EC Cryptography Tutorials - Herong's Tutorial Examples

∟EC Cryptography in Java

∟Java Program to Generate EC Keys

This section provides a tutorial example on how to write a Java program to generate EC private-public key pairs.

If you are a Java developer, you can also write a Java program to generate EC private-public key pairs.

Here is my sample Java program that uses java.security.* packages to private-public key pairs with EC or other cryptographic algorithms.

/* JavaKeyPair.java
 * Copyright (c) HerongYang.com. All Rights Reserved.
 */
import java.io.*;
import java.math.*;
import java.security.*;
import java.security.interfaces.*;
class JavaKeyPair {
   public static void main(String[] a) {
      if (a.length<3) {
         System.out.println("Usage:");
         System.out.println("java JavaKeyPair keySize output algorithm");
         return;
      }
      int keySize = Integer.parseInt(a[0]);
      String output = a[1];
      String algorithm = a[2]; // EC, RSA, DSA, ...
      try {
         getKeys(keySize,output,algorithm);
      } catch (Exception e) {
         System.out.println("Exception: "+e);
         return;
      }
   }
   private static void getKeys(int keySize, String output,
         String algorithm) throws Exception {
      KeyPairGenerator kg = KeyPairGenerator.getInstance(algorithm);
      kg.initialize(keySize);
      System.out.println();
      System.out.println("KeyPairGenerator Object Info: ");
      System.out.println("Algorithm = "+kg.getAlgorithm());
      System.out.println("Provider = "+kg.getProvider());
      System.out.println("Key Size = "+keySize);
      System.out.println("toString = "+kg.toString());
      KeyPair pair = kg.generateKeyPair();
      PrivateKey priKey = pair.getPrivate();
      PublicKey pubKey = pair.getPublic();
      String fl = output+".pri";
      FileOutputStream out = new FileOutputStream(fl);
      byte[] ky = priKey.getEncoded();
      out.write(ky);
      out.close();
      System.out.println();
      System.out.println("Private Key Info: ");
      System.out.println("Algorithm = "+priKey.getAlgorithm());
      System.out.println("Saved File = "+fl);
      System.out.println("Size = "+ky.length);
      System.out.println("Format = "+priKey.getFormat());
      System.out.println("toString = "+priKey.toString());
      fl = output+".pub";
      out = new FileOutputStream(fl);
      ky = pubKey.getEncoded();
      out.write(ky);
      out.close();
      System.out.println();
      System.out.println("Public Key Info: ");
      System.out.println("Algorithm = "+pubKey.getAlgorithm());
      System.out.println("Saved File = "+fl);
      System.out.println("Size = "+ky.length);
      System.out.println("Format = "+pubKey.getFormat());
      System.out.println("toString = "+pubKey.toString());
   }
}

Now let's try my sample program with different options.

1. Generate a 256-bit private-public key pairs. The output shows that Java picks the "secp256r1" curve.

herong> java JavaKeyPair 256 1st_ec EC

KeyPairGenerator Object Info:
Algorithm = EC
Provider = SunEC version 17
Key Size = 256
toString = java.security.KeyPairGenerator$Delegate@6d5380c2

Private Key Info:
Algorithm = EC
Saved File = 1st_ec.pri
Size = 67
Format = PKCS#8
toString = sun.security.ec.ECPrivateKeyImpl@3a0141b0

Public Key Info:
Algorithm = EC
Saved File = 1st_ec.pub
Size = 91
Format = X.509
toString = Sun EC public key, 256 bits
  public x coord: 853346207140393763650036399724805522838088855041430...
  public y coord: 745481693560289876495239256879081829182273437238861...
  parameters: secp256r1 [NIST P-256,X9.62 prime256v1] (1.2.840.10045.3.1.7)

herong> dir
  67 1st_ec.pri
  91 1st_ec.pub
  ...

2. Generate a longer private-public key pairs. The output shows that Java picks the "secp521r1" curve.

herong> java JavaKeyPair 521 2nd_ec EC

KeyPairGenerator Object Info:
Algorithm = ec
Provider = SunEC version 17
Key Size = 521
toString = java.security.KeyPairGenerator$Delegate@5ef04b5

Private Key Info:
Algorithm = EC
Saved File = 2nd_ec.pri
Size = 98
Format = PKCS#8
toString = sun.security.ec.ECPrivateKeyImpl@5b7f3667

Public Key Info:
Algorithm = EC
Saved File = 2nd_ec.pub
Size = 158
Format = X.509
toString = Sun EC public key, 521 bits
  public x coord: 518836930523842718148489356314770664342986719875920...
  public y coord: 564229509192138801573886481648145012198584749459934...
  parameters: secp521r1 [NIST P-521] (1.3.132.0.35)

3. Generate a shorter private-public key pairs. Too bad, curve "secp192r1" is not supported.

herong> java JavaKeyPair 192 3rd_ec EC

KeyPairGenerator Object Info:
Algorithm = ec
Provider = SunEC version 17
Key Size = 192
toString = java.security.KeyPairGenerator$Delegate@4459eb14
Exception: java.security.ProviderException: Curve not supported:
  secp192r1 [NIST P-192,X9.62 prime192v1] (1.2.840.10045.3.1.1)

Table of Contents

 About This Book

 Geometric Introduction to Elliptic Curves

 Algebraic Introduction to Elliptic Curves

 Abelian Group and Elliptic Curves

 Discrete Logarithm Problem (DLP)

 Finite Fields

 Generators and Cyclic Subgroups

 Reduced Elliptic Curve Groups

 Elliptic Curve Subgroups

 tinyec - Python Library for ECC

 EC (Elliptic Curve) Key Pair

 ECDH (Elliptic Curve Diffie-Hellman) Key Exchange

 ECDSA (Elliptic Curve Digital Signature Algorithm)

 ECES (Elliptic Curve Encryption Scheme)

►EC Cryptography in Java

 "keytool -keyalg EC" - Generate EC Key Pair

 "keytool -groupname ..." - Select Curve Name

►Java Program to Generate EC Keys

 "Legacy SunEC curve disabled" Error

 EC Curves Supported by Java

 Standard Elliptic Curves

 Terminology

 References

 Full Version in PDF/EPUB

Java Program to Generate EC Keys - Updated in 2022, by Dr. Herong Yang