In some cases the key pair (private key and corresponding public key) are already available in files. In that case the program can import and use the private key for signing, as shown in Weaknesses and Alternatives. In other cases the program needs to generate the key pair. A key pair is generated by using the KeyPairGenerator class.
Java Generate Ecc Key Pair
How to generate keys in PEM formatusing the OpenSSL command line tools?
Ec Key BluetoothRSA keys
The JOSE standard recommends a minimum RSA key size of 2048 bits.
To generate a 2048-bit RSA private + public key pair for use in RSxxx and PSxxxsignatures:
Elliptic Curve keys
To generate an EC key pair the curve designation must be specified. Note thatJOSE ESxxx signatures require P-256, P-384 and P-521 curves (see theircorresponding OpenSSL identifiers below).
Elliptic Curve private + public key pair for use with ES256 signatures:
Elliptic Curve private + public key pair for use with ES384 signatures:
Elliptic Curve private + public key pair for use with ES512 signatures:
PEM key parsing in Java
The BouncyCastle library provides a simpleutility to parse PEM-encoded keys in Java, to use them for JWS or JWE later.
For Maven you should include the following BouncyCastle dependencies (where1.52 is the latest stable version as of May 2015):
Example parsing of an PEM-encoded EC key in Java:
As of version 2.6.2 DidiSoft OpenPGP Library for Java fully supports Elliptic Curve cryptography (ECC) in OpenPGP as defined in RFC 6637.
In this chapter we are going to make a short introduction to the new ECC encryption and illustrate how to generate your first ECC OpenPGP key pair.
1. What is Elliptic Curve cryptography?
2. Generating an ECC OpenPGP key pair 3. Industry support What is Elliptic Curve cryptography?
Elliptic Curve cryptography provides asymmetric (public key) cryptography based on mathematic operations with Elliptic Curves over finite fields.
An ECC OpenPGP key consists of a master key which is used for EC DSA signing and an encryption sub key which is used for EC Diffie-Hellman (ECDH) encryption.
Currently the standard for ECC in OpenPGP (RFC 6637) defines three elliptic curves over the finite field of prime numbers introduced by the National Security Agency (NSA) during the 2005 RSA conference: NIST P-256, NIST P-384, NIST-521 (the number shows the finite field of prime numbers with the same size in bits).
Some OpenPGP implementations like GnuPG/gpg has added support for Brainpool curves as well, which we support too as of version 3.1.3.
![]() Comparison with RSA and ElGamal (DH/DSS)
The weakest ECC OpenPGP key pairs (over curve NIST-256) can be compared with a 3072 bit ElGamal or 3072 bit RSA key pair.
Please check section “Security considerations” for more information.
Generating an ECC OpenPGP key pair
Creating an ECC OpenPGP key pair is done with a new set of methods with common name generateEccKeyPair, available in the KeyStore and PGPKeyPair classes.
Java Generate Ec Key Pair Chart
The supported values for the ECC curve are :
Below is an example that shows how to generate an ECC key pair with no expiration date and default cipher, compression and hashing key preferences.
Industry support
The following software products are known to support ECC in OpenPGP as of the time of this writing:
Symantec PGP Command line 10.2.+
GnuPG 2.1+
Summary
This chapter introduced the new Elliptic Curve (ECC) OpenPGP keys defined in RFC 6637 . As of version 2.6.2 DidiSoft OpenPGP Library for Java fully supports this extension of the OpenPGP standard.
Usage of the new type of OpenPGP keys is transparent once you upgrade to version 2.6.2 or above.
Key generation is done though the methods generateEccKeyPair available in the KeyStore and PGPKeyPair classes.
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |