http://www.bouncycastle.org/java.html: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.
  • The Legion of the Bouncy Castle Inc. 
package org.bouncycastle.pqc.crypto.xmss;

import java.security.SecureRandom;

import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.KeyGenerationParameters;


Key pair generator for XMSS keys.

/**
 * Key pair generator for XMSS keys.
 */
public final class XMSSKeyPairGenerator
{
    private XMSSParameters params;
    private SecureRandom prng;

    
Base constructor...

/**
     * Base constructor...
     */
    public XMSSKeyPairGenerator()
    {
    }

    public void init(
        KeyGenerationParameters param)
    {
        XMSSKeyGenerationParameters parameters = (XMSSKeyGenerationParameters)param;

        this.prng = parameters.getRandom();
        this.params = parameters.getParameters();
    }

    
Generate a new XMSS private key / public key pair.

/**
     * Generate a new XMSS private key / public key pair.
     */
    public AsymmetricCipherKeyPair generateKeyPair()
    {
        /* generate private key */
        XMSSPrivateKeyParameters privateKey = generatePrivateKey(params, prng);
        XMSSNode root = privateKey.getBDSState().getRoot();

        privateKey = new XMSSPrivateKeyParameters.Builder(params)
            .withSecretKeySeed(privateKey.getSecretKeySeed()).withSecretKeyPRF(privateKey.getSecretKeyPRF())
            .withPublicSeed(privateKey.getPublicSeed()).withRoot(root.getValue())
            .withBDSState(privateKey.getBDSState()).build();

        XMSSPublicKeyParameters  publicKey = new XMSSPublicKeyParameters.Builder(params).withRoot(root.getValue())
            .withPublicSeed(privateKey.getPublicSeed()).build();

        return new AsymmetricCipherKeyPair(publicKey, privateKey);
    }

    
Generate an XMSS private key.

Returns:XMSS private key.
/**
     * Generate an XMSS private key.
     *
     * @return XMSS private key.
     */
    private XMSSPrivateKeyParameters generatePrivateKey(XMSSParameters params, SecureRandom prng)
    {
        int n = params.getDigestSize();
        byte[] secretKeySeed = new byte[n];
        prng.nextBytes(secretKeySeed);
        byte[] secretKeyPRF = new byte[n];
        prng.nextBytes(secretKeyPRF);
        byte[] publicSeed = new byte[n];
        prng.nextBytes(publicSeed);

        XMSSPrivateKeyParameters privateKey = new XMSSPrivateKeyParameters.Builder(params).withSecretKeySeed(secretKeySeed)
            .withSecretKeyPRF(secretKeyPRF).withPublicSeed(publicSeed)
            .withBDSState(new BDS(params, publicSeed, secretKeySeed, (OTSHashAddress)new OTSHashAddress.Builder().build())).build();

        return privateKey;
    }
}