SecureRandompublic class SecureRandom extends Random | This class provides a cryptographically strong random number
generator (RNG).
A cryptographically strong random number
minimally complies with the statistical random number generator tests
specified in
FIPS 140-2, Security Requirements for Cryptographic Modules,
section 4.9.1.
Additionally, SecureRandom must produce non-deterministic output.
Therefore any seed material passed to a SecureRandom object must be
unpredictable, and all SecureRandom output sequences must be
cryptographically strong, as described in
RFC 1750: Randomness Recommendations for Security.
A caller obtains a SecureRandom instance via the
no-argument constructor or one of the getInstance methods:
SecureRandom random = new SecureRandom();
Many SecureRandom implementations are in the form of a pseudo-random
number generator (PRNG), which means they use a deterministic algorithm
to produce a pseudo-random sequence from a true random seed.
Other implementations may produce true random numbers,
and yet others may use a combination of both techniques.
Typical callers of SecureRandom invoke the following methods
to retrieve random bytes:
SecureRandom random = new SecureRandom();
byte bytes[] = new byte[20];
random.nextBytes(bytes);
Callers may also invoke the generateSeed method
to generate a given number of seed bytes (to seed other random number
generators, for example):
byte seed[] = random.generateSeed(20);
|
| Fields Summary |
|---|
| private Provider | providerThe provider. | | private SecureRandomSpi | secureRandomSpiThe provider implementation. | | private String | algorithm | | private static volatile SecureRandom | seedGenerator | | static final long | serialVersionUID | | private byte[] | state | | private MessageDigest | digest | | private byte[] | randomBytes | | private int | randomBytesUsed | | private long | counter |
| Constructors Summary |
|---|
public SecureRandom()Constructs a secure random number generator (RNG) implementing the
default random number algorithm.
This constructor traverses the list of registered security Providers,
starting with the most preferred Provider.
A new SecureRandom object encapsulating the
SecureRandomSpi implementation from the first
Provider that supports a SecureRandom (RNG) algorithm is returned.
If none of the Providers support a RNG algorithm,
then an implementation-specific default is returned.
Note that the list of registered providers may be retrieved via
the {@link Security#getProviders() Security.getProviders()} method.
See Appendix A in the
Java Cryptography Architecture API Specification & Reference
for information about standard RNG algorithm names.
The returned SecureRandom object has not been seeded. To seed the
returned object, call the setSeed method.
If setSeed is not called, the first call to
nextBytes will force the SecureRandom object to seed itself.
This self-seeding will not occur if setSeed was
previously called.
/*
* This call to our superclass constructor will result in a call
* to our own <code>setSeed</code> method, which will return
* immediately when it is passed zero.
*/
super(0);
getDefaultPRNG(false, null);
| public SecureRandom(byte[] seed)Constructs a secure random number generator (RNG) implementing the
default random number algorithm.
The SecureRandom instance is seeded with the specified seed bytes.
This constructor traverses the list of registered security Providers,
starting with the most preferred Provider.
A new SecureRandom object encapsulating the
SecureRandomSpi implementation from the first
Provider that supports a SecureRandom (RNG) algorithm is returned.
If none of the Providers support a RNG algorithm,
then an implementation-specific default is returned.
Note that the list of registered providers may be retrieved via
the {@link Security#getProviders() Security.getProviders()} method.
See Appendix A in the
Java Cryptography Architecture API Specification & Reference
for information about standard RNG algorithm names.
super(0);
getDefaultPRNG(true, seed);
| protected SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider)Creates a SecureRandom object.
this(secureRandomSpi, provider, null);
| private SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider, String algorithm)
super(0);
this.secureRandomSpi = secureRandomSpi;
this.provider = provider;
this.algorithm = algorithm;
|
| Methods Summary |
|---|
| public byte[] | generateSeed(int numBytes)Returns the given number of seed bytes, computed using the seed
generation algorithm that this class uses to seed itself. This
call may be used to seed other random number generators.
return secureRandomSpi.engineGenerateSeed(numBytes);
| | public java.lang.String | getAlgorithm()Returns the name of the algorithm implemented by this SecureRandom
object.
return (algorithm != null) ? algorithm : "unknown";
| | private void | getDefaultPRNG(boolean setSeed, byte[] seed)
String prng = getPrngAlgorithm();
if (prng == null) {
// bummer, get the SUN implementation
prng = "SHA1PRNG";
this.secureRandomSpi = new sun.security.provider.SecureRandom();
this.provider = new sun.security.provider.Sun();
if (setSeed) {
this.secureRandomSpi.engineSetSeed(seed);
}
} else {
try {
SecureRandom random = SecureRandom.getInstance(prng);
this.secureRandomSpi = random.getSecureRandomSpi();
this.provider = random.getProvider();
if (setSeed) {
this.secureRandomSpi.engineSetSeed(seed);
}
} catch (NoSuchAlgorithmException nsae) {
// never happens, because we made sure the algorithm exists
throw new RuntimeException(nsae);
}
}
// JDK 1.1 based implementations subclass SecureRandom instead of
// SecureRandomSpi. They will also go through this code path because
// they must call a SecureRandom constructor as it is their superclass.
// If we are dealing with such an implementation, do not set the
// algorithm value as it would be inaccurate.
if (getClass() == SecureRandom.class) {
this.algorithm = prng;
}
| | public static java.security.SecureRandom | getInstance(java.lang.String algorithm)Returns a SecureRandom object that implements the specified
Random Number Generator (RNG) algorithm.
This method traverses the list of registered security Providers,
starting with the most preferred Provider.
A new SecureRandom object encapsulating the
SecureRandomSpi implementation from the first
Provider that supports the specified algorithm is returned.
Note that the list of registered providers may be retrieved via
the {@link Security#getProviders() Security.getProviders()} method.
The returned SecureRandom object has not been seeded. To seed the
returned object, call the setSeed method.
If setSeed is not called, the first call to
nextBytes will force the SecureRandom object to seed itself.
This self-seeding will not occur if setSeed was
previously called.
Instance instance = GetInstance.getInstance("SecureRandom",
SecureRandomSpi.class, algorithm);
return new SecureRandom((SecureRandomSpi)instance.impl,
instance.provider, algorithm);
| | public static java.security.SecureRandom | getInstance(java.lang.String algorithm, java.lang.String provider)Returns a SecureRandom object that implements the specified
Random Number Generator (RNG) algorithm.
A new SecureRandom object encapsulating the
SecureRandomSpi implementation from the specified provider
is returned. The specified provider must be registered
in the security provider list.
Note that the list of registered providers may be retrieved via
the {@link Security#getProviders() Security.getProviders()} method.
The returned SecureRandom object has not been seeded. To seed the
returned object, call the setSeed method.
If setSeed is not called, the first call to
nextBytes will force the SecureRandom object to seed itself.
This self-seeding will not occur if setSeed was
previously called.
Instance instance = GetInstance.getInstance("SecureRandom",
SecureRandomSpi.class, algorithm, provider);
return new SecureRandom((SecureRandomSpi)instance.impl,
instance.provider, algorithm);
| | public static java.security.SecureRandom | getInstance(java.lang.String algorithm, java.security.Provider provider)Returns a SecureRandom object that implements the specified
Random Number Generator (RNG) algorithm.
A new SecureRandom object encapsulating the
SecureRandomSpi implementation from the specified Provider
object is returned. Note that the specified Provider object
does not have to be registered in the provider list.
The returned SecureRandom object has not been seeded. To seed the
returned object, call the setSeed method.
If setSeed is not called, the first call to
nextBytes will force the SecureRandom object to seed itself.
This self-seeding will not occur if setSeed was
previously called.
Instance instance = GetInstance.getInstance("SecureRandom",
SecureRandomSpi.class, algorithm, provider);
return new SecureRandom((SecureRandomSpi)instance.impl,
instance.provider, algorithm);
| | private static java.lang.String | getPrngAlgorithm()Gets a default PRNG algorithm by looking through all registered
providers. Returns the first PRNG algorithm of the first provider that
has registered a SecureRandom implementation, or null if none of the
registered providers supplies a SecureRandom implementation.
List provs = Providers.getProviderList().providers();
for (Iterator t = provs.iterator(); t.hasNext();) {
Provider p = (Provider)t.next();
for (Iterator u = p.getServices().iterator(); u.hasNext();) {
Service s = (Service)u.next();
if (s.getType().equals("SecureRandom")) {
return s.getAlgorithm();
}
}
}
return null;
| | public final java.security.Provider | getProvider()Returns the provider of this SecureRandom object.
return provider;
| | java.security.SecureRandomSpi | getSecureRandomSpi()Returns the SecureRandomSpi of this SecureRandom object.
return secureRandomSpi;
| | public static byte[] | getSeed(int numBytes)Returns the given number of seed bytes, computed using the seed
generation algorithm that this class uses to seed itself. This
call may be used to seed other random number generators.
This method is only included for backwards compatibility.
The caller is encouraged to use one of the alternative
getInstance methods to obtain a SecureRandom object, and
then call the generateSeed method to obtain seed bytes
from that object.
if (seedGenerator == null)
seedGenerator = new SecureRandom();
return seedGenerator.generateSeed(numBytes);
| | private static byte[] | longToByteArray(long l)Helper function to convert a long into a byte array (least significant
byte first).
byte[] retVal = new byte[8];
for (int i = 0; i < 8; i++) {
retVal[i] = (byte) l;
l >>= 8;
}
return retVal;
| | protected final int | next(int numBits)Generates an integer containing the user-specified number of
pseudo-random bits (right justified, with leading zeros). This
method overrides a java.util.Random method, and serves
to provide a source of random bits to all of the methods inherited
from that class (for example, nextInt,
nextLong, and nextFloat).
int numBytes = (numBits+7)/8;
byte b[] = new byte[numBytes];
int next = 0;
nextBytes(b);
for (int i = 0; i < numBytes; i++)
next = (next << 8) + (b[i] & 0xFF);
return next >>> (numBytes*8 - numBits);
| | public synchronized void | nextBytes(byte[] bytes)Generates a user-specified number of random bytes.
If a call to setSeed had not occurred previously,
the first call to this method forces this SecureRandom object
to seed itself. This self-seeding will not occur if
setSeed was previously called.
secureRandomSpi.engineNextBytes(bytes);
| | public synchronized void | setSeed(byte[] seed)Reseeds this random object. The given seed supplements, rather than
replaces, the existing seed. Thus, repeated calls are guaranteed
never to reduce randomness.
secureRandomSpi.engineSetSeed(seed);
| | public void | setSeed(long seed)Reseeds this random object, using the eight bytes contained
in the given long seed. The given seed supplements,
rather than replaces, the existing seed. Thus, repeated calls
are guaranteed never to reduce randomness.
This method is defined for compatibility with
java.util.Random.
/*
* Ignore call from super constructor (as well as any other calls
* unfortunate enough to be passing 0). It's critical that we
* ignore call from superclass constructor, as digest has not
* yet been initialized at that point.
*/
if (seed != 0) {
secureRandomSpi.engineSetSeed(longToByteArray(seed));
}
|
|
