GordianKnot
Parent Project
Modules
Project Documentation
Asymmetric functions are supported via the GordianKeyPairFactory interface.
GordianKnot supports most Asymmetric algorithms that are available from BouncyCastle through the JCA.
A keyPairGenerator can be created for a KeyPairSpec (algorithm plus additional configuration) This will allow generation of a random keyPair plus translation to/from PKCS8/X509 encodings, and combines the role of KeyPairGenerator and KeyFactory in JCA.
The various algorithms support Signature/Encryption/Agreement as available
JCA supports all algorithms
Algorithms are represented by GordianKeyPairSpec. A GordianKeyPairGenerator is obtained via the keySpec, and then keyPairs are generated or derived by the generator. The keyPair may be publicOnly if only the public key is known.
/* Access factory */
final GordianFactory myBaseFactory = GordianGenerator.createFactory();
final GordianKeyPairFactory myKeyPairFactory = myBaseFactory.getKeyPairFactory();
/* Access keyPairGenerator */
final GordianKeyPairSpec mySpec = GordianKeyPairSpec.rsa(GordianRSAModulus.MOD2048);
final GordianKeyPairGenerator myGenerator = myKeyPairFactory.getKeyPairGenerator(mySpec);
final GordianKeyPair myPair = myGenerator.generateKeyPair();
/* Access encodings */
final PKCS8EncodedKeySpec myPKCS8 = myGenerator.getPKCS8Encoding(myPair);
final X509EncodedKeySpec myX509 = myGenerator.getX509Encoding(myPair);
/* Derive publicOnly KeyPair */
final GordianKeyPair myPublicOnly = myGenerator.derivePublicOnlyKeyPair(myX509);
/* Derive full keyPair */
final GordianKeyPair myDerived = myGenerator.deriveKeyPair(myX509, myPKCS8);
The following asymmetric algorithms and variants are supported.
| Algorithm | Variants |
|---|---|
| RSA | Modulus 1024, 1536, 2048, 3072, 4096, 6144, 8192 |
| DSA | Modulus 1024, 2048, 3096 |
| DiffieHellman | rfc2409_1024, rfc3526_1536, rfc3526_2048, rfc3526_3072, rfc3526_4096, rfc3526_6144, rfc3526_8192, rfc7919_ffdhe2048, rfc7919_ffdhe3072, rfc7919_ffdhe4096, rfc7919_ffdhe6144, rfc7919_ffdhe8192 |
| ElGamal | rfc2409_1024, rfc3526_1536, rfc3526_2048, rfc3526_3072, rfc3526_4096, rfc3526_6144, rfc3526_8192, rfc7919_ffdhe2048, rfc7919_ffdhe3072, rfc7919_ffdhe4096, rfc7919_ffdhe6144, rfc7919_ffdhe8192 |
| EC | sect571k1, sect571r1, secp521r1, sect409k1, sect409r1, secp384r1, sect283k1, sect283r1, secp256k1, secp256r1, sect239k1, sect233k1, sect233r1, secp224k1, secp224r1, sect193r1, sect193r2, secp192k1, secp192r1, sect163k1, sect163r1, sect163r2, secp160k1, secp160r1, secp160r2, sect131r1, sect131r2, secp128r1, secp128r2, sect113r1, sect113r2, secp112r1, secp112r2, prime239v1, prime239v2, prime239v3, prime192v2, prime192v3, c2tnb431r1, c2pnb368w1, c2tnb359v1, c2pnb304w1, c2pnb272w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2pnb208w1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2pnb176w1, c2pnb163v1, c2pnb163v2, c2pnb163v3, brainpoolP512r1, brainpoolP512t1, brainpoolP384r1, brainpoolP384t1, brainpoolP320r1, brainpoolP320t1, brainpoolP256r1, brainpoolP256t1, brainpoolP224r1, brainpoolP224t1, brainpoolP192r1, brainpoolP192t1, brainpoolP160r1, brainpoolP160t1 |
| DSTU4145 | Curves 1-9 |
| GOST2012 | Tc26-Gost-3410-12-512-paramSetA,B,C Tc26-Gost-3410-12-256-paramSetA |
| SM2 | sm2p256v1, wapip192v1 |
| EdDSA | Curve25519, Curve448 |
| XDH | Curve25519, Curve448 |
| SPHINCSPLUS | (SHA, SHAKE, HARAKA) * (128, 192, 256) * (FS, SS, FR, SR) |
| XMSS | (SHA256, SHA512, SHAKE128, SHAKE256) * XMSS(H12, H16, H20) or XMSS^MT(H20, H40, H60) |
| LMS | SIG(H5,H10,H25,H20,H25) * OTS(W1,W2,W4,W8) |
| HSS(LMS * DEPTH(2..8) | |
| CMCE | (BASE, PIVOT) * (3488, 4608, 6688, 6960, 8192) |
| FRODO | (AES, SHAKE) * (19888, 31296, 43088) |
| SABER | (LIGHT, BASE, FIRE) * (128, 192, 256) |
| KYBER | 512, 768, 1024 |
| DILITHIUM | 2, 3, 5 |
| NTRU | HPS509, HPS677, HPS821, HPS1229, HRSS701, HRSS1373 |
| NTRUPRIME | (NTRUL, SNTRU) * (653, 761, 857, 953, 1013, 1277) |
| BIKE | 128, 192, 256 |
| FALCON | 512. 1024 |
| HQC | 128, 192, 256 |
| PICNIC | (L1, L3, L5) * (FS, UR, FULL, 3) |
Composite keyPairs can be created as a list of different keyPairs. These composite keyPairs can be used for signatures/agreements/encryption as long as each individual component keyPair can be used for the operation. The only restrictions are that there must be at least two keyPairs and that all keyPairs must be of a different type
/* Access factory */
final GordianFactory myBaseFactory = GordianGenerator.createFactory();
final GordianKeyPairFactory myKeyPairFactory = myBaseFactory.getKeyPairFactory();
/* Access keyPairGenerator */
final GordianKeyPairSpec mySpec = GordianKeyPairSpec.composite(GordianKeyPairSpec.rsa(GordianRSAModulus.MOD2048),
GordianKeyPairSpec.elGamal(GordiaDHGroup.rfc7919_ffdhe2048));
final GordianKeyPairGenerator myGenerator = myKeyPairFactory.getKeyPairGenerator(mySpec);
final GordianKeyPair myPair = myGenerator.generateKeyPair();
/* Access encodings */
final PKCS8EncodedKeySpec myPKCS8 = myGenerator.getPKCS8Encoding(myPair);
final X509EncodedKeySpec myX509 = myGenerator.getX509Encoding(myPair);
/* Derive publicOnly KeyPair */
final GordianKeyPair myPublicOnly = myGenerator.derivePublicOnlyKeyPair(myX509);
/* Derive full keyPair */
final GordianKeyPair myDerived = myGenerator.deriveKeyPair(myX509, myPKCS8);