SecureRandom

public class SecureRandom extends Random

This class provides a cryptographically strong random number generator (RNG).

A cryptographically strong random number minimally complies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in RFC 1750: Randomness Recommendations for Security.

A caller obtains a SecureRandom instance via the no-argument constructor or one of the getInstance methods:

      SecureRandom random = new SecureRandom();

Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.

Typical callers of SecureRandom invoke the following methods to retrieve random bytes:

      SecureRandom random = new SecureRandom();
      byte bytes[] = new byte[20];
      random.nextBytes(bytes);

Callers may also invoke the generateSeed method to generate a given number of seed bytes (to seed other random number generators, for example):

      byte seed[] = random.generateSeed(20);

Note: Depending on the implementation, the generateSeed and nextBytes methods may block as entropy is being gathered, for example, if they need to read from /dev/random on various Unix-like operating systems. The SHA1PRNG algorithm from the Crypto provider has been deprecated as it was insecure, and also incorrectly used by some apps as a key derivation function. See Security "Crypto" provider deprecated in Android N for details.

Public Constructor Summary

	SecureRandom() Constructs a secure random number generator (RNG) implementing the default random number algorithm.
	SecureRandom(byte[] seed) Constructs a secure random number generator (RNG) implementing the default random number algorithm.

Protected Constructor Summary

SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider)

Creates a SecureRandom object.

Public Method Summary

byte[]	generateSeed(int numBytes) Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself.
String	getAlgorithm() Returns the name of the algorithm implemented by this SecureRandom object.
static SecureRandom	getInstance(String algorithm) Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.
static SecureRandom	getInstance(String algorithm, String provider) Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.
static SecureRandom	getInstance(String algorithm, Provider provider) Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.
static SecureRandom	getInstanceStrong() Returns a `SecureRandom` object.
final Provider	getProvider() Returns the provider of this SecureRandom object.
static byte[]	getSeed(int numBytes) Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself.
synchronized void	nextBytes(byte[] bytes) Generates a user-specified number of random bytes.
void	setSeed(long seed) Reseeds this random object, using the eight bytes contained in the given `long seed`.
synchronized void	setSeed(byte[] seed) Reseeds this random object.

Protected Method Summary

final int

next(int numBits)

Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading zeros).

Inherited Method Summary

From class java.util.Random

DoubleStream	doubles(long streamSize) Returns a stream producing the given `streamSize` number of pseudorandom `double` values, each between zero (inclusive) and one (exclusive).
DoubleStream	doubles() Returns an effectively unlimited stream of pseudorandom `double` values, each between zero (inclusive) and one (exclusive).
DoubleStream	doubles(double randomNumberOrigin, double randomNumberBound) Returns an effectively unlimited stream of pseudorandom `double` values, each conforming to the given origin (inclusive) and bound (exclusive).
DoubleStream	doubles(long streamSize, double randomNumberOrigin, double randomNumberBound) Returns a stream producing the given `streamSize` number of pseudorandom `double` values, each conforming to the given origin (inclusive) and bound (exclusive).
IntStream	ints(long streamSize) Returns a stream producing the given `streamSize` number of pseudorandom `int` values.
IntStream	ints(long streamSize, int randomNumberOrigin, int randomNumberBound) Returns a stream producing the given `streamSize` number of pseudorandom `int` values, each conforming to the given origin (inclusive) and bound (exclusive).
IntStream	ints(int randomNumberOrigin, int randomNumberBound) Returns an effectively unlimited stream of pseudorandom `int` values, each conforming to the given origin (inclusive) and bound (exclusive).
IntStream	ints() Returns an effectively unlimited stream of pseudorandom `int` values.
LongStream	longs() Returns an effectively unlimited stream of pseudorandom `long` values.
LongStream	longs(long streamSize) Returns a stream producing the given `streamSize` number of pseudorandom `long` values.
LongStream	longs(long randomNumberOrigin, long randomNumberBound) Returns an effectively unlimited stream of pseudorandom `long` values, each conforming to the given origin (inclusive) and bound (exclusive).
LongStream	longs(long streamSize, long randomNumberOrigin, long randomNumberBound) Returns a stream producing the given `streamSize` number of pseudorandom `long`, each conforming to the given origin (inclusive) and bound (exclusive).
int	next(int bits) Generates the next pseudorandom number.
boolean	nextBoolean() Returns the next pseudorandom, uniformly distributed `boolean` value from this random number generator's sequence.
void	nextBytes(byte[] bytes) Generates random bytes and places them into a user-supplied byte array.
double	nextDouble() Returns the next pseudorandom, uniformly distributed `double` value between `0.0` and `1.0` from this random number generator's sequence.
float	nextFloat() Returns the next pseudorandom, uniformly distributed `float` value between `0.0` and `1.0` from this random number generator's sequence.
synchronized double	nextGaussian() Returns the next pseudorandom, Gaussian ("normally") distributed `double` value with mean `0.0` and standard deviation `1.0` from this random number generator's sequence.
int	nextInt() Returns the next pseudorandom, uniformly distributed `int` value from this random number generator's sequence.
int	nextInt(int bound) Returns a pseudorandom, uniformly distributed `int` value between 0 (inclusive) and the specified value (exclusive), drawn from this random number generator's sequence.
long	nextLong() Returns the next pseudorandom, uniformly distributed `long` value from this random number generator's sequence.
synchronized void	setSeed(long seed) Sets the seed of this random number generator using a single `long` seed.

From class java.lang.Object

Object	clone() Creates and returns a copy of this `Object`.
boolean	equals(Object obj) Compares this instance with the specified object and indicates if they are equal.
void	finalize() Invoked when the garbage collector has detected that this instance is no longer reachable.
final Class<?>	getClass() Returns the unique instance of `Class` that represents this object's class.
int	hashCode() Returns an integer hash code for this object.
final void	notify() Causes a thread which is waiting on this object's monitor (by means of calling one of the `wait()` methods) to be woken up.
final void	notifyAll() Causes all threads which are waiting on this object's monitor (by means of calling one of the `wait()` methods) to be woken up.
String	toString() Returns a string containing a concise, human-readable description of this object.
final void	wait(long timeout, int nanos) Causes the calling thread to wait until another thread calls the `notify()` or `notifyAll()` method of this object or until the specified timeout expires.
final void	wait(long timeout) Causes the calling thread to wait until another thread calls the `notify()` or `notifyAll()` method of this object or until the specified timeout expires.
final void	wait() Causes the calling thread to wait until another thread calls the `notify()` or `notifyAll()` method of this object.

Public Constructors

public SecureRandom ()

Constructs a secure random number generator (RNG) implementing the default random number algorithm.

This constructor traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom object encapsulating the SecureRandomSpi implementation from the first Provider that supports a SecureRandom (RNG) algorithm is returned. If none of the Providers support a RNG algorithm, then an implementation-specific default is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

See the SecureRandom section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard RNG algorithm names.

The returned SecureRandom object has not been seeded. To seed the returned object, call the setSeed method. If setSeed is not called, the first call to nextBytes will force the SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.

public SecureRandom (byte[] seed)

Constructs a secure random number generator (RNG) implementing the default random number algorithm. The SecureRandom instance is seeded with the specified seed bytes.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

See the SecureRandom section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard RNG algorithm names.

Parameters

seed	the seed.

Protected Constructors

protected SecureRandom (SecureRandomSpi secureRandomSpi, Provider provider)

Creates a SecureRandom object.

Parameters

secureRandomSpi	the SecureRandom implementation.
provider	the provider.

Public Methods

public byte[] generateSeed (int numBytes)

Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. This call may be used to seed other random number generators.

Parameters

numBytes	the number of seed bytes to generate.

Returns

the seed bytes.

public String getAlgorithm ()

Returns the name of the algorithm implemented by this SecureRandom object.

Returns

the name of the algorithm or unknown if the algorithm name cannot be determined.

public static SecureRandom getInstance (String algorithm)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

This method traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom object encapsulating the SecureRandomSpi implementation from the first Provider that supports the specified algorithm is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

Parameters

algorithm	the name of the RNG algorithm. See the SecureRandom section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard RNG algorithm names.

Returns

the new SecureRandom object.

Throws

NoSuchAlgorithmException	if no Provider supports a SecureRandomSpi implementation for the specified algorithm.

public static SecureRandom getInstance (String algorithm, String provider)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

A new SecureRandom object encapsulating the SecureRandomSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

Parameters

algorithm	the name of the RNG algorithm. See the SecureRandom section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard RNG algorithm names.
provider	the name of the provider.

Returns

the new SecureRandom object.

Throws

NoSuchAlgorithmException	if a SecureRandomSpi implementation for the specified algorithm is not available from the specified provider.
NoSuchProviderException	if the specified provider is not registered in the security provider list.
IllegalArgumentException	if the provider name is null or empty.

public static SecureRandom getInstance (String algorithm, Provider provider)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

A new SecureRandom object encapsulating the SecureRandomSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.

Parameters

algorithm	the name of the RNG algorithm. See the SecureRandom section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard RNG algorithm names.
provider	the provider.

Returns

the new SecureRandom object.

Throws

NoSuchAlgorithmException	if a SecureRandomSpi implementation for the specified algorithm is not available from the specified Provider object.
IllegalArgumentException	if the specified provider is null.

public static SecureRandom getInstanceStrong ()

Returns a SecureRandom object. In Android this is equivalent to get a SHA1PRNG from AndroidOpenSSL. Some situations require strong random values, such as when creating high-value/long-lived secrets like RSA public/private keys. To help guide applications in selecting a suitable strong SecureRandom implementation, Java distributions include a list of known strong SecureRandom implementations in the securerandom.strongAlgorithms Security property.

Every implementation of the Java platform is required to support at least one strong SecureRandom implementation.

Returns

a strong SecureRandom implementation

Throws

NoSuchAlgorithmException	if no algorithm is available

public final Provider getProvider ()

Returns the provider of this SecureRandom object.

Returns

the provider of this SecureRandom object.

public static byte[] getSeed (int numBytes)

Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. This call may be used to seed other random number generators.

This method is only included for backwards compatibility. The caller is encouraged to use one of the alternative getInstance methods to obtain a SecureRandom object, and then call the generateSeed method to obtain seed bytes from that object.

Parameters

numBytes	the number of seed bytes to generate.

Returns

the seed bytes.

public synchronized void nextBytes (byte[] bytes)

Generates a user-specified number of random bytes.

If a call to setSeed had not occurred previously, the first call to this method forces this SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.

Parameters

bytes	the array to be filled in with random bytes.

public void setSeed (long seed)

Reseeds this random object, using the eight bytes contained in the given long seed. The given seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.

This method is defined for compatibility with java.util.Random.

Parameters

seed	the seed.

public synchronized void setSeed (byte[] seed)

Reseeds this random object. The given seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.

Parameters

seed	the seed.

Protected Methods

protected final int next (int numBits)

Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading zeros). This method overrides a java.util.Random method, and serves to provide a source of random bits to all of the methods inherited from that class (for example, nextInt, nextLong, and nextFloat).

Parameters

numBits	number of pseudo-random bits to be generated, where `0 <= numBits <= 32`.

Returns

an int containing the user-specified number of pseudo-random bits (right justified, with leading zeros).

SecureRandom

See Also

Public Constructor Summary

Protected Constructor Summary

Public Method Summary

Protected Method Summary

Inherited Method Summary

Public Constructors

public SecureRandom ()

public SecureRandom (byte[] seed)

Parameters

Protected Constructors

protected SecureRandom (SecureRandomSpi secureRandomSpi, Provider provider)

Parameters

Public Methods

public byte[] generateSeed (int numBytes)

Parameters

Returns

public String getAlgorithm ()

Returns

public static SecureRandom getInstance (String algorithm)

Parameters

Returns

Throws

See Also

public static SecureRandom getInstance (String algorithm, String provider)

Parameters

Returns

Throws

See Also

public static SecureRandom getInstance (String algorithm, Provider provider)

Parameters

Returns

Throws

See Also

public static SecureRandom getInstanceStrong ()

Returns

Throws

See Also

public final Provider getProvider ()

Returns

public static byte[] getSeed (int numBytes)

Parameters

Returns

See Also

public synchronized void nextBytes (byte[] bytes)

Parameters

public void setSeed (long seed)

Parameters

See Also

public synchronized void setSeed (byte[] seed)

Parameters

See Also

Protected Methods

protected final int next (int numBits)

Parameters

Returns