java.lang.Object java.util.Random java.security.SecureRandom
public class SecureRandom
This class provides a cryptographically strong random number generator (RNG).
A cryptographically strong random number minimally complies with the statistical random number generator tests specified in
FIPS 140-2, Security Requirements for Cryptographic Modules
, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in
RFC 1750: Randomness Recommendations for Security
.
This class provides a cryptographically strong random number generator (RNG). Many implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers and yet others may use a combination of both techniques.
A caller typically obtains a SecureRandom instance via one of the getInstance methods:
A cryptographically strong random number minimally complies with the statistical random number generator tests specified in
FIPS 140-2, Security Requirements for Cryptographic Modules
, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output and therefore it is required that the seed material be unpredictable and that output of SecureRandom be cryptographically strong sequences as described in
RFC 1750: Randomness Recommendations for Security
.
Like other algorithm-based classes in Java Security, SecureRandom provides implementation-independent algorithms, whereby a caller (application code) requests a particular RNG algorithm and is handed back a SecureRandom object for that algorithm. It is also possible, if desired, to request a particular algorithm from a particular provider. See the getInstance methods.
Thus, there are two ways to request a SecureRandom object: by specifying either just an algorithm name, or both an algorithm name and a package provider.
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
The SecureRandom implementation attempts to completely randomize the internal state of the generator itself unless the caller follows the call to a getInstance method with a call to the setSeed method:
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");random.setSeed(seed);
Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.
Typical callers of SecureRandom invoke the following methods to retrieve random bytes:
After the caller obtains the SecureRandom object from the getInstance call, it can call nextBytes to generate random bytes:
SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); random.setSeed(seed); byte bytes[] = new byte[20]; random.nextBytes(bytes);
Callers
The caller
may also invoke the generateSeed method to generate a given number of seed bytes (to seed other random number generators, for example):
byte seed[] = random.generateSeed(20);
Constructor Summary | |
---|---|
SecureRandom
()
Constructs a secure random number generator (RNG). |
|
|
|
SecureRandom
(byte[] seed)
Constructs a secure random number generator (RNG). |
|
|
|
protected |
SecureRandom
(
SecureRandomSpi
secureRandomSpi,
Provider
provider) Creates a SecureRandom object. |
Method Summary | |
---|---|
byte[] |
generateSeed
(int numBytes) Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. |
String |
getAlgorithm
() Returns the name of the algorithm implemented by this SecureRandom object. |
static SecureRandom |
getInstance
(
String
Returns |
static SecureRandom |
getInstance
(
String
algorithm,
Provider
Returns |
static SecureRandom |
getInstance
(
String
algorithm,
String
Returns |
Provider |
getProvider
() Returns the provider of this SecureRandom object. |
static byte[] |
getSeed
(int numBytes) Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. |
protected int |
next
(int numBits) Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading zeros). |
void |
nextBytes
(byte[] bytes) Generates a user-specified number of random bytes. |
void |
setSeed
(byte[] seed) Reseeds this random object. |
void |
setSeed
(long seed) Reseeds this random object, using the eight bytes contained in the given long seed. |
Methods inherited from class java.util. Random |
---|
nextBoolean , nextDouble , nextFloat , nextGaussian , nextInt , nextInt , nextLong |
Methods inherited from class java.lang. Object |
---|
clone , equals , finalize , getClass , hashCode , notify , notifyAll , toString , wait , wait , wait |
Constructor Detail |
---|
public SecureRandom()
This constructor traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom object encapsulating the SecureRandomSpi implementation from the first Provider that supports a SecureRandom (RNG) algorithm is returned. If none of the Providers support a RNG algorithm, then an implementation-specific default is returned.
By using this constructor, the caller obtains a SecureRandom object containing the implementation from the highest-priority installed provider that has a SecureRandom implementation.
Note that the list of registered providers may be retrieved via the
Security.getProviders()
method.
Note that this instance of SecureRandom has not been seeded. A call to the setSeed method will seed the SecureRandom object. If a call is not made to setSeed, the first call to the nextBytes method will force the SecureRandom object to seed itself.
See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard RNG algorithm names.
The returned SecureRandom object has not been seeded. To seed the returned object, call the setSeed method. If setSeed is not called, the first call to nextBytes will force the SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.
This constructor is provided for backwards compatibility. The caller is encouraged to use one of the alternative getInstance methods to obtain a SecureRandom object.
public SecureRandom(byte[] seed)
This constructor traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom object encapsulating the SecureRandomSpi implementation from the first Provider that supports a SecureRandom (RNG) algorithm is returned. If none of the Providers support a RNG algorithm, then an implementation-specific default is returned.
Note that the list of registered providers may be retrieved via the Security.getProviders() method.
See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard RNG algorithm names.
The SecureRandom instance is seeded with the specified seed bytes.
By using this constructor, the caller obtains a SecureRandom object containing the implementation from the highest-priority installed provider that has a SecureRandom implementation. This constructor uses a user-provided seed in preference to the self-seeding algorithm referred to in the empty constructor description. It may be preferable to the empty constructor if the caller has access to high-quality random bytes from some physical device (for example, a radiation detector or a noisy diode).
This constructor is provided for backwards compatibility. The caller is encouraged to use one of the alternative getInstance methods to obtain a SecureRandom object, and then to call the setSeed method to seed it.
protected SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider)
Method Detail |
---|
public static SecureRandom getInstance(String algorithm) throws NoSuchAlgorithmException
This method traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom object encapsulating the SecureRandomSpi implementation from the first Provider that supports the specified algorithm is returned.
Note that the returned instance of SecureRandom has not been seeded. A call to the setSeed method will seed the SecureRandom object. If a call is not made to setSeed, the first call to the nextBytes method will force the SecureRandom object to seed itself.
Note that the list of registered providers may be retrieved via the Security.getProviders() method.
The returned SecureRandom object has not been seeded. To seed the returned object, call the setSeed method. If setSeed is not called, the first call to nextBytes will force the SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.
public static SecureRandom getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException
A new SecureRandom object encapsulating the SecureRandomSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.
Note that the returned instance of SecureRandom has not been seeded. A call to the setSeed method will seed the SecureRandom object. If a call is not made to setSeed, the first call to the nextBytes method will force the SecureRandom object to seed itself.
Note that the list of registered providers may be retrieved via the Security.getProviders() method.
The returned SecureRandom object has not been seeded. To seed the returned object, call the setSeed method. If setSeed is not called, the first call to nextBytes will force the SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.
public static SecureRandom getInstance(String algorithm, Provider provider) throws NoSuchAlgorithmException
A new SecureRandom object encapsulating the SecureRandomSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.
Note that the returned instance of SecureRandom has not been seeded. A call to the setSeed method will seed the SecureRandom object. If a call is not made to setSeed, the first call to the nextBytes method will force the SecureRandom object to seed itself.
The returned SecureRandom object has not been seeded. To seed the returned object, call the setSeed method. If setSeed is not called, the first call to nextBytes will force the SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.
public final Provider getProvider()
public String getAlgorithm()
public void setSeed(byte[] seed)
public void setSeed(long seed)
This method is defined for compatibility with java.util.Random.
public void nextBytes(byte[] bytes)
If a call to setSeed had not occurred previously, the first call to this method forces this SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.
protected final int next(int numBits)
public static byte[] getSeed(int numBytes)
This method is only included for backwards compatibility. The caller is encouraged to use one of the alternative getInstance methods to obtain a SecureRandom object, and then call the generateSeed method to obtain seed bytes from that object.
public byte[] generateSeed(int numBytes)