Bouncy Castle RSA keypair generation using Lightweight API

Surprisingly enough there's very little information on the Web about using Bouncy Castle's lightweight API. After looking around for a while I was able to put together a basic example:

RSAKeyPairGenerator generator = new RSAKeyPairGenerator(); generator.init(new RSAKeyGenerationParameters ( new BigInteger("10001", 16),//publicExponent SecureRandom.getInstance("SHA1PRNG"),//prng 1024,//strength 80//certainty )); AsymmetricCipherKeyPair keyPair = generator.generateKeyPair();

I have a basic understanding of RSA and the math that happens behind the scenes, so I understand what publicExponent and strength are. I presume publicExponent refers to a coprime of phi(pq) and from what I gather it can be small (like 3) as long as appropriate padding is used. However, I have no idea what certainty refers to (some place mentioned that it might refer to a percentage but I want to be sure). The use of SecureRandom is self-explanatory. The documentation of RSAKeyGenerationParameters is completely worthless (no surprise there). My only guess is that it has something to do with the accuracy of the generated keys, but again I want to be sure. So my question is what are appropriate values for certainty and publicExponent?

P.S. Please don't reply with "it depends on the context - how secure you want the information to be". It's pretty safe to assume highest degree of security (i.e. 4096-bit RSA key or greater) unless otherwise specified... I would also appreciate links to sources that give good example of the use of Bouncy Castle's Lightweight API (I'm not at all interested in the JCA implementation or any examples pertaining to it).

-------------Problems Reply------------

You are using correct values for both.

The publicExponent should be a Fermat Number. 0x10001 (F4) is current recommended value. 3 (F1) is known to be safe also.

The RSA key generation requires prime numbers. However, it's impossible to generate absolute prime numbers. Like any other crypto libraries, BC uses probable prime numbers. The certainty indicate how certain you want the number to be prime. Anything above 80 will slow down key generation considerably.

Please note that RSA algorithm still works in the unlikely event that the prime number is not true prime because BC checks for relative primeness.

I'd have to delve into their source code to be "certain", but I believe that the certainty parameter is passed straight to the BigInteger constructor, which says, "The probability that the new BigInteger represents a prime number will exceed (1 - 1/2certainty). The execution time of this constructor is proportional to the value of this parameter."

So, with a value of 80, there is less than 1 chance in 280 that the number will not be prime. The comment suggests that the prime number generation time is linear with respect to this parameter, but you should test that to be sure if you choose to increase it. It might make sense to use a value that is consistent with the key size you are using. For example, NIST says that a 1024-bit RSA key is as strong as an 80-bit symmetric key. For a 2048-bit RSA key, you might want to use a certainty of 112 bits (the equivalent strength symmetric key size), and so on.

It sounds like you are aware of the vulnerability of using 3 as the public exponent in special cases. The value 65537 is used almost universally now.

A good reference is FIPS PUB 186-3. In particular, appendix B section 3 has many security parameters, as well as prime generation algorithms.certainty is the number of iterations of the Miller-Rabin primality test.

See this answer on crypto.stackexchange.com for more information on how your value of certainty should be calculated.

Preview of Paŭlo Ebermann's answer:

Certainty of x bits means that the probability that something (in this case p being prime) not being true is smaller than 2−x. This is the same probability as guessing a random x-bit value correctly on the first try, hence the name.

How to select x? We want the probability of p (and q) not being prime to be small enough that a failure probability in this point is not larger than other ways the system could be broken - like guessing a symmetric key, factoring the modulus etc.

So here a correspondence table of symmetric and asymmetric key sizes should help. http://www.keylength.com/ Pick the same prime certainty as you would pick an symmetric key size accompanying your public key usage.

Category:java Views:3 Time:2010-06-21

Related post

  • Using Bouncy Castle RSA Java 2011-10-29

    I need help using Bouncy Castle RSA Libraries for a school assignment, but it looks very complicated and I'm trying to learn and need some guidance. For my assignment I need to just generate a public and private key. Then encrypt a block of message a

  • Android RSA Keypair Generation - Should I use Standard Java/Bouncy Castle/Spongy Castle/JSch/Other? 2012-04-01

    I've been looking around for about a week+ to implement a method I have in mind. I have came across (and read) many articles on all of these different methods, but I am still left confused, so I was hoping maybe someone can spread their knowledge of

  • Bouncy Castle, RSA : transforming keys into a String format 2011-02-23

    iam using RSA(Bouncy Castle API) in my c# porject. Igenerated the keypair with this method RsaKeyPairGenerator r = new RsaKeyPairGenerator(); r.Init(new KeyGenerationParameters(new SecureRandom(), 1024)); AsymmetricCipherKeyPair keys = r.GenerateKeyP

  • RSA keypair generation and storing to keystore 2011-03-10

    I am tryng to generate RSA keypair and to store it on the HSM keystore. The code i have right now looks like this: String configName = "C:\\eTokenConfig.cfg"; Provider p = new sun.security.pkcs11.SunPKCS11(configName); Security.addProvider(p); // Rea

  • How to properly use Bouncy Castle's OAEPEncoding for RSA (Lightweight API) 2010-06-23

    I've been playing around with Bouncy Castle's implementation of RSA (Lightweight API) and got the basics figured out. Looking at their spec for JCE provider implementation I noticed that different padding schemes can be used with RSA. From what I und

  • How to use Bouncy Castle lightweight API with AES and PBE 2010-06-02

    I have a block of ciphertext that was created using the JCE algorithim "PBEWithSHA256And256BitAES-CBC-BC". The provider is BouncyCastle. What I'd like to do it decrypt this ciphertext using the BouncyCastle lightweight API. I don't want to use JCE be

  • Problem transmiting a RSA public key, javaME , bouncy castle 2011-01-19

    I'm working on the porting of an instance messaging application from Java to JavaME ,that also implements cryptography. The problem is that I want to send my public key to the server. The desktop client has this code for this job: byte[] encoded_publ

  • Creating a PGP SDA in C# using the bouncy castle API 2011-02-08

    I'm currently writing an application to PGP encrypt files using the Bouncy Castle API (release 1.6.1) in C#. I've managed to get everything working in terms of encrypting and decrypting files using both public/secret key pairs and pass phrases, but o

  • Java security with Bouncy Castle API 2011-03-20

    I want to know whether Bouncy Castle API is good fit for asymmetric encryption in Java. Currently I am doing this with Java's JCE API. Will there be any advantages if I use Bouncy Castle API for asymmetric encryption? --------------Solutions---------

  • How can I install or import Bouncy Castle Cryptography API for Java; ZIP has no .class files; using netbeans ide 2011-11-18

    I'm having some difficulty installing Bouncy Castle for Java (installing is probably not the correct term, here, I understand that). I navigated to their webiste, here, and downloaded version 1.6 of the lightweight API, as a ZIP file. I extracted it

  • RSA Padding with Bouncy Castle on BlackBerry 2011-03-10

    I'm using Bouncy Castle to encrypt strings to send them to my java web service where they are decrypted, when the message reaches the server I get a BadPaddingException, anybody know how to properly add the padding to an RSA Cipher with Bouncy Castle

  • Can the Bouncy Castle cryptography API be used in Android? 2011-08-05

    I am writing an application for the Android platform which makes use of cryptography. Is it possible for the Bouncy Castle cryptography API to be used in Android? --------------Solutions------------- Yes, in fact, it is already partly included (see h

  • Using mutiple keys for Bouncy Castle C# API 2012-01-01

    I am writing a program in C# to encrypt files with a private and public pgp key. I am very new to PGP and C# but I am getting a hang of it. Can some point me in the right direction on how to use Bouncy Castle C# API to use multiple keys. ------------

  • Bouncy Castle key generation extremely slow on Android 2012-03-07

    I have an Android crypto app that's built with Bouncy Castle (actually using Spongy Castle but essentially the same thing). For some reason key generation is EXTREMELY slow (on the order of several minutes). Here is a test method I'm using: @Test pub

  • Sign CSR using Bouncy Castle 2011-08-29

    I cannot find any code/doc describing how to sign a CSR using BC. As input I have a CSR as a byte array and would like to get the cert in PEM and/or DER format. I have gotten this far def signCSR(csrData:Array[Byte], ca:CACertificate, caPassword:Stri

  • Verify a X.509 certificate with Java ME and Bouncy Castle 2010-04-14

    Can anybody point me to an example of verifying a X.509 certificate with Bouncy Castle under Java ME? I can see how to easily do this in Java SE code with java.security.cert.Certificate.verify(), but I could not find an equivalent method in the light

  • bouncy castle provider jar for j2me 2010-12-23

    i'm new both with encryption and j2me. It may be a stupid question but where do i get a provider from bouncy castle to use with j9 vm? Isn't one just like the ones for jdk4,5,6(like bcprov-jdk16-145.jar)? I'm quite confused because as i've seen on bo

  • AES-256 encryption with BouncyCastle Lightweight API 2012-03-04

    I have written some (functional) AES encryption code using Java's built in encryption libraries, as follows, but I'd like to use a 256-bit key. However, I'd like to do this without the user having to install to Unlimited Strength Cryptography Policy

  • Signing Applet with Maven jar plug-in and Bouncy Castle 2010-01-07

    I have a problem with a signed Java applet - specifically, why it is not signed using my certificate. I'm using Maven in Eclipse. The applet (a) allows the user to choose a local file or directory, (b) encrypts the file(s), and (c) uploads the file(s

Copyright (C) dskims.com, All Rights Reserved.

processed in 0.113 (s). 11 q(s)