Skip to content

Most visited

Recently visited

navigation
Added in API level 1

SecureRandom

public class SecureRandom
extends Random

java.lang.Object
   ↳ java.util.Random
     ↳ java.security.SecureRandom


This class provides a cryptographically strong random number generator (RNG).

A cryptographically strong random number minimally complies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in RFC 1750: Randomness Recommendations for Security.

A caller obtains a SecureRandom instance via the no-argument constructor or one of the getInstance methods:

      SecureRandom random = new SecureRandom();
 

Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.

Typical callers of SecureRandom invoke the following methods to retrieve random bytes:

      SecureRandom random = new SecureRandom();
      byte bytes[] = new byte[20];
      random.nextBytes(bytes);
 

Callers may also invoke the generateSeed method to generate a given number of seed bytes (to seed other random number generators, for example):

      byte seed[] = random.generateSeed(20);
 
Note: Depending on the implementation, the generateSeed and nextBytes methods may block as entropy is being gathered, for example, if they need to read from /dev/random on various unix-like operating systems. The SHA1PRNG algorithm from the Crypto provider has been deprecated as it was insecure, and also incorrectly used by some apps as a key derivation function. See Security "Crypto" provider deprecated in Android N for details.

See also:

Summary

Public constructors

SecureRandom()

Constructs a secure random number generator (RNG) implementing the default random number algorithm.

SecureRandom(byte[] seed)

Constructs a secure random number generator (RNG) implementing the default random number algorithm.

Protected constructors

SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider)

Creates a SecureRandom object.

Public methods

byte[] generateSeed(int numBytes)

Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself.

String getAlgorithm()

Returns the name of the algorithm implemented by this SecureRandom object.

static SecureRandom getInstance(String algorithm)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

static SecureRandom getInstance(String algorithm, String provider)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

static SecureRandom getInstance(String algorithm, Provider provider)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

final Provider getProvider()

Returns the provider of this SecureRandom object.

static byte[] getSeed(int numBytes)

Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself.

void nextBytes(byte[] bytes)

Generates a user-specified number of random bytes.

void setSeed(long seed)

Reseeds this random object, using the eight bytes contained in the given long seed.

void setSeed(byte[] seed)

Reseeds this random object.

Protected methods

final int next(int numBits)

Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading zeros).

Inherited methods

From class java.util.Random
From class java.lang.Object

Public constructors

SecureRandom

Added in API level 1
SecureRandom ()

Constructs a secure random number generator (RNG) implementing the default random number algorithm.

This constructor traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom object encapsulating the SecureRandomSpi implementation from the first Provider that supports a SecureRandom (RNG) algorithm is returned. If none of the Providers support a RNG algorithm, then an implementation-specific default is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

See the SecureRandom section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard RNG algorithm names.

The returned SecureRandom object has not been seeded. To seed the returned object, call the setSeed method. If setSeed is not called, the first call to nextBytes will force the SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.

SecureRandom

Added in API level 1
SecureRandom (byte[] seed)

Constructs a secure random number generator (RNG) implementing the default random number algorithm. The SecureRandom instance is seeded with the specified seed bytes.

This constructor traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom object encapsulating the SecureRandomSpi implementation from the first Provider that supports a SecureRandom (RNG) algorithm is returned. If none of the Providers support a RNG algorithm, then an implementation-specific default is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

See the SecureRandom section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard RNG algorithm names.

Parameters
seed byte: the seed.

Protected constructors

SecureRandom

Added in API level 1
SecureRandom (SecureRandomSpi secureRandomSpi, 
                Provider provider)

Creates a SecureRandom object.

Parameters
secureRandomSpi SecureRandomSpi: the SecureRandom implementation.
provider Provider: the provider.

Public methods

generateSeed

Added in API level 1
byte[] generateSeed (int numBytes)

Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. This call may be used to seed other random number generators.

Parameters
numBytes int: the number of seed bytes to generate.
Returns
byte[] the seed bytes.

getAlgorithm

Added in API level 1
String getAlgorithm ()

Returns the name of the algorithm implemented by this SecureRandom object.

Returns
String the name of the algorithm or unknown if the algorithm name cannot be determined.

getInstance

Added in API level 1
SecureRandom getInstance (String algorithm)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

This method traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom object encapsulating the SecureRandomSpi implementation from the first Provider that supports the specified algorithm is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

The returned SecureRandom object has not been seeded. To seed the returned object, call the setSeed method. If setSeed is not called, the first call to nextBytes will force the SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.

Parameters
algorithm String: the name of the RNG algorithm. See the SecureRandom section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard RNG algorithm names.
Returns
SecureRandom the new SecureRandom object.
Throws
NoSuchAlgorithmException if no Provider supports a SecureRandomSpi implementation for the specified algorithm.

See also:

getInstance

Added in API level 1
SecureRandom getInstance (String algorithm, 
                String provider)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

A new SecureRandom object encapsulating the SecureRandomSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

The returned SecureRandom object has not been seeded. To seed the returned object, call the setSeed method. If setSeed is not called, the first call to nextBytes will force the SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.

Parameters
algorithm String: the name of the RNG algorithm. See the SecureRandom section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard RNG algorithm names.
provider String: the name of the provider.
Returns
SecureRandom the new SecureRandom object.
Throws
NoSuchAlgorithmException if a SecureRandomSpi implementation for the specified algorithm is not available from the specified provider.
NoSuchProviderException if the specified provider is not registered in the security provider list.
IllegalArgumentException if the provider name is null or empty.

See also:

getInstance

Added in API level 1
SecureRandom getInstance (String algorithm, 
                Provider provider)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

A new SecureRandom object encapsulating the SecureRandomSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.

The returned SecureRandom object has not been seeded. To seed the returned object, call the setSeed method. If setSeed is not called, the first call to nextBytes will force the SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.

Parameters
algorithm String: the name of the RNG algorithm. See the SecureRandom section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard RNG algorithm names.
provider Provider: the provider.
Returns
SecureRandom the new SecureRandom object.
Throws
NoSuchAlgorithmException if a SecureRandomSpi implementation for the specified algorithm is not available from the specified Provider object.
IllegalArgumentException if the specified provider is null.

See also:

getProvider

Added in API level 1
Provider getProvider ()

Returns the provider of this SecureRandom object.

Returns
Provider the provider of this SecureRandom object.

getSeed

Added in API level 1
byte[] getSeed (int numBytes)

Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. This call may be used to seed other random number generators.

This method is only included for backwards compatibility. The caller is encouraged to use one of the alternative getInstance methods to obtain a SecureRandom object, and then call the generateSeed method to obtain seed bytes from that object.

Parameters
numBytes int: the number of seed bytes to generate.
Returns
byte[] the seed bytes.

See also:

nextBytes

Added in API level 1
void nextBytes (byte[] bytes)

Generates a user-specified number of random bytes.

If a call to setSeed had not occurred previously, the first call to this method forces this SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.

Parameters
bytes byte: the array to be filled in with random bytes.

setSeed

Added in API level 1
void setSeed (long seed)

Reseeds this random object, using the eight bytes contained in the given long seed. The given seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.

This method is defined for compatibility with java.util.Random.

Parameters
seed long: the seed.

See also:

setSeed

Added in API level 1
void setSeed (byte[] seed)

Reseeds this random object. The given seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.

Parameters
seed byte: the seed.

See also:

Protected methods

next

Added in API level 1
int next (int numBits)

Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading zeros). This method overrides a java.util.Random method, and serves to provide a source of random bits to all of the methods inherited from that class (for example, nextInt, nextLong, and nextFloat).

Parameters
numBits int: number of pseudo-random bits to be generated, where 0 <= numBits <= 32.
Returns
int an int containing the user-specified number of pseudo-random bits (right justified, with leading zeros).
This site uses cookies to store your preferences for site-specific language and display options.

Hooray!

This class requires API level or higher

This doc is hidden because your selected API level for the documentation is . You can change the documentation API level with the selector above the left navigation.

For more information about specifying the API level your app requires, read Supporting Different Platform Versions.