How to generate an 2048-bit DSA key pair for Java?

I tried the following methods to generate a DSA private (and public) key with a 2048-bit key length:

Via keytool

keytool -genkeypair -alias MyKeyPair -keyalg DSA -keysize 2048 -validity 365 -keystore MyKeyStore.ks

Resulting in:

keytool error: java.lang.IllegalArgumentException: Modulus size must range from 512 to 1024 and be a multiple of 64

Via code

KeyPairGenerator keyGen = KeyPairGenerator.getInstance(keyAlgorithm,"BC");
keyGen.initialize(numBits);

Resulting in:

Exception in thread "main" java.security.InvalidParameterException: strength must be from 512 - 1024 and a multiple of 64
    at org.bouncycastle.jcajce.provider.asymmetric.dsa.KeyPairGeneratorSpi.initialize(Unknown Source)
    at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:340)

Above example uses Bouncy Castle's implementation because somewhere I read it should support 2048-bit DSA keys. I also tried the default one with the same error.

I installed the (JCE) Unlimited Strength Jurisdiction Policy Files. According to this output, you would expect large keys should be possible:

System.out.println("DSA Max key length: " + Cipher.getMaxAllowedKeyLength("DSA"));
DSA Max key length: 2147483647

But if you echeck the Keysize Restrictions in the JCE Providers Docs, 1024-bit is the max.

Who can tell if 2048 bit private key simply not supported in Java 7? Or if there is another way to create a key of this size and import it into a Java Keystore?

The Java 8 API gives away it will support bigger keys. So we might need to wait until next year.

Thanks for your reaction. I'm aware of the JCE Unlimited Strength Jurisdiction Policy. As I explained, I already installed it. However, it hasn't removed the 1024-bit limit of the KeyPairGenerator. It seems the KeyPairGenerator itself has a hard limit of 1024 instead of leaving this limit to the specific implementation like Bounty Castle. So point 1 is not the full solution. Point 2 is not a path one would like or should take I think. It might be the only choice, but I would expect there are other workarounds (around JCE for example). For now I choose point 3 and stick to 1024-bit.

@Clouren Would you be willing to take the source code from Bounty Castle and manually change it in order to work? Source is here: bouncycastle.org/latest_releases.html - I just looked over it. It is possible. I would start in the 'bcprov-jdk15on-149\src.zip\org\bouncycastle\crypto\engines' area once you get the source code.

1024 bits is not enough for digital signature algorithms.Bruce Schneier was telling people using that short a key to "wake up" in 2007 - it is long past time to move on to stronger keys. schneier.com/blog/archives/2007/05/307digit_number.html (NB this only applies to RSA, DSA DH and the like which are vulnerable to NFS - other algorithms like ECDSA can use much shorter keys.)

@PaulCrowley isn't Bruce talking about RSA in particular when referring to 1024 bits, i.e. not DSA?

I just tried keytool -genkeypair -alias MyKeyPair -keyalg DSA -keysize 2048 -validity 365 -keystore MyKeyStore.ks using jdk1.8.0_31 and I got: "java.security.InvalidKeyException: Key is too long for this algorithm"

RSA and DSA are pretty much the same strength for the same key length, since NFS works on both of them, as I say above.