Package java.security

Class SecureRandom

  • All Implemented Interfaces:
    Serializable
    public class SecureRandom
extends Random
    This class generates cryptographically secure pseudo-random numbers. It is best to invoke SecureRandom using the default constructor. This will provide an instance of the most cryptographically strong provider available: 
    SecureRandom sr = new SecureRandom();
 byte[] output = new byte[16];
 sr.nextBytes(output);

    The default algorithm is defined by the first SecureRandomSpi provider found in the installed security providers. Use Security to install custom SecureRandomSpi providers.

    Note that the output of a SecureRandom instance should never be relied upon to be deterministic. For deterministic output from a given input, see MessageDigest which provides one-way hash functions. For deriving keys from passwords, see SecretKeyFactory.

    Seeding SecureRandom may be insecure

    A seed is an array of bytes used to bootstrap random number generation. To produce cryptographically secure random numbers, both the seed and the algorithm must be secure.

    By default, instances of this class will generate an initial seed using an internal entropy source, such as /dev/urandom. This seed is unpredictable and appropriate for secure use.

    Using the seeded constructor or calling setSeed(byte[]) may completely replace the cryptographically strong default seed causing the instance to return a predictable sequence of numbers unfit for secure use. Due to variations between implementations it is not recommended to use setSeed at all.

    See Also:
    Serialized Form

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
        SecureRandom()
      Constructs a new SecureRandom that uses the default algorithm.
        SecureRandom​(byte[] seed)
      Constructs a new seeded SecureRandom that uses the default algorithm.
      protected SecureRandom​(SecureRandomSpi secureRandomSpi, Provider provider)
      Constructs a new instance of SecureRandom using the given implementation from the specified provider.

    • Constructor Detail

      • SecureRandom

        public SecureRandom()
        Constructs a new SecureRandom that uses the default algorithm.

      • SecureRandom

        protected SecureRandom​(SecureRandomSpi secureRandomSpi,
                       Provider provider)
        Constructs a new instance of SecureRandom using the given implementation from the specified provider.
        Parameters:
        secureRandomSpi - the implementation.
        provider - the security provider.

    • Method Detail

      • getInstance

        public static SecureRandom getInstance​(String algorithm)
                                throws NoSuchAlgorithmException
        Returns a new instance of SecureRandom that utilizes the specified algorithm.
        Parameters:
        algorithm - the name of the algorithm to use.
        Returns:
        a new instance of SecureRandom that utilizes the specified algorithm.
        Throws:
        NoSuchAlgorithmException - if the specified algorithm is not available.
        NullPointerException - if algorithm is null.

      • getInstance

        public static SecureRandom getInstance​(String algorithm,
                                       Provider provider)
                                throws NoSuchAlgorithmException
        Returns a new instance of SecureRandom that utilizes the specified algorithm from the specified provider. The provider supplied does not have to be registered.
        Parameters:
        algorithm - the name of the algorithm to use.
        provider - the security provider.
        Returns:
        a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.
        Throws:
        NoSuchAlgorithmException - if the specified algorithm is not available.
        NullPointerException - if algorithm is null.
        IllegalArgumentException - if provider == null

      • getProvider

        public final Provider getProvider()
        Returns the provider associated with this SecureRandom.
        Returns:
        the provider associated with this SecureRandom.

      • getAlgorithm

        public String getAlgorithm()
        Returns the name of the algorithm of this SecureRandom.
        Returns:
        the name of the algorithm of this SecureRandom.

      • nextBytes

        public void nextBytes​(byte[] bytes)
        Generates and stores random bytes in the given byte[] for each array element.
        Overrides:
        nextBytes in class Random
        Parameters:
        bytes - the byte[] to be filled with random bytes.

      • next

        protected final int next​(int numBits)
        Generates and returns an int containing the specified number of random bits (right justified, with leading zeros).
        Overrides:
        next in class Random
        Parameters:
        numBits - number of bits to be generated. An input value should be in the range [0, 32].
        Returns:
        an int containing the specified number of random bits.

      • getSeed

        public static byte[] getSeed​(int numBytes)
        Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.
        Parameters:
        numBytes - the number of seed bytes.
        Returns:
        the seed bytes

      • generateSeed

        public byte[] generateSeed​(int numBytes)
        Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.
        Parameters:
        numBytes - the number of seed bytes.
        Returns:
        the seed bytes.