Android APIs
public class

SecureRandom

extends Random
java.lang.Object
   ↳ java.util.Random
     ↳ java.security.SecureRandom

Class Overview

This class generates cryptographically secure pseudo-random numbers. It is best to invoke SecureRandom using the default constructor. This will provide an instance of the most cryptographically strong provider available:

SecureRandom sr = new SecureRandom();
 byte[] output = new byte[16];
 sr.nextBytes(output);

The default algorithm is defined by the first SecureRandomSpi provider found in the installed security providers. Use Security to install custom SecureRandomSpi providers.

Note that the output of a SecureRandom instance should never be relied upon to be deterministic. For deterministic output from a given input, see MessageDigest which provides one-way hash functions. For deriving keys from passwords, see SecretKeyFactory.

Seeding SecureRandom may be insecure

A seed is an array of bytes used to bootstrap random number generation. To produce cryptographically secure random numbers, both the seed and the algorithm must be secure.

By default, instances of this class will generate an initial seed using an internal entropy source, such as /dev/urandom. This seed is unpredictable and appropriate for secure use.

Using the seeded constructor or calling setSeed(byte[]) may completely replace the cryptographically strong default seed causing the instance to return a predictable sequence of numbers unfit for secure use. Due to variations between implementations it is not recommended to use setSeed at all.

Summary

Public Constructors
SecureRandom()
Constructs a new SecureRandom that uses the default algorithm.
SecureRandom(byte[] seed)
Constructs a new seeded SecureRandom that uses the default algorithm.
Protected Constructors
SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider)
Constructs a new instance of SecureRandom using the given implementation from the specified provider.
Public Methods
byte[] generateSeed(int numBytes)
Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.
String getAlgorithm()
Returns the name of the algorithm of this SecureRandom.
static SecureRandom getInstance(String algorithm, String provider)
Returns a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.
static SecureRandom getInstance(String algorithm, Provider provider)
Returns a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.
static SecureRandom getInstance(String algorithm)
Returns a new instance of SecureRandom that utilizes the specified algorithm.
final Provider getProvider()
Returns the provider associated with this SecureRandom.
static byte[] getSeed(int numBytes)
Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.
void nextBytes(byte[] bytes)
Generates and stores random bytes in the given byte[] for each array element.
void setSeed(byte[] seed)
Seeds this SecureRandom instance with the specified seed.
void setSeed(long seed)
Seeds this SecureRandom instance with the specified eight-byte seed.
Protected Methods
final int next(int numBits)
Generates and returns an int containing the specified number of random bits (right justified, with leading zeros).
[Expand]
Inherited Methods
From class java.util.Random
From class java.lang.Object

Public Constructors

public SecureRandom ()

Added in API level 1

Constructs a new SecureRandom that uses the default algorithm.

public SecureRandom (byte[] seed)

Added in API level 1

Constructs a new seeded SecureRandom that uses the default algorithm. Seeding SecureRandom may be insecure.

Parameters
seed byte

Protected Constructors

protected SecureRandom (SecureRandomSpi secureRandomSpi, Provider provider)

Added in API level 1

Constructs a new instance of SecureRandom using the given implementation from the specified provider.

Parameters
secureRandomSpi SecureRandomSpi: the implementation.
provider Provider: the security provider.

Public Methods

public byte[] generateSeed (int numBytes)

Added in API level 1

Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.

Parameters
numBytes int: the number of seed bytes.
Returns
byte[] the seed bytes.

public String getAlgorithm ()

Added in API level 1

Returns the name of the algorithm of this SecureRandom.

Returns
String the name of the algorithm of this SecureRandom.

public static SecureRandom getInstance (String algorithm, String provider)

Added in API level 1

Returns a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.

Parameters
algorithm String: the name of the algorithm to use.
provider String: the name of the provider.
Returns
SecureRandom a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.
Throws
NoSuchAlgorithmException if the specified algorithm is not available.
NoSuchProviderException if the specified provider is not available.
NullPointerException if algorithm is null.
IllegalArgumentException if provider == null || provider.isEmpty()

public static SecureRandom getInstance (String algorithm, Provider provider)

Added in API level 1

Returns a new instance of SecureRandom that utilizes the specified algorithm from the specified provider. The provider supplied does not have to be registered.

Parameters
algorithm String: the name of the algorithm to use.
provider Provider: the security provider.
Returns
SecureRandom a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.
Throws
NoSuchAlgorithmException if the specified algorithm is not available.
NullPointerException if algorithm is null.
IllegalArgumentException if provider == null

public static SecureRandom getInstance (String algorithm)

Added in API level 1

Returns a new instance of SecureRandom that utilizes the specified algorithm.

Parameters
algorithm String: the name of the algorithm to use.
Returns
SecureRandom a new instance of SecureRandom that utilizes the specified algorithm.
Throws
NoSuchAlgorithmException if the specified algorithm is not available.
NullPointerException if algorithm is null.

public final Provider getProvider ()

Added in API level 1

Returns the provider associated with this SecureRandom.

Returns
Provider the provider associated with this SecureRandom.

public static byte[] getSeed (int numBytes)

Added in API level 1

Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.

Parameters
numBytes int: the number of seed bytes.
Returns
byte[] the seed bytes

public void nextBytes (byte[] bytes)

Added in API level 1

Generates and stores random bytes in the given byte[] for each array element.

Parameters
bytes byte: the byte[] to be filled with random bytes.

public void setSeed (byte[] seed)

Added in API level 1

Seeds this SecureRandom instance with the specified seed. Seeding SecureRandom may be insecure.

Parameters
seed byte

public void setSeed (long seed)

Added in API level 1

Seeds this SecureRandom instance with the specified eight-byte seed. Seeding SecureRandom may be insecure.

Parameters
seed long

Protected Methods

protected final int next (int numBits)

Added in API level 1

Generates and returns an int containing the specified number of random bits (right justified, with leading zeros).

Parameters
numBits int: number of bits to be generated. An input value should be in the range [0, 32].
Returns
int an int containing the specified number of random bits.