The SecureRandom
Class
The SecureRandom
class is an engine class that provides
the functionality of a random number generator.
- Creating a
SecureRandom
Object - As with all engine classes, the way to get a
SecureRandom
object is to call thegetInstance
static factory method on theSecureRandom
class:static SecureRandom getInstance(String algorithm)
A caller can optionally specify the name of a provider or theProvider
class, which will guarantee that the implementation of the random number generation (RNG) algorithm requested is from the named provider:static final SecureRandom getInstance(String algorithm, String provider) static final SecureRandom getInstance(String algorithm, Provider provider)
- Seeding or Re-Seeding the
SecureRandom
Object - The
SecureRandom
implementation attempts to completely randomize the internal state of the generator itself unless the caller follows the call to agetInstance
method with a call to one of thesetSeed
methods:synchronized public void setSeed(byte[] seed) public void setSeed(long seed)
After the
SecureRandom
object has been seeded, it will produce bits as random as the original seeds.At any time a
SecureRandom
object can be re-seeded using one of thesetSeed
methods. The given seed supplements, rather than replaces, the existing seed; therefore, repeated calls are guaranteed never to reduce randomness. - Using a
SecureRandom
Object - To get random bytes, a caller simply passes an array of any length, which is then filled with random bytes:
synchronized public void nextBytes(byte[] bytes)
- Generating Seed Bytes
- If desired, it is possible to invoke the
generateSeed
method to generate a given number of seed bytes (to seed other random number generators, for example):byte[] generateSeed(int numBytes)
- Considerations for z/OS
- Changes are included in the SecureRandom class to improve randomness, which is critical to the security of private keys and stronger cryptographic operations. On z/OS, random data is acquired from /dev/random and /dev/urandom. The use of /dev/random and /dev/urandom places a dependency on ICSF for generating the random data. As a consequence, the RACF CSFSERV Access Permission for CSFRNG (random number generate callable service) must be granted to the exploiter to permit execution of those ICSF services that provide the requested cryptographic support for random number generation.