Java Generate Public Private Key Pair

| 08-05-2021
[RAND-1-100] Comments

The Java Keytool is a command line tool which can generate public key / private key pairs and store them in a Java KeyStore. The Keytool executable is called keytool. And change directory into the bin directory of your Java SDK installation. Type keytool followed by pressing the Enter key. Generating public private key pairs The public and private key are not really keys but rather are really large prime numbers that are mathematically related to one another. Being related in this case means that whatever is encrypted by the public key can only be decrypted by the related private key. Home › Java-Success.com › Java-Sucess.com - 16+ Key Areas › 16+ Key Areas Q&As › Key Area - Security › SSL in Java with Keytool to generate public-private key pair SSL in Java with Keytool to generate public-private key pair. Aug 20, 2012  Generating Key Pairs and Importing Public Key Certificates to a Trusted Keystore. Importing Public Key Certificates to a Trusted Keystore. Now any signature generated using the private key. Java KeyPairGenerator. The Java KeyPairGenerator class (java.security.KeyPairGenerator) is used to generate asymmetric encryption / decryption key pairs. An asymmetric key pair consists of two keys. The first key is typically used to encrypt data. The second key which is used to decrypt data encrypted with the first key. // The bytes can be converted back to public and private key objects KeyFactory keyFactory = KeyFactory. GetInstance(keyAlgorithm); EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec (privateKeyBytes). Nov 01, 2018  The API we use to generate the key pairs is in the java.security package. That’s mean we have to import this package into our code. The class for generating the key pairs is KeyPairGenerator. To get an instance of this class we have to call the getInstance methods by providing two parameters. The first parameter is algorithm and the second parameter is the provider.

PublicThe KeyPairGenerator class is used to generate pairs of public and private keys. Key pair generators are constructed using the getInstance factory methods (static methods that return instances of a given class).

A Key pair generator for a particular algorithm creates a public/private key pair that can be used with this algorithm. It also associates algorithm-specific parameters with each of the generated keys.

There are two ways to generate a key pair: in an algorithm-independent manner, and in an algorithm-specific manner. The only difference between the two is the initialization of the object:

How To Generate Private Key

  • Algorithm-Independent Initialization

    All key pair generators share the concepts of a keysize and a source of randomness. The keysize is interpreted differently for different algorithms (e.g., in the case of the DSA algorithm, the keysize corresponds to the length of the modulus). There is an initialize method in this KeyPairGenerator class that takes these two universally shared types of arguments. There is also one that takes just a keysize argument, and uses the SecureRandom implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of SecureRandom, a system-provided source of randomness is used.)

    Since no other parameters are specified when you call the above algorithm-independent initialize methods, it is up to the provider what to do about the algorithm-specific parameters (if any) to be associated with each of the keys.

    If the algorithm is the DSA algorithm, and the keysize (modulus size) is 512, 768, or 1024, then the Sun provider uses a set of precomputed values for the p, q, and g parameters. If the modulus size is not one of the above values, the Sun provider creates a new set of parameters. Other providers might have precomputed parameter sets for more than just the three modulus sizes mentioned above. Still others might not have a list of precomputed parameters at all and instead always create new parameter sets.

  • Algorithm-Specific Initialization

    For situations where a set of algorithm-specific parameters already exists (e.g., so-called community parameters in DSA), there are two initialize methods that have an AlgorithmParameterSpec argument. One also has a SecureRandom argument, while the the other uses the SecureRandom implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of SecureRandom, a system-provided source of randomness is used.)

In case the client does not explicitly initialize the KeyPairGenerator (via a call to an initialize method), each provider must supply (and document) a default initialization. For example, the Sun provider uses a default modulus size (keysize) of 1024 bits.

Java Generate Public Private Key Pair

Generate Public Private Key Pair Java

Note that this class is abstract and extends from KeyPairGeneratorSpi for historical reasons. Application developers should only take notice of the methods defined in this KeyPairGenerator class; all the methods in the superclass are intended for cryptographic service providers who wish to supply their own implementations of key pair generators.

Every implementation of the Java platform is required to support the following standard KeyPairGenerator algorithms and keysizes in parentheses:

  • DiffieHellman (1024)
  • DSA (1024)
  • RSA (1024, 2048)
These algorithms are described in the KeyPairGenerator section of the Java Cryptography Architecture Standard Algorithm Name Documentation. Consult the release documentation for your implementation to see if any other algorithms are supported.

In order to be able to create a digital signature, you need a private key. (Its corresponding public key will be needed in order to verify the authenticity of the signature.)

Java Generate Public Private Key Pair

In some cases the key pair (private key and corresponding public key) are already available in files. In that case the program can import and use the private key for signing, as shown in Weaknesses and Alternatives.

In other cases the program needs to generate the key pair. A key pair is generated by using the KeyPairGenerator class.

In this example you will generate a public/private key pair for the Digital Signature Algorithm (DSA). You will generate keys with a 1024-bit length.

Generating a key pair requires several steps:

Create a Key Pair Generator

The first step is to get a key-pair generator object for generating keys for the DSA signature algorithm.

As with all engine classes, the way to get a KeyPairGenerator object for a particular type of algorithm is to call the getInstance static factory method on the KeyPairGenerator class. This method has two forms, both of which hava a String algorithm first argument; one form also has a String provider second argument.

A caller may thus optionally specify the name of a provider, which will guarantee that the implementation of the algorithm requested is from the named provider. The sample code of this lesson always specifies the default SUN provider built into the JDK.

Put the following statement after the

line in the file created in the previous step, Prepare Initial Program Structure:

Initialize the Key Pair Generator

The next step is to initialize the key pair generator. All key pair generators share the concepts of a keysize and a source of randomness. The KeyPairGenerator class has an initialize method that takes these two types of arguments.

The keysize for a DSA key generator is the key length (in bits), which you will set to 1024.

The source of randomness must be an instance of the SecureRandom class that provides a cryptographically strong random number generator (RNG). For more information about SecureRandom, see the SecureRandom API Specification and the Java Cryptography Architecture Reference Guide .

The following example requests an instance of SecureRandom that uses the SHA1PRNG algorithm, as provided by the built-in SUN provider. The example then passes this SecureRandom instance to the key-pair generator initialization method.

Some situations require strong random values, such as when creating high-value and long-lived secrets like RSA public and private keys. To help guide applications in selecting a suitable strong SecureRandom implementation, starting from JDK 8 Java distributions include a list of known strong SecureRandom implementations in the securerandom.strongAlgorithms property of the java.security.Security class. When you are creating such data, you should consider using SecureRandom.getInstanceStrong(), as it obtains an instance of the known strong algorithms.

Generate the Pair of Keys

The final step is to generate the key pair and to store the keys in PrivateKey and PublicKey objects.