Bouncy Castle Pgp Key Generation
- I try to generate an RSA key pair using Bouncy Castle for C#. Generating PGP key ring using Bouncy Castle (C#) results in key ID FFFFFFFF. Bouncy Castle.
- Jul 26, 2016 sample app that uses PGP Encryption using Bouncy Castle's C# API - App.config. // pass in 2 file paths to generate the encrypted file //. BasePath + @' pgp-encrypted.asc '); // if you need to convert a private key from a pgp to xml format: string xmlPPrivateKey = CryptoHelper.
- Secondly, the Bouncy Castle APIs are now formally owned by a registered Australian Charity, the Legion of the Bouncy Castle Inc, ABN 84 166 338 567. Without considering the costs of actually doing what we do, we're also trying to raise money to.
- Mission Statement. Make using Bouncy Castle with OpenPGP great fun again! This project gives you the following super-powers. Encrypt, decrypt, sign and verify GPG/PGP files with just a few lines of code; protect all the data at rest by reading encrypted files with transparent GPG decryption.
- Dec 10, 2013 PGP Cryptography With The Legion of the Bouncy Castle – Part 5. Posted on December 10, 2013. Back to PGP Cryptography tutorials!! Because when I want to learn something new I learn faster by writing a tutorial about it.
- Bouncy Castle Cryptography Library 1.48 PREV CLASS NEXT CLASS: FRAMES NO FRAMES. Org.bouncycastle.openpgp Class PGPSignatureGenerator java.lang.Object org.bouncycastle.openpgp.PGPSignatureGenerator. Public class PGPSignatureGenerator extends java.lang.Object. Generator for PGP Signatures. Constructor Summary.
- Using the Bouncy Castle Specific APIs
- Key Pair Generation
- Using a KeyFactory
- Using the JDK APIs
- Key Pair Generation
- Using a KeyFactory
Secondly, the Bouncy Castle APIs are now formally owned by a registered Australian Charity, the Legion of the Bouncy Castle Inc, ABN 84 166 338 567. Without considering the costs of actually doing what we do, we're also trying to raise money to allow us to get certifications such as FIPs for the APIs.
Key pair generation in elliptic curve follows the same principles as the other algorithms, the main difference being that, unlike algorithms such as RSA, elliptic curve keys exist only in the context of a particular elliptic curve and require to have curve parameters associated with them to be of any use.
Having said that, there is one anomaly with elliptic curve over other algorithms in that there are two APIs supported by the provider for using them. The reason for this is that JDK elliptic curve support was only introduced with the release of JDK 1.5. Prior to that providers supporting elliptic curve had to include some provider specific classes to allow it to be used, and as Bouncy Castle has supported elliptic curve since release 1.04 it had to provide it's own API.
Other than differences in parameters the generation of elliptic curve keys is identical for both Fp and F2m.
Like other asymmetric algorithms, elliptic curve private keys produce DER encodings of PKCS8 PrivateKeyInfo objects and elliptic curve public keys produce DER encodings of X.509 SubjectPublicKeyInfo objects.
The following example shows a simple case of copying a key pair using the getEncoded()
method on the public and private keys and the X509EncodedKeySpec
and PKCS8EncodedKeySpec
classes.
The Bouncy Castle API for elliptic curve consists of a collection of interfaces and classes defined in org.bouncycastle.jce, org.bouncycastle.jce.interfaces, and org.bouncycastle.jce.spec packages which provide provider specific support for elliptic curve keys, parameters, and named curve handling.
![Bouncy Bouncy](https://www.bouncycastle.org/images/FB-f-Logo__blue_16.png)
Key Pair Generation
Key pair generation can be done using explicitly created parameters or by retrieving a named curve from a lookup table.
From Explicit Parameters
An org.bouncycastle.jce.ECParameterSpec is required to construct an elliptic curve key. The long way of creating one of these is to create the ECParameterSpec object from a Bouncy Castle ECCurve object and an associated base point and order.
Normally you'd only do this if the curve you want is not already present in one of the named curve tables (see below), but if you had a set of parameters you wanted to use it would look something like this:
As you can see it is a two step process. First you need to create the curve and then you need to associate the curve with a base point and an order using an ECParameterSpec which is then used to initialise the KeyPairGenerator object.
From Named Curves
Named curves are handled in the Bouncy Castle provider by associating a parameter set with a name using an extension of ECParameterSpec, ECNamedCurveParameterSpec, which can be found in org.bouncycastle.jce.spec. Normally you would not create one of these parameter spec objects directly, but you would retrieve it from one of the two lookup tables in org.bouncycastle.jce - ECNamedCurveTable if you are using ECDSA, or ECGOST3410NamedCurveTable if you are using GOST310-2001. Both classes support a getNames() method which will tell you what named curves are currently supported.
Assuming you were wanting to use the X9.62 curve prime192v1, the code would look something like this:
Using a KeyFactory
From Explicit Parameters
/generate-google-api-key-v2.html. The Bouncy Castle provider also supports key spec objects for cases where the key material is already available and the use of a KeyPairGenerator is not required. In this case the regular KeyFactory class is used and the Bouncy Castle specific classes ECPublicKeySpec and ECPrivateKeySpec are used to hold the material for the public and private keys respectively.
As you can see the first step is identical to that used for the KeyGenerator, except this time the ECParameterSpec is used to create an ECPrivateKeySpec containing the private value and the parameters, and an ECPublicKeySpec containing the public point and the curve parameters.
These can then be passed to a KeyFactory as follows:
and the resulting keys can then be used as the ones produced by the KeyPairGenerator were.
With Named Curves
As with the key pair generation example, if you know the curve associated with the keys you have been given is for a named curve, you can replace the construction of the ECParmeterSpec above with a named curve lookup using one of the named curve tables from org.bouncycastle.jce.
If you are using JDK 1.5 or later there is local support in the JDK for generation of elliptic curve keys.
Key Pair Generation
With Explicit Parameters
If you're using explicit parameters to generate keys:
With Named Curves
The JDK also supports the use of Named Curves using the ECGenParameterSpec, which simply passes the name of the curve to the provider for interpretation. For example to use the X9.62 curve prime192v1 with the Bouncy Castle provider to generate an Elliptic Curve key pair the code would look something like the following:
Using a KeyFactory
With Explicit Parameters
As can be seen in the following code, the explicit parameters case for JDK 1.5 follows the same steps as for the Bouncy Castle provider as can be seen in the following code:
The one difference of note is the use of the ECPointUtil
class to handle an encoded point. The is a Bouncy Castle specific class which can be used to convert point encodings into JDK ECPoint objects. In the case where the point would have been added from its base BigInteger
objects the following code could replace the call the ECPointUtil
:
With Named Curves
This case isn't actually directly supported in the JDK. Bouncy Castle does provide a helper class org.bouncycastle.jce.spec.ECNamedCurveSpec
which can be used to wrap the return value from the named curve tables provided in org.bouncycastle.jce
:
- Available Algorithms
- Version 1 Certificate Creation
- Version 3 Certificate Creation
- Certificate Extensions
Note: this document now refers to an out of date version of the APIs. Please see the version 2 document.
The Bouncy Castle APIs have support for creating two kinds of X.509 certificates - version 1 and version 3 - as well as PKCS10 certification requests. Version 1 certificates are generally only used to create root certificates, version 3 certificates are used elsewhere as the extension facility they support is used to help validate both the certificate and the use it is being put to. A fuller description of this and all it entails can be found in RFC 3280.
The classes for generating certificates are:
and the class for generating PKCS10 certification requests is:
Older versions of the X.509 certificate generator classes also appear in the org.bouncycastle.jce
package. They are deprecated and should not be used.
DSA
DSA currently just supports SHA-1. The following value can be used in place of the variable signatureAlgorithm
in the examples below:
- SHA1withDSA
Elliptic Curve (ECDSA)
ECDSA is support with both the SHA-1 and SHA-2 family of digest algorithms. The following values can be used in place of the variable signatureAlgorithm
in the examples below:
- SHA1withECDSA
- SHA224withECDSA
- SHA256withECDSA
- SHA384withECDSA
- SHA512withECDSA
Astute readers will probably realise at this point that given a 239 bit ECDSA key and a 512 bit hash, about 280 of the hash bits are going to be without a home in the signature as the hash can be no longer than the order N of the key. In this case the hash is truncated by losing the excess right most bits of it, so you can still use the larger hash algorithm, but it will be shortened.
GOST
Pgp Key Gen
The algorithms GOST3410-94 and GOST3410-2001 are supported for certificate signing. The following value can be used in place of signatureAlgorithm
in the examples below:
- GOST3411withGOST3410
- GOST3411withECGOST3410
RSA
A variety of digests can be used to sign certificates using the RSA algorithm. The following value can be used in place of the variable signatureAlgorithm
in the examples below:
- MD2withRSA
- MD5withRSA
- SHA1withRSA
- SHA224withRSA
- SHA256withRSA
- SHA384withRSA
- SHA512withRSA
- RIPEMD128withRSA
- RIPEMD160withRSA
- RIPEMD256withRSA
Creating a self signed version 1 certificate
We use the X509V1CertificateGenerator to create the version 1 certificate. As version 1 certificates have no extensions creating them is fairly straight forward:
where the resulting certificate cert
is a self-signed certificate that can be verified using the public key it contains and the algorithm defined in signatureAlgorithm.
Before looking at creation of version 3 certificates it is worth having a brief look at certificate extensions. This is a facility that was added in X.509 version 3 and a lot of the flexibility that Version 3 certificates provide derive from it.
Certificate Extensions
Extensions have a variety of uses and are used for identifying both the certificate and the CA certificate it depends on as well as determining what usages the certificate is valid for. While there are a range of standard extensions, in some case people even make up their own if it suits their organisation.
The basic api support for extensions in the Bouncy Castle Package is provided by the org.bouncycastle.asn1.x509 package, most particulary the X509Extension
and X509Extensions
classes, the first acting as a carrier for individual extensions and the second which acts as a container for the ones found in a certificate. The X509Extensions
class also provides definitions for the ASN.1 object identifiers associated with most common extensions.
The more common extensions are described below, they are all defined in RFC 3280. Norton 360 license key generator.
AuthorityKeyIdentifier
The AuthorityKeyIdentifier extension provides a means for identifying the issuer of the certificate. You can think of it as the equivalent to a pointer to the parent certificate. It is covered in section 4.2.1.1 of RFC 3280.
The Bouncy Castle APIs include a helper class for creating or containing this extension. It can be found in the org.bouncycastle.x509.extension
package and is called AuthorityKeyIdentifierStructure. The extension can be identified in a certificate by the object identifier given in X509Extensions.AuthorityKeyIdentifier
.
Given a parent certificate, caCert
, that you want to be referred to by the AuthorityKeyIdentifier extension, a standard version of the extension can be generated as follows:
This will create an AuthorityKeyIdentifier extension which is populated with the issuer name, serial number of the certificate, and the standard key identifier, based on the SubjectKeyIdentifier extension of caCert if caCert contains the extension. If the SubjectKeyIdentifier is not present the key identifier is calculated using the standard method, a SHA-1 hash of the public key data which is defined in RFC 3280.
BasicConstraints
The BasicConstraints identifies whether the certificate is that of a CA, and optionally it indicates how many certificates after the next one can follow it in the certificate path. It is covered in section 4.2.1.10 of RFC 3280 and is identified in a certificate by the object identifier given in X509Extensions.BasicConstraints
.
The following fragment shows how to create one which indicates that the certificate containing it is a CA and that only one certificate can follow in the certificate path.
ExtendedKeyUsage
ExtendedKeyUsage is an extension which restricts a certificate to a specific usage, given by the object identifiers it contains which are KeyPurposeIds. It is covered in section 4.2.1.13 of RFC 3280. The extension can be identified in a certificate by the object identifier given in X509Extensions.ExtendedKeyUsage
.
The example below shows the creation of one using the special KeyPurposeId anyExtendedKeyUsage:
You'll run into this extension in a few places, two of the most popular being TSP and OCSP, where the ExtendedKeyUsage extension is used to specifically mark the certificate for a single purpose.
KeyUsageExtension
This extension is also used to restrict the purposes that a certificate can be put to. The extension is discussed in section 4.2.1.3 of RFC 3280, but briefly it should always be marked critical if used and it must appear in Version 3 certificates used to validate digital signatures on other certificates and CRLs. The extension can be identified in a certificate by the object identifier given in X509Extensions.KeyUsage
.
The following code fragment gives an example of how to create one for this purpose:
SubjectAlternativeName
In the most common case the SubjectAlternativeName extension is used to associate other names, such as email addresses with the DN giving the subject of the certificate. The extension is discussed in section 4.2.1.7 of RFC 3280 and can be identified in a certificate by the object identifier given in X509Extensions.SubjectAlternativeName
.
Bouncy Castle Encryption
SubjectKeyIdentifier
The SubjectKeyIdentifier provides another means of identifying that a certificate contains a particular public key. It is covered in section 4.2.1.2 of RFC 3280. The extension can be identified in a certificate by the object identifier given in X509Extensions.SubjectKeyIdentifier
.
The Bouncy Castle APIs include a helper class for creating or containing this extension. It can be found in the org.bouncycastle.x509.extension
package and is called SubjectKeyIdentifierStructure
. Given a public key, publicKey, that needs to be identified as belonging to a particular certificate, a SubjectKeyIdentifier extension can be created as follows:
Pgp Freeware
Creating a version 3 certificate
Bouncy Castle Pgp Key Generation Software
Construction of a version 3 certificate has a couple of difference from a version 1 certificate. Generally a version 3 certificate has a parent certificate so the issuer is not the same as the subject, and they normally also require extensions if you're planning to use them in conjunction with path validation APIs and storage mechanisms such as PKCS12.
The addExtension()
method contains the code that was used in the previous examples to create an X509Extension
object.
Certification Requests are simply made via a constructor using the org.bouncycastle.jce.PKCSCertificationRequest
class. In the simplest case, a certification request which just includes a principal and a public key a request can be constructed as follows:
The null parameter is actually reserved for an ASN.1 SET that can be used to pass in attributes for the certification request. The most common one of these is the extensionRequest attribute defined in PKCS#9, which is used to include extensions that are to be added to the certificate generated by the CA that processes the request.
Creation of the extensionRequest attribute isn't exactly a high point in using the Bouncy Castle APIs, however while it is a bit fiddly to do, it does work! One simple case, that of including an email address in the SubjectAlternative name extension in the certificate generated from the request is done as follows:
On the upside, adding extra extensions to the certification request is just a matter of adding extra oids and extension objects to the oids and values Vector objects respectively.
The created attribute is then added to the construction of the PKCS10 certification request by wrapping it in an ASN.1 SET and passing it as an argument as follows:
A conforming CA will then return a certificate which incorporates the SubjectAlternativeName extension as well as whatever extensions are appropriate for the certificate it issues.