Create or import Secret/Public Key Pair

BC Key Manager utility allows you to create your own public/secret key pair. It may be useful if you decide to send your public key to other people so that they will be able to encrypt some information for you using your public key. As soon as you receive the information encrypted by your public key, you can decrypt it using your private key. Any other person, who has not your secret key and does not know the password for it, will not be able to decrypt the information.

It is also possible that you have already had the public/secret key pair generated earlier, for example, with a help of the Pretty Good Privacy (PGP) software. Since BC Key Manager understands a number of formats, you can import the key pair from the file created by other software.

To create or import your public/secret key pair, run the Generate New Public/Secret Pair command from the Key menu in the BC Key Manager utility. The following window will appear:

In the BC Key Manager window select Generate new private key if you wish to create new key pair or the Import existing private key option if you want to use existing key pair you have created earlier using BC Key Manager or some other program.

When BC Key Manager finishes the key pair generating process, it can do all or some of the selected actions depending on the options you choose in the first BC Key Manager window:

• Create file with your secret key in PKCS#12 format. The key will be protected by password and you can save the file in any place you wish for later use or backup purposes.
• Create file with your public key in X.509 format. As soon as you create such file, you can send it to other people so that they will be able to send encrypted information to you (as it was mentioned in the beginning of the chapter).
• If you create new key pair or import existing one, Key Manager will save it in its Local Key Database if the
  Local Public/Secret Key Database option is set.
• The key pair can also be saved in a separate file in internal BC Key Manager format for backup purposes if you select the Files chosen later option.

After selecting all the option you want, press the Next>> button in the BC Key Manager window. The following window will appear:

In the Create Secret packet window you can choose the settings for creation a secret key for you. The program shows the field you must fill in drawn by red color and it means that the user should enter some strings into the fields:

• Friendly name. It is the information that will be used to identify your public key among the keys of other people. For example, if you enter the 'John Smith - JohnSmith@my_email.com' string, your friend can easily find your public key in the list of public keys of other people he/she has on his/her computer.
• Password and Confirm password. Enter a password for your secret key into the Password field and enter the same password again into the Confirm password field again to verify that you have typed a correct password. The password will protect your secret key so that if even someone steals a file with your secret key, the intruder will not be able to use the file to decrypt information, encrypted by your public key.

It is also recommended to pay attention to the Key Size field in the Create secret packet dialog window. Public/secret key algorithm can be used with different key sizes and it is recommended to use the algorithm with key size equal to at least 2048 bits.

If you press Next>> button, the Create Certificate window will appear. Certificate(as it is understood in the context of the public/secret key encryption technology) is the file with text information about your public key. Since you are going to send the public key to other people for using it on other computers with probably other software, information about your public key should be sent together with other technical information, like name of the encryption and secure hash algorithms, key size, format of the file where the key is stored and other.

The Create Certificate window shows you the information, which will be stored in the certificate file created for your public key. Please note that you should enter the information required in the Subject field. When you double-click on the field and start to edit it, the Get certificate subject dialog window will appear.

The dialog window contains a number of fields you may fill in to identify your public key among thousands of public keys created by other people. Please note that entering such information is specific for the BC Key Manager software only. It is a common practice for software that uses public/secret key technology and conforming the X.509 standard. You can fill in not all the fields in the Get certificate subject dialog window, but BC Key Manager requires the information be entered to at least one field of the window.

After entering the information press the OK button in the Get certificate subject window, and then Create button in the Create Certificate window. After that BC Key Manager will generate a public/secret key pair for you and save it to your Local Public/Secret Key Database.