2

I am currently using Bouncy Castle library (1.45) for the generation of X509 Certificate (i.e. X509V1CertificateGenerator), and now I need to be able to create and import/export a PGP Certificate into/from the keystore. However, I am not seeing any support for the generation of a PGP Certificate in their "openpgp" package.

All I am seeing is PGPKeyRingGenerator, PGPSignatureGenerator. I am open to using another Java library. Thank you very much.

Codrguy
  • 649
  • 1
  • 7
  • 17
  • PGP keys are not called "certificates", hence the problem. Most likely what you need is PGPKeyRingGenerator. – Eugene Mayevski 'Callback Feb 06 '14 at 07:52
  • Thanks. I'd like to be able to generate a PGP Certificate which I can import into the keystore. I can generate public/private PGP keys using PGPKeyRingGenerator, but how can I embed the public key in an actual PGP Certificate? – Codrguy Feb 06 '14 at 23:19
  • Did you read my answer? There exist NO "PGP certificates". PGP doesn't have a concept of "certificates". Read the RFC 4880 on OpenPGP format. – Eugene Mayevski 'Callback Feb 07 '14 at 06:59

1 Answers1

5

Bouncy Castle can do that, you're just mixing up certificates vs. keys, as Eugene suggested.

It's X509 Certificate, and an OpenPGP keypair. Certificates are stored in a certificate store, and OpenPGP keys are stored in a keyring.

If you want to create such a PGP Keypair, see BouncyCastle Example of generating an OpenPGP Keypair.

If you want to import the OpenPGP keypair you generated, you need to deal with a public keyring and a secret keyring (optional, if you have the private part of the key).

To import a foreign key, use PGPPublicKeyRing.insertPublicKey. To import a private key, use PGPSecretKeyRing.insertSecretKey.

Those methods are static, be sure to generate a keyring beforhand (i.e. a certificate-store alike). Furthermore you should read about PGP's or gnupgs basic concecpt, before using these classes.

Benjamin Marwell
  • 1,173
  • 1
  • 13
  • 36