SecureRandom
open class SecureRandom : Random
kotlin.Any | ||
↳ | java.util.Random | |
↳ | java.security.SecureRandom |
This class provides a cryptographically strong random number generator (RNG).
A cryptographically strong random number minimally complies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandom
must produce non-deterministic output. Therefore any seed material passed to a SecureRandom
object must be unpredictable, and all SecureRandom
output sequences must be cryptographically strong, as described in RFC 4086: Randomness Requirements for Security.
Many SecureRandom
implementations are in the form of a pseudo-random number generator (PRNG, also known as deterministic random bits generator or DRBG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.
A caller obtains a SecureRandom
instance via the no-argument constructor or one of the getInstance
methods. For example:
SecureRandom r1 = new SecureRandom(); SecureRandom r2 = SecureRandom.getInstance("NativePRNG"); SecureRandom r3 = SecureRandom.getInstance("DRBG", DrbgParameters.instantiation(128, RESEED_ONLY, null));
The third statement above returns a SecureRandom
object of the specific algorithm supporting the specific instantiate parameters. The implementation's effective instantiated parameters must match this minimum request but is not necessarily the same. For example, even if the request does not require a certain feature, the actual instantiation can provide the feature. An implementation may lazily instantiate a SecureRandom
until it's actually used, but the effective instantiate parameters must be determined right after it's created and getParameters()
should always return the same result unchanged.
Typical callers of SecureRandom
invoke the following methods to retrieve random bytes:
SecureRandom random = new SecureRandom(); byte[] bytes = new byte[20]; random.nextBytes(bytes);
Callers may also invoke the generateSeed
method to generate a given number of seed bytes (to seed other random number generators, for example):
byte[] seed = random.generateSeed(20);
A newly created PRNG SecureRandom
object is not seeded (except if it is created by SecureRandom(byte[])
). The first call to nextBytes
will force it to seed itself from an implementation- specific entropy source. This self-seeding will not occur if setSeed
was previously called.
A SecureRandom
can be reseeded at any time by calling the reseed
or setSeed
method. The reseed
method reads entropy input from its entropy source to reseed itself. The setSeed
method requires the caller to provide the seed.
Please note that reseed
may not be supported by all SecureRandom
implementations.
Some SecureRandom
implementations may accept a SecureRandomParameters
parameter in its nextBytes(byte[],java.security.SecureRandomParameters)
and reseed(java.security.SecureRandomParameters)
methods to further control the behavior of the methods.
Note: Depending on the implementation, the generateSeed
, reseed
and nextBytes
methods may block as entropy is being gathered, for example, if the entropy source is /dev/random on various Unix-like operating systems.
Thread safety
SecureRandom
objects are safe for use by multiple concurrent threads.
Summary
Public constructors | |
---|---|
Constructs a secure random number generator (RNG) implementing the default random number algorithm. |
|
SecureRandom(seed: ByteArray!) Constructs a secure random number generator (RNG) implementing the default random number algorithm. |
Protected constructors | |
---|---|
SecureRandom(secureRandomSpi: SecureRandomSpi!, provider: Provider!) Creates a |
Public methods | |
---|---|
open ByteArray! |
generateSeed(numBytes: Int) Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. |
open String! |
Returns the name of the algorithm implemented by this |
open static SecureRandom! |
getInstance(algorithm: String!) Returns a |
open static SecureRandom! |
getInstance(algorithm: String!, provider: String!) Returns a |
open static SecureRandom! |
getInstance(algorithm: String!, provider: Provider!) Returns a |
open static SecureRandom! |
getInstance(algorithm: String!, params: SecureRandomParameters!) Returns a |
open static SecureRandom! |
getInstance(algorithm: String!, params: SecureRandomParameters!, provider: String!) Returns a |
open static SecureRandom! |
getInstance(algorithm: String!, params: SecureRandomParameters!, provider: Provider!) Returns a |
open static SecureRandom! |
Returns a |
open SecureRandomParameters! |
Returns the effective |
Provider! |
Returns the provider of this |
open static ByteArray! |
Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. |
open Unit |
Generates a user-specified number of random bytes. |
open Unit |
nextBytes(bytes: ByteArray!, params: SecureRandomParameters!) Generates a user-specified number of random bytes with additional parameters. |
open Unit |
reseed() Reseeds this |
open Unit |
reseed(params: SecureRandomParameters!) Reseeds this |
open Unit |
Reseeds this random object with the given seed. |
open Unit |
Reseeds this random object, using the eight bytes contained in the given |
open String |
toString() Returns a Human-readable string representation of this |
Protected methods | |
---|---|
Int |
Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading zeros). |
Inherited functions | |
---|---|
Public constructors
SecureRandom
SecureRandom()
Constructs a secure random number generator (RNG) implementing the default random number algorithm.
This constructor traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom
object encapsulating the SecureRandomSpi
implementation from the first Provider that supports a SecureRandom
(RNG) algorithm is returned. If none of the Providers support a RNG algorithm, then an implementation-specific default is returned.
Note that the list of registered providers may be retrieved via the Security.getProviders()
method.
See the SecureRandom
section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
SecureRandom
SecureRandom(seed: ByteArray!)
Constructs a secure random number generator (RNG) implementing the default random number algorithm. The SecureRandom
instance is seeded with the specified seed bytes.
This constructor traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom
object encapsulating the SecureRandomSpi
implementation from the first Provider that supports a SecureRandom
(RNG) algorithm is returned. If none of the Providers support a RNG algorithm, then an implementation-specific default is returned.
Note that the list of registered providers may be retrieved via the Security.getProviders()
method.
See the SecureRandom
section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
Parameters | |
---|---|
seed |
ByteArray!: the seed. |
Protected constructors
SecureRandom
protected SecureRandom(
secureRandomSpi: SecureRandomSpi!,
provider: Provider!)
Creates a SecureRandom
object.
Parameters | |
---|---|
secureRandomSpi |
SecureRandomSpi!: the SecureRandom implementation. |
provider |
Provider!: the provider. |
Public methods
generateSeed
open fun generateSeed(numBytes: Int): ByteArray!
Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. This call may be used to seed other random number generators.
Parameters | |
---|---|
numBytes |
Int: the number of seed bytes to generate. |
Return | |
---|---|
ByteArray! |
the seed bytes. |
Exceptions | |
---|---|
java.lang.IllegalArgumentException |
if numBytes is negative |
getAlgorithm
open fun getAlgorithm(): String!
Returns the name of the algorithm implemented by this SecureRandom
object.
Return | |
---|---|
String! |
the name of the algorithm or unknown if the algorithm name cannot be determined. |
getInstance
open static fun getInstance(algorithm: String!): SecureRandom!
Returns a SecureRandom
object that implements the specified Random Number Generator (RNG) algorithm.
This method traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom
object encapsulating the SecureRandomSpi
implementation from the first Provider that supports the specified algorithm is returned.
Note that the list of registered providers may be retrieved via the Security.getProviders()
method.
Parameters | |
---|---|
algorithm |
String!: the name of the RNG algorithm. See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names. |
Return | |
---|---|
SecureRandom! |
the new SecureRandom object |
Exceptions | |
---|---|
java.security.NoSuchAlgorithmException |
if no Provider supports a SecureRandomSpi implementation for the specified algorithm |
java.lang.NullPointerException |
if algorithm is null |
See Also
getInstance
open static fun getInstance(
algorithm: String!,
provider: String!
): SecureRandom!
Returns a SecureRandom
object that implements the specified Random Number Generator (RNG) algorithm.
A new SecureRandom
object encapsulating the SecureRandomSpi
implementation from the specified provider is returned. The specified provider must be registered in the security provider list.
Note that the list of registered providers may be retrieved via the Security.getProviders()
method.
Parameters | |
---|---|
algorithm |
String!: the name of the RNG algorithm. See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names. |
provider |
String!: the name of the provider. |
Return | |
---|---|
SecureRandom! |
the new SecureRandom object |
Exceptions | |
---|---|
java.lang.IllegalArgumentException |
if the provider name is null or empty |
java.security.NoSuchAlgorithmException |
if a SecureRandomSpi implementation for the specified algorithm is not available from the specified provider |
java.security.NoSuchProviderException |
if the specified provider is not registered in the security provider list |
java.lang.NullPointerException |
if algorithm is null |
See Also
getInstance
open static fun getInstance(
algorithm: String!,
provider: Provider!
): SecureRandom!
Returns a SecureRandom
object that implements the specified Random Number Generator (RNG) algorithm.
A new SecureRandom
object encapsulating the SecureRandomSpi
implementation from the specified Provider
object is returned. Note that the specified Provider
object does not have to be registered in the provider list.
Parameters | |
---|---|
algorithm |
String!: the name of the RNG algorithm. See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names. |
provider |
Provider!: the provider. |
Return | |
---|---|
SecureRandom! |
the new SecureRandom object |
Exceptions | |
---|---|
java.lang.IllegalArgumentException |
if the specified provider is null |
java.security.NoSuchAlgorithmException |
if a SecureRandomSpi implementation for the specified algorithm is not available from the specified Provider object |
java.lang.NullPointerException |
if algorithm is null |
See Also
getInstance
open static fun getInstance(
algorithm: String!,
params: SecureRandomParameters!
): SecureRandom!
Returns a SecureRandom
object that implements the specified Random Number Generator (RNG) algorithm and supports the specified SecureRandomParameters
request.
This method traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom
object encapsulating the SecureRandomSpi
implementation from the first Provider that supports the specified algorithm and the specified SecureRandomParameters
is returned.
Note that the list of registered providers may be retrieved via the Security.getProviders()
method.
Parameters | |
---|---|
algorithm |
String!: the name of the RNG algorithm. See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names. |
params |
SecureRandomParameters!: the SecureRandomParameters the newly created SecureRandom object must support. |
Return | |
---|---|
SecureRandom! |
the new SecureRandom object |
Exceptions | |
---|---|
java.lang.IllegalArgumentException |
if the specified params is null |
java.security.NoSuchAlgorithmException |
if no Provider supports a SecureRandomSpi implementation for the specified algorithm and parameters |
java.lang.NullPointerException |
if algorithm is null |
See Also
getInstance
open static fun getInstance(
algorithm: String!,
params: SecureRandomParameters!,
provider: String!
): SecureRandom!
Returns a SecureRandom
object that implements the specified Random Number Generator (RNG) algorithm and supports the specified SecureRandomParameters
request.
A new SecureRandom
object encapsulating the SecureRandomSpi
implementation from the specified provider is returned. The specified provider must be registered in the security provider list.
Note that the list of registered providers may be retrieved via the Security.getProviders()
method.
Parameters | |
---|---|
algorithm |
String!: the name of the RNG algorithm. See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names. |
params |
SecureRandomParameters!: the SecureRandomParameters the newly created SecureRandom object must support. |
provider |
String!: the name of the provider. |
Return | |
---|---|
SecureRandom! |
the new SecureRandom object |
Exceptions | |
---|---|
java.lang.IllegalArgumentException |
if the provider name is null or empty, or params is null |
java.security.NoSuchAlgorithmException |
if the specified provider does not support a SecureRandomSpi implementation for the specified algorithm and parameters |
java.security.NoSuchProviderException |
if the specified provider is not registered in the security provider list |
java.lang.NullPointerException |
if algorithm is null |
See Also
getInstance
open static fun getInstance(
algorithm: String!,
params: SecureRandomParameters!,
provider: Provider!
): SecureRandom!
Returns a SecureRandom
object that implements the specified Random Number Generator (RNG) algorithm and supports the specified SecureRandomParameters
request.
A new SecureRandom
object encapsulating the SecureRandomSpi
implementation from the specified Provider
object is returned. Note that the specified Provider
object does not have to be registered in the provider list.
Parameters | |
---|---|
algorithm |
String!: the name of the RNG algorithm. See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names. |
params |
SecureRandomParameters!: the SecureRandomParameters the newly created SecureRandom object must support. |
provider |
Provider!: the provider. |
Return | |
---|---|
SecureRandom! |
the new SecureRandom object |
Exceptions | |
---|---|
java.lang.IllegalArgumentException |
if the specified provider or params is null |
java.security.NoSuchAlgorithmException |
if the specified provider does not support a SecureRandomSpi implementation for the specified algorithm and parameters |
java.lang.NullPointerException |
if algorithm is null |
See Also
getInstanceStrong
open static fun getInstanceStrong(): SecureRandom!
Returns a SecureRandom
object. In Android this is equivalent to get a SHA1PRNG from AndroidOpenSSL. Some situations require strong random values, such as when creating high-value/long-lived secrets like RSA public/private keys. To help guide applications in selecting a suitable strong SecureRandom
implementation, Java distributions include a list of known strong SecureRandom
implementations in the securerandom.strongAlgorithms
Security property.
Every implementation of the Java platform is required to support at least one strong SecureRandom
implementation.
Return | |
---|---|
SecureRandom! |
a strong SecureRandom implementation |
Exceptions | |
---|---|
java.security.NoSuchAlgorithmException |
if no algorithm is available |
getParameters
open fun getParameters(): SecureRandomParameters!
Returns the effective SecureRandomParameters
for this SecureRandom
instance.
The returned value can be different from the SecureRandomParameters
object passed into a getInstance
method, but it cannot change during the lifetime of this SecureRandom
object.
A caller can use the returned value to find out what features this SecureRandom
supports.
Return | |
---|---|
SecureRandomParameters! |
the effective SecureRandomParameters parameters, or null if no parameters were used. |
See Also
getProvider
fun getProvider(): Provider!
Returns the provider of this SecureRandom
object.
Return | |
---|---|
Provider! |
the provider of this SecureRandom object. |
getSeed
open static fun getSeed(numBytes: Int): ByteArray!
Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. This call may be used to seed other random number generators.
This method is only included for backwards compatibility. The caller is encouraged to use one of the alternative getInstance
methods to obtain a SecureRandom
object, and then call the generateSeed
method to obtain seed bytes from that object.
Parameters | |
---|---|
numBytes |
Int: the number of seed bytes to generate. |
Return | |
---|---|
ByteArray! |
the seed bytes. |
Exceptions | |
---|---|
java.lang.IllegalArgumentException |
if numBytes is negative |
See Also
nextBytes
open fun nextBytes(bytes: ByteArray!): Unit
Generates a user-specified number of random bytes.
Parameters | |
---|---|
bytes |
ByteArray!: the array to be filled in with random bytes. |
Exceptions | |
---|---|
java.lang.NullPointerException |
if the byte array is null |
nextBytes
open fun nextBytes(
bytes: ByteArray!,
params: SecureRandomParameters!
): Unit
Generates a user-specified number of random bytes with additional parameters.
Parameters | |
---|---|
bytes |
ByteArray!: the array to be filled in with random bytes |
params |
SecureRandomParameters!: additional parameters |
Exceptions | |
---|---|
java.lang.NullPointerException |
if bytes is null |
java.lang.UnsupportedOperationException |
if the underlying provider implementation has not overridden this method |
java.lang.IllegalArgumentException |
if params is null , illegal or unsupported by this SecureRandom |
reseed
open fun reseed(): Unit
Reseeds this SecureRandom
with entropy input read from its entropy source.
Exceptions | |
---|---|
java.lang.UnsupportedOperationException |
if the underlying provider implementation has not overridden this method. |
reseed
open fun reseed(params: SecureRandomParameters!): Unit
Reseeds this SecureRandom
with entropy input read from its entropy source with additional parameters.
Note that entropy is obtained from an entropy source. While some data in params
may contain entropy, its main usage is to provide diversity.
Parameters | |
---|---|
params |
SecureRandomParameters!: extra parameters |
Exceptions | |
---|---|
java.lang.UnsupportedOperationException |
if the underlying provider implementation has not overridden this method. |
java.lang.IllegalArgumentException |
if params is null , illegal or unsupported by this SecureRandom |
setSeed
open fun setSeed(seed: ByteArray!): Unit
Reseeds this random object with the given seed. The seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.
A PRNG SecureRandom
will not seed itself automatically if setSeed
is called before any nextBytes
or reseed
calls. The caller should make sure that the seed
argument contains enough entropy for the security of this SecureRandom
.
Parameters | |
---|---|
seed |
ByteArray!: the seed. |
See Also
setSeed
open fun setSeed(seed: Long): Unit
Reseeds this random object, using the eight bytes contained in the given long seed
. The given seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.
This method is defined for compatibility with java.util.Random
.
Parameters | |
---|---|
seed |
Long: the seed. |
See Also
toString
open fun toString(): String
Returns a Human-readable string representation of this SecureRandom
.
Return | |
---|---|
String |
the string representation |
Protected methods
next
protected fun next(numBits: Int): Int
Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading zeros). This method overrides a java.util.Random
method, and serves to provide a source of random bits to all of the methods inherited from that class (for example, nextInt
, nextLong
, and nextFloat
).
Parameters | |
---|---|
bits |
random bits |
numBits |
Int: number of pseudo-random bits to be generated, where 0 <= numBits <= 32 . |
Return | |
---|---|
Int |
an int containing the user-specified number of pseudo-random bits (right justified, with leading zeros). |