator class. This method has two forms, both of which hava a String algorithm first argument; one form also has a String provider second argument.

A caller may thus optionally specify the name of a provider, which will guarantee that the implementation of the algorithm requested is from the named provider. The sample code of this lesson always specifies the default SUN provider built into the JDK.

Put the following statement after the

line in the file created in the previous step, Prepare Initial Program Structure:

Initialize the Key Pair Generator

The next step is to initialize the key pair generator. All key pair generators share the concepts of a keysize and a source of randomness. The KeyPairGenerator class has an initialize method that takes these two types of arguments.

The keysize for a DSA key generator is the key length (in bits), which you will set to 1024. /hitmanpro-37-9-product-key-generator.html.

The source of randomness must be an instance of the SecureRandom class that provides a cryptographically strong random number generator (RNG). For more information about SecureRandom, see the SecureRandom API Specification and the Java Cryptography Architecture Reference Guide .

The following example requests an instance of SecureRandom that uses the SHA1PRNG algorithm, as provided by the built-in SUN provider. The example then passes this SecureRandom instance to the key-pair generator initialization method.

Ecc Key Generation Code In Java Code

Some situations require strong random values, such as when creating high-value and long-lived secrets like RSA public and private keys. To help guide applications in selecting a suitable strong SecureRandom implementation, starting from JDK 8 Java distributions include a list of known strong SecureRandom implementations in the securerandom.strongAlgorithms property of the java.security.Security class. When you are creating such data, you should consider using SecureRandom.getInstanceStrong(), as it obtains an instance of the known strong algorithms.

Generate the Pair of Keys

Ecc Key Generation Code In Java 1

The final step is to generate the key pair and to store the keys in PrivateKey and PublicKey objects.