11package org .bouncycastle .openpgp .operator ;
22
3+ import org .bouncycastle .bcpg .PublicKeyAlgorithmTags ;
34import org .bouncycastle .openpgp .PGPException ;
45import org .bouncycastle .openpgp .PGPKeyPair ;
56
@@ -26,7 +27,7 @@ public PGPKeyPairGenerator(int version, Date creationTime, SecureRandom random)
2627 * A primary key MUST use a signing-capable public key algorithm.
2728 *
2829 * @return primary key pair
29- * @throws PGPException
30+ * @throws PGPException if the key pair cannot be generated
3031 */
3132 public PGPKeyPair generatePrimaryKey ()
3233 throws PGPException
@@ -39,7 +40,7 @@ public PGPKeyPair generatePrimaryKey()
3940 * An encryption subkey MUST use an encryption-capable public key algorithm.
4041 *
4142 * @return encryption subkey pair
42- * @throws PGPException
43+ * @throws PGPException if the key pair cannot be generated
4344 */
4445 public PGPKeyPair generateEncryptionSubkey ()
4546 throws PGPException
@@ -52,38 +53,116 @@ public PGPKeyPair generateEncryptionSubkey()
5253 * A signing subkey MUST use a signing-capable public key algorithm.
5354 *
5455 * @return signing subkey pair
55- * @throws PGPException
56+ * @throws PGPException if the key pair cannot be generated
5657 */
5758 public PGPKeyPair generateSigningSubkey ()
5859 throws PGPException
5960 {
6061 return generateEd25519KeyPair ();
6162 }
6263
64+ /**
65+ * Generate a RSA key pair with the given bit-strength.
66+ * It is recommended to use at least 2048 bits or more.
67+ * The key will be generated over the default exponent <pre>65537</pre>.
68+ * RSA keys are deprecated for OpenPGP v6.
69+ *
70+ * @param bitStrength strength of the key pair in bits
71+ * @return rsa key pair
72+ * @throws PGPException if the key pair cannot be generated
73+ */
6374 public PGPKeyPair generateRsaKeyPair (int bitStrength )
6475 throws PGPException
6576 {
6677 return generateRsaKeyPair (BigInteger .valueOf (0x10001 ), bitStrength );
6778 }
6879
80+ /**
81+ * Generate a RSA key pair with the given bit-strength over a custom exponent.
82+ * It is recommended to use at least 2048 bits or more.
83+ * RSA keys are deprecated for OpenPGP v6.
84+ *
85+ * @param exponent RSA exponent <pre>e</pre>
86+ * @param bitStrength strength of the key pair in bits
87+ * @return rsa key pair
88+ * @throws PGPException if the key pair cannot be generated
89+ */
6990 public abstract PGPKeyPair generateRsaKeyPair (BigInteger exponent , int bitStrength )
7091 throws PGPException ;
7192
93+ /**
94+ * Generate an elliptic curve signing key over the twisted Edwards curve25519.
95+ * The key will use {@link PublicKeyAlgorithmTags#Ed25519} which was introduced with RFC9580.
96+ * For legacy Ed25519 keys use {@link #generateLegacyEd25519KeyPair()}.
97+ *
98+ * @see <a href="https://www.rfc-editor.org/rfc/rfc9580.html#name-public-key-algorithms">
99+ * RFC9580 - Public Key Algorithms</a>
100+ * @return Ed25519 key pair
101+ * @throws PGPException if the key pair cannot be generated
102+ */
72103 public abstract PGPKeyPair generateEd25519KeyPair ()
73104 throws PGPException ;
74105
106+ /**
107+ * Generate an elliptic curve signing key over the twisted Edwards curve448.
108+ * The key will use {@link PublicKeyAlgorithmTags#Ed448} which was introduced with RFC9580.
109+ *
110+ * @see <a href="https://www.rfc-editor.org/rfc/rfc9580.html#name-public-key-algorithms">
111+ * RFC9580 - Public Key Algorithms</a>
112+ * @return Ed448 signing key pair
113+ * @throws PGPException if the key pair cannot be generated
114+ */
75115 public abstract PGPKeyPair generateEd448KeyPair ()
76116 throws PGPException ;
77117
118+ /**
119+ * Generate an elliptic curve Diffie-Hellman encryption key over curve25519.
120+ * THe key will use {@link PublicKeyAlgorithmTags#X25519} which was introduced with RFC9580.
121+ * For legacy X25519 keys use {@link #generateLegacyX25519KeyPair()} instead.
122+ *
123+ * @see <a href="https://www.rfc-editor.org/rfc/rfc9580.html#name-public-key-algorithms">
124+ * RFC9580 - Public Key Algorithms</a>
125+ * @return X25519 encryption key pair
126+ * @throws PGPException if the key pair cannot be generated
127+ */
78128 public abstract PGPKeyPair generateX25519KeyPair ()
79129 throws PGPException ;
80130
131+ /**
132+ * Generate an elliptic curve Diffie-Hellman encryption key over curve448.
133+ * THe key will use {@link PublicKeyAlgorithmTags#X448} which was introduced with RFC9580.
134+ *
135+ * @see <a href="https://www.rfc-editor.org/rfc/rfc9580.html#name-public-key-algorithms">
136+ * RFC9580 - Public Key Algorithms</a>
137+ * @return X448 encryption key pair
138+ * @throws PGPException if the key pair cannot be generated
139+ */
81140 public abstract PGPKeyPair generateX448KeyPair ()
82141 throws PGPException ;
83142
143+ /**
144+ * Generate a legacy elliptic curve signing key pair over the twisted Edwards curve25519.
145+ * Legacy keys have good application support, but MUST NOT be used as OpenPGP v6 keys.
146+ * The key will use {@link PublicKeyAlgorithmTags#EDDSA_LEGACY} as algorithm ID.
147+ * For OpenPGP v6 (RFC9580) use {@link #generateEd25519KeyPair()} instead.
148+ *
149+ * @see <a href="https://datatracker.ietf.org/doc/html/draft-koch-eddsa-for-openpgp-04">
150+ * Legacy Draft: EdDSA for OpenPGP</a>
151+ * @return legacy Ed25519 key pair
152+ * @throws PGPException if the key pair cannot be generated
153+ */
84154 public abstract PGPKeyPair generateLegacyEd25519KeyPair ()
85155 throws PGPException ;
86156
157+ /**
158+ * Generate a legacy elliptic curve Diffie-Hellman encryption key pair over curve25519.
159+ * Legacy keys have good application support, but MUST NOT be used as OpenPGP v6 keys.
160+ * The key will use {@link PublicKeyAlgorithmTags#ECDH} as algorithm ID.
161+ * For OpenPGP v6 (RFC9580) use {@link #generateX25519KeyPair()} instead.
162+ *
163+ * @return legacy X25519 key pair
164+ * @throws PGPException if the key pair cannot be generated
165+ */
87166 public abstract PGPKeyPair generateLegacyX25519KeyPair ()
88167 throws PGPException ;
89168}
0 commit comments