I do not hold a degree in crypto, so take this with a grain of salt.
You have two major areas of concern here:
Your primes need to be unpredictably random. This means that you need to use a source such as
SecureRandom
to generate your primes. No matter how sure of your primality, if they are predictable, the entire cryptosystem fails to meet its goal. If you are using theBigInteger(int bitLength, int certainty, Random rnd)
constructor, you can pass in yourSecureRandom
as it subclassesRandom
.Your potential primes need to be reasonably certain of being primes (I'm assuming that you are using an algorithm that relies on the hardness of factoring). If you get a probable prime, but an attacker can, with a good probability, factor it within 5 minutes because it had a factor that never got noticed by the primality test you ran, you are somewhat out of luck with your algorithm. Rabin-Miller is generally used, and this answer states that a certainty of 15 is sufficient for 32-bit integers. A value up to 40 is recommended, and anything beyond that is meaningless.