In this example you will generate a public/private key pair for the Digital Signature Algorithm (DSA). You will generate keys with a 1024-bit length. Generating a key pair requires several steps: Create a Key Pair Generator. The first step is to get a key-pair generator object for generating keys for the DSA signature algorithm. Is there a way to create time based OTP with public/private key. Ask Question Asked 2 years, 10 months ago. Please stop referring public key/private key with TOTP as. Time (local-time of client) is used in generation and checking of the OTP itself. Why TOTP-Algorithms are using a symmetric key on the client/device and the server side. Nov 04, 2014 The RSA Encryption Algorithm (2 of 2: Generating the Keys) Eddie Woo. Unsubscribe from Eddie Woo? Public Key Cryptography: RSA Encryption Algorithm - Duration: 16:31.

- Public Private Key Cryptography
- Public Private Key Generation Algorithm Download
- Public Private Key Generation

## What is a public key algorithm?

Public key algorithms use different keys for encryption and decryption, and the decryption key cannot (practically) be derived from the encryption key. Public key methods are important because they can be used for transmitting encryption keys or other data securely even when the parties have no opportunity to agree on a secret key in private.

The encryption key is also called the public key and the decryption key the private key. The security provided by these ciphers is based on keeping the private key secret.

## List of public key algorithms

**Public key algorithms:**

– RSA

– Diffie-Hellman

– Digital Signature Algorithm

– ElGamal

– ECDSA

– XTR

### Public key algorithms

**RSA public key algorithm**

Rivest-Shamir-Adleman is the most commonly used public key algorithm. It can be used both for encryption and for digital signatures. The security of RSA is generally considered equivalent to factoring, although this has not been proved.

RSA computation occurs with integers modulo n = p * q, for two large secret primes p, q. To encrypt a message m, it is exponentiated with a small public exponent e. For decryption, the recipient of the ciphertext c = me (mod n) computes the multiplicative reverse d = e-1 (mod (p-1)*(q-1)) (we require that e is selected suitably for it to exist) and obtains cd = m e * d = m (mod n). The private key consists of n, p, q, e, d (where p and q can be omitted); the public key contains only n and e. The problem for the attacker is that computing the reverse d of e is assumed to be no easier than factorizing n.

The key size should be greater than 1024 bits for a reasonable level of security. Keys of size, say, 2048 bits should allow security for decades.

There are actually multiple incarnations of this algorithm; RC5 is one of the most common in use, and RC6 was a finalist algorithm for AES.

**Diffie-Hellman**

Diffie-Hellman is the first public key encryption algorithm, invented in 1976, using discrete logarithms in a finite field. Allows two users to exchange a secret key over an insecure medium without any prior secrets.

Diffie-Hellman (DH) is a widely used key exchange algorithm. In many cryptographical protocols, two parties wish to begin communicating. However, let’s assume they do not initially possess any common secret and thus cannot use secret key cryptosystems. The key exchange by Diffie-Hellman protocol remedies this situation by allowing the construction of a common secret key over an insecure communication channel. It is based on a problem related to discrete logarithms, namely the Diffie-Hellman problem. This problem is considered hard, and it is in some instances as hard as the discrete logarithm problem.

The Diffie-Hellman protocol is generally considered to be secure when an appropriate mathematical group is used. In particular, the generator element used in the exponentiations should have a large period (i.e. order). Usually, Diffie-Hellman is not implemented on hardware.

**Digital Signature Algorithm**

Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Algorithm (DSA), specified in FIPS 186 [1], adopted in 1993. A minor revision was issued in 1996 as FIPS 186-1 [2], and the standard was expanded further in 2000 as FIPS 186-2 [3]. Digital Signature Algorithm (DSA) is similar to the one used by ElGamal signature algorithm. It is fairly efficient though not as efficient as RSA for signature verification. The standard defines DSS to use the SHA-1 hash function exclusively to compute message digests.

The main problem with DSA is the fixed subgroup size (the order of the generator element), which limits the security to around only 80 bits. Hardware attacks can be menacing to some implementations of DSS. However, it is widely used and accepted as a good algorithm.

**ElGamal**

The ElGamal is a public key cipher – a public key encryption algorithm which is based on the Diffie-Hellman key agreement. ElGamal is the predecessor of DSA.

**ECDSA**

Elliptic Curve DSA (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which operates on elliptic curve groups. As with Elliptic Curve Cryptography in general, the bit size of the public key believed to be needed for ECDSA is about twice the size of the security level, in bits.

**XTR**

XTR is an public-key encryption algorithm. XTR is a novel method that makes use of traces to represent and calculate powers of elements of a subgroup of a finite field. It is based on the primitive underlying the very first public key cryptosystem, the Diffie-Hellman key agreement protocol.

From a security point of view, XTR security relies on the difficulty of solving discrete logarithm related problems in the multiplicative group of a finite field. Some advantages of XTR are its fast key generation (much faster than RSA), small key sizes (much smaller than RSA, comparable with ECC for current security settings), and speed (overall comparable with ECC for current security settings).

**Private key and Public key algorithms difference**

Public key algorithms use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key. Private key algorithms use the same key for Encryption and Decryption.

**Speed of Public key algorithms**

Public key algorithms encrypt and decrypt with different keys. Data is encrypted with a public key, and decrypted with a private key. Public-key algorithms need at least a 3,000-bit key to achieve the same level of security of a 128-bit symmetric algorithm. Public key algorithms are incredibly slow and it is impractical to use them to encrypt large amounts of data. Generally, private key algorithms are much faster to execute on a computer than public key algorithms. In practice they are often used together, so that a public-key algorithm is used to encrypt a randomly generated encryption key, and the random key is used to encrypt the actual message using a private key algorithm.

In order to be able to create a digital signature, you need a private key. (Its corresponding public key will be needed in order to verify the authenticity of the signature.)

In some cases the *key pair* (private key and corresponding public key) are already available in files. In that case the program can import and use the private key for signing, as shown in Weaknesses and Alternatives.

In other cases the program needs to generate the key pair. A key pair is generated by using the `KeyPairGenerator`

class.

In this example you will generate a public/private key pair for the Digital Signature Algorithm (DSA). You will generate keys with a 1024-bit length.

Generating a key pair requires several steps:

Create a Key Pair Generator

The first step is to get a key-pair generator object for generating keys for the DSA signature algorithm.

As with all engine classes, the way to get a `KeyPairGenerator`

object for a particular type of algorithm is to call the `getInstance`

static factory method on the `KeyPairGenerator`

class. This method has two forms, both of which hava a `String algorithm`

first argument; one form also has a `String provider`

second argument.

A caller may thus optionally specify the name of a provider, which will guarantee that the implementation of the algorithm requested is from the named provider. The sample code of this lesson always specifies the default SUN provider built into the JDK.

Put the following statement after the

line in the file created in the previous step, Prepare Initial Program Structure:

Initialize the Key Pair Generator

### Public Private Key Cryptography

The next step is to initialize the key pair generator. All key pair generators share the concepts of a keysize and a source of randomness. The `KeyPairGenerator`

class has an `initialize`

method that takes these two types of arguments.

The keysize for a DSA key generator is the key length (in bits), which you will set to 1024.

### Public Private Key Generation Algorithm Download

The source of randomness must be an instance of the `SecureRandom`

class that provides a cryptographically strong random number generator (RNG). For more information about `SecureRandom`

, see the SecureRandom API Specification and the Java Cryptography Architecture Reference Guide .

The following example requests an instance of `SecureRandom`

that uses the SHA1PRNG algorithm, as provided by the built-in SUN provider. The example then passes this `SecureRandom`

instance to the key-pair generator initialization method.

Some situations require strong random values, such as when creating high-value and long-lived secrets like RSA public and private keys. To help guide applications in selecting a suitable strong `SecureRandom`

implementation, starting from JDK 8 Java distributions include a list of known strong `SecureRandom`

implementations in the `securerandom.strongAlgorithms`

property of the `java.security.Security`

class. When you are creating such data, you should consider using `SecureRandom.getInstanceStrong()`

, as it obtains an instance of the known strong algorithms.

### Public Private Key Generation

Generate the Pair of Keys

The final step is to generate the key pair and to store the keys in `PrivateKey`

and `PublicKey`

objects.