- java.lang.Object
- 
- java.util.Random
- 
- java.security.SecureRandom
 
 
- 
- All Implemented Interfaces:
- Serializable
 
 public class SecureRandom extends Random This class provides a cryptographically strong random number generator (RNG).A cryptographically strong random number minimally complies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandommust produce non-deterministic output. Therefore any seed material passed to aSecureRandomobject must be unpredictable, and allSecureRandomoutput sequences must be cryptographically strong, as described in RFC 4086: Randomness Requirements for Security.Many SecureRandomimplementations are in the form of a pseudo-random number generator (PRNG, also known as deterministic random bits generator or DRBG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.A caller obtains a SecureRandominstance via the no-argument constructor or one of thegetInstancemethods. For example:SecureRandom r1 = new SecureRandom(); SecureRandom r2 = SecureRandom.getInstance("NativePRNG"); SecureRandom r3 = SecureRandom.getInstance("DRBG", DrbgParameters.instantiation(128, RESEED_ONLY, null));The third statement above returns a SecureRandomobject of the specific algorithm supporting the specific instantiate parameters. The implementation's effective instantiated parameters must match this minimum request but is not necessarily the same. For example, even if the request does not require a certain feature, the actual instantiation can provide the feature. An implementation may lazily instantiate aSecureRandomuntil it's actually used, but the effective instantiate parameters must be determined right after it's created andgetParameters()should always return the same result unchanged.Typical callers of SecureRandominvoke the following methods to retrieve random bytes:SecureRandom random = new SecureRandom(); byte[] bytes = new byte[20]; random.nextBytes(bytes); Callers may also invoke the generateSeed(int)method to generate a given number of seed bytes (to seed other random number generators, for example):byte[] seed = random.generateSeed(20); A newly created PRNG SecureRandomobject is not seeded (except if it is created bySecureRandom(byte[])). The first call tonextByteswill force it to seed itself from an implementation- specific entropy source. This self-seeding will not occur ifsetSeedwas previously called.A SecureRandomcan be reseeded at any time by calling thereseedorsetSeedmethod. Thereseedmethod reads entropy input from its entropy source to reseed itself. ThesetSeedmethod requires the caller to provide the seed.Please note that reseedmay not be supported by allSecureRandomimplementations.Some SecureRandomimplementations may accept aSecureRandomParametersparameter in itsnextBytes(byte[], SecureRandomParameters)andreseed(SecureRandomParameters)methods to further control the behavior of the methods.Note: Depending on the implementation, the generateSeed,reseedandnextBytesmethods may block as entropy is being gathered, for example, if the entropy source is /dev/random on various Unix-like operating systems.Thread safetySecureRandomobjects are safe for use by multiple concurrent threads.- Implementation Requirements:
- A SecureRandomservice provider can advertise that it is thread-safe by setting the service provider attribute "ThreadSafe" to "true" when registering the provider. Otherwise, this class will instead synchronize access to the following methods of theSecureRandomSpiimplementation:
- Since:
- 1.1
- See Also:
- SecureRandomSpi,- Random, Serialized Form
 
- 
- 
Constructor SummaryConstructors Modifier Constructor Description SecureRandom()Constructs a secure random number generator (RNG) implementing the default random number algorithm.SecureRandom(byte[] seed)Constructs a secure random number generator (RNG) implementing the default random number algorithm.protectedSecureRandom(SecureRandomSpi secureRandomSpi, Provider provider)Creates aSecureRandomobject.
 - 
Method SummaryAll Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description byte[]generateSeed(int numBytes)Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself.StringgetAlgorithm()Returns the name of the algorithm implemented by thisSecureRandomobject.static SecureRandomgetInstance(String algorithm)Returns aSecureRandomobject that implements the specified Random Number Generator (RNG) algorithm.static SecureRandomgetInstance(String algorithm, String provider)Returns aSecureRandomobject that implements the specified Random Number Generator (RNG) algorithm.static SecureRandomgetInstance(String algorithm, Provider provider)Returns aSecureRandomobject that implements the specified Random Number Generator (RNG) algorithm.static SecureRandomgetInstance(String algorithm, SecureRandomParameters params)Returns aSecureRandomobject that implements the specified Random Number Generator (RNG) algorithm and supports the specifiedSecureRandomParametersrequest.static SecureRandomgetInstance(String algorithm, SecureRandomParameters params, String provider)Returns aSecureRandomobject that implements the specified Random Number Generator (RNG) algorithm and supports the specifiedSecureRandomParametersrequest.static SecureRandomgetInstance(String algorithm, SecureRandomParameters params, Provider provider)Returns aSecureRandomobject that implements the specified Random Number Generator (RNG) algorithm and supports the specifiedSecureRandomParametersrequest.static SecureRandomgetInstanceStrong()Returns aSecureRandomobject that was selected by using the algorithms/providers specified in thesecurerandom.strongAlgorithmsSecurityproperty.SecureRandomParametersgetParameters()Returns the effectiveSecureRandomParametersfor thisSecureRandominstance.ProvidergetProvider()Returns the provider of thisSecureRandomobject.static byte[]getSeed(int numBytes)Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself.protected intnext(int numBits)Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading zeros).voidnextBytes(byte[] bytes)Generates a user-specified number of random bytes.voidnextBytes(byte[] bytes, SecureRandomParameters params)Generates a user-specified number of random bytes with additional parameters.voidreseed()Reseeds thisSecureRandomwith entropy input read from its entropy source.voidreseed(SecureRandomParameters params)Reseeds thisSecureRandomwith entropy input read from its entropy source with additional parameters.voidsetSeed(byte[] seed)Reseeds this random object with the given seed.voidsetSeed(long seed)Reseeds this random object, using the eight bytes contained in the givenlong seed.StringtoString()Returns a Human-readable string representation of thisSecureRandom.
 
- 
- 
- 
Constructor Detail- 
SecureRandompublic SecureRandom() Constructs a secure random number generator (RNG) implementing the default random number algorithm.This constructor traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandomobject encapsulating theSecureRandomSpiimplementation from the first Provider that supports aSecureRandom(RNG) algorithm is returned. If none of the Providers support a RNG algorithm, then an implementation-specific default is returned.Note that the list of registered providers may be retrieved via the Security.getProviders()method.See the SecureRandomsection in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
 - 
SecureRandompublic SecureRandom(byte[] seed) Constructs a secure random number generator (RNG) implementing the default random number algorithm. TheSecureRandominstance is seeded with the specified seed bytes.This constructor traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandomobject encapsulating theSecureRandomSpiimplementation from the first Provider that supports aSecureRandom(RNG) algorithm is returned. If none of the Providers support a RNG algorithm, then an implementation-specific default is returned.Note that the list of registered providers may be retrieved via the Security.getProviders()method.See the SecureRandomsection in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.- Parameters:
- seed- the seed.
 
 - 
SecureRandomprotected SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider) Creates aSecureRandomobject.- Parameters:
- secureRandomSpi- the- SecureRandomimplementation.
- provider- the provider.
 
 
- 
 - 
Method Detail- 
getInstancepublic static SecureRandom getInstance(String algorithm) throws NoSuchAlgorithmException Returns aSecureRandomobject that implements the specified Random Number Generator (RNG) algorithm.This method traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandomobject encapsulating theSecureRandomSpiimplementation from the first Provider that supports the specified algorithm is returned.Note that the list of registered providers may be retrieved via the Security.getProviders()method.- Implementation Note:
- The JDK Reference Implementation additionally uses the
 jdk.security.provider.preferredSecurityproperty to determine the preferred provider order for the specified algorithm. This may be different than the order of providers returned bySecurity.getProviders().
- Parameters:
- algorithm- the name of the RNG algorithm. See the- SecureRandomsection in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
- Returns:
- the new SecureRandomobject
- Throws:
- NoSuchAlgorithmException- if no- Providersupports a- SecureRandomSpiimplementation for the specified algorithm
- NullPointerException- if- algorithmis- null
- Since:
- 1.2
- See Also:
- Provider
 
 - 
getInstancepublic static SecureRandom getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException Returns aSecureRandomobject that implements the specified Random Number Generator (RNG) algorithm.A new SecureRandomobject encapsulating theSecureRandomSpiimplementation from the specified provider is returned. The specified provider must be registered in the security provider list.Note that the list of registered providers may be retrieved via the Security.getProviders()method.- Parameters:
- algorithm- the name of the RNG algorithm. See the- SecureRandomsection in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
- provider- the name of the provider.
- Returns:
- the new SecureRandomobject
- Throws:
- IllegalArgumentException- if the provider name is- nullor empty
- NoSuchAlgorithmException- if a- SecureRandomSpiimplementation for the specified algorithm is not available from the specified provider
- NoSuchProviderException- if the specified provider is not registered in the security provider list
- NullPointerException- if- algorithmis- null
- Since:
- 1.2
- See Also:
- Provider
 
 - 
getInstancepublic static SecureRandom getInstance(String algorithm, Provider provider) throws NoSuchAlgorithmException Returns aSecureRandomobject that implements the specified Random Number Generator (RNG) algorithm.A new SecureRandomobject encapsulating theSecureRandomSpiimplementation from the specifiedProviderobject is returned. Note that the specifiedProviderobject does not have to be registered in the provider list.- Parameters:
- algorithm- the name of the RNG algorithm. See the- SecureRandomsection in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
- provider- the provider.
- Returns:
- the new SecureRandomobject
- Throws:
- IllegalArgumentException- if the specified provider is- null
- NoSuchAlgorithmException- if a- SecureRandomSpiimplementation for the specified algorithm is not available from the specified- Providerobject
- NullPointerException- if- algorithmis- null
- Since:
- 1.4
- See Also:
- Provider
 
 - 
getInstancepublic static SecureRandom getInstance(String algorithm, SecureRandomParameters params) throws NoSuchAlgorithmException Returns aSecureRandomobject that implements the specified Random Number Generator (RNG) algorithm and supports the specifiedSecureRandomParametersrequest.This method traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandomobject encapsulating theSecureRandomSpiimplementation from the first Provider that supports the specified algorithm and the specifiedSecureRandomParametersis returned.Note that the list of registered providers may be retrieved via the Security.getProviders()method.- Implementation Note:
- The JDK Reference Implementation additionally uses the
 jdk.security.provider.preferredproperty to determine the preferred provider order for the specified algorithm. This may be different than the order of providers returned bySecurity.getProviders().
- Parameters:
- algorithm- the name of the RNG algorithm. See the- SecureRandomsection in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
- params- the- SecureRandomParametersthe newly created- SecureRandomobject must support.
- Returns:
- the new SecureRandomobject
- Throws:
- IllegalArgumentException- if the specified params is- null
- NoSuchAlgorithmException- if no Provider supports a- SecureRandomSpiimplementation for the specified algorithm and parameters
- NullPointerException- if- algorithmis- null
- Since:
- 9
- See Also:
- Provider
 
 - 
getInstancepublic static SecureRandom getInstance(String algorithm, SecureRandomParameters params, String provider) throws NoSuchAlgorithmException, NoSuchProviderException Returns aSecureRandomobject that implements the specified Random Number Generator (RNG) algorithm and supports the specifiedSecureRandomParametersrequest.A new SecureRandomobject encapsulating theSecureRandomSpiimplementation from the specified provider is returned. The specified provider must be registered in the security provider list.Note that the list of registered providers may be retrieved via the Security.getProviders()method.- Parameters:
- algorithm- the name of the RNG algorithm. See the- SecureRandomsection in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
- params- the- SecureRandomParametersthe newly created- SecureRandomobject must support.
- provider- the name of the provider.
- Returns:
- the new SecureRandomobject
- Throws:
- IllegalArgumentException- if the provider name is- nullor empty, or params is- null
- NoSuchAlgorithmException- if the specified provider does not support a- SecureRandomSpiimplementation for the specified algorithm and parameters
- NoSuchProviderException- if the specified provider is not registered in the security provider list
- NullPointerException- if- algorithmis- null
- Since:
- 9
- See Also:
- Provider
 
 - 
getInstancepublic static SecureRandom getInstance(String algorithm, SecureRandomParameters params, Provider provider) throws NoSuchAlgorithmException Returns aSecureRandomobject that implements the specified Random Number Generator (RNG) algorithm and supports the specifiedSecureRandomParametersrequest.A new SecureRandomobject encapsulating theSecureRandomSpiimplementation from the specifiedProviderobject is returned. Note that the specifiedProviderobject does not have to be registered in the provider list.- Parameters:
- algorithm- the name of the RNG algorithm. See the- SecureRandomsection in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
- params- the- SecureRandomParametersthe newly created- SecureRandomobject must support.
- provider- the provider.
- Returns:
- the new SecureRandomobject
- Throws:
- IllegalArgumentException- if the specified provider or params is- null
- NoSuchAlgorithmException- if the specified provider does not support a- SecureRandomSpiimplementation for the specified algorithm and parameters
- NullPointerException- if- algorithmis- null
- Since:
- 9
- See Also:
- Provider
 
 - 
getProviderpublic final Provider getProvider() Returns the provider of thisSecureRandomobject.- Returns:
- the provider of this SecureRandomobject.
 
 - 
getAlgorithmpublic String getAlgorithm() Returns the name of the algorithm implemented by thisSecureRandomobject.- Returns:
- the name of the algorithm or unknownif the algorithm name cannot be determined.
- Since:
- 1.5
 
 - 
toStringpublic String toString() Returns a Human-readable string representation of thisSecureRandom.
 - 
getParameterspublic SecureRandomParameters getParameters() Returns the effectiveSecureRandomParametersfor thisSecureRandominstance.The returned value can be different from the SecureRandomParametersobject passed into agetInstancemethod, but it cannot change during the lifetime of thisSecureRandomobject.A caller can use the returned value to find out what features this SecureRandomsupports.- Returns:
- the effective SecureRandomParametersparameters, ornullif no parameters were used.
- Since:
- 9
- See Also:
- SecureRandomSpi
 
 - 
setSeedpublic void setSeed(byte[] seed) Reseeds this random object with the given seed. The seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.A PRNG SecureRandomwill not seed itself automatically ifsetSeedis called before anynextBytesorreseedcalls. The caller should make sure that theseedargument contains enough entropy for the security of thisSecureRandom.- Parameters:
- seed- the seed.
- See Also:
- getSeed(int)
 
 - 
setSeedpublic void setSeed(long seed) Reseeds this random object, using the eight bytes contained in the givenlong seed. The given seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.This method is defined for compatibility with java.util.Random.- Overrides:
- setSeedin class- Random
- Parameters:
- seed- the seed.
- See Also:
- getSeed(int)
 
 - 
nextBytespublic void nextBytes(byte[] bytes) Generates a user-specified number of random bytes.
 - 
nextBytespublic void nextBytes(byte[] bytes, SecureRandomParameters params)Generates a user-specified number of random bytes with additional parameters.- Parameters:
- bytes- the array to be filled in with random bytes
- params- additional parameters
- Throws:
- NullPointerException- if- bytesis null
- UnsupportedOperationException- if the underlying provider implementation has not overridden this method
- IllegalArgumentException- if- paramsis- null, illegal or unsupported by this- SecureRandom
- Since:
- 9
 
 - 
nextprotected final int next(int numBits) Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading zeros). This method overrides ajava.util.Randommethod, and serves to provide a source of random bits to all of the methods inherited from that class (for example,nextInt,nextLong, andnextFloat).
 - 
getSeedpublic static byte[] getSeed(int numBytes) Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. This call may be used to seed other random number generators.This method is only included for backwards compatibility. The caller is encouraged to use one of the alternative getInstancemethods to obtain aSecureRandomobject, and then call thegenerateSeedmethod to obtain seed bytes from that object.- Parameters:
- numBytes- the number of seed bytes to generate.
- Returns:
- the seed bytes.
- Throws:
- IllegalArgumentException- if- numBytesis negative
- See Also:
- setSeed(byte[])
 
 - 
generateSeedpublic byte[] generateSeed(int numBytes) Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. This call may be used to seed other random number generators.- Parameters:
- numBytes- the number of seed bytes to generate.
- Returns:
- the seed bytes.
- Throws:
- IllegalArgumentException- if- numBytesis negative
 
 - 
getInstanceStrongpublic static SecureRandom getInstanceStrong() throws NoSuchAlgorithmException Returns aSecureRandomobject that was selected by using the algorithms/providers specified in thesecurerandom.strongAlgorithmsSecurityproperty.Some situations require strong random values, such as when creating high-value/long-lived secrets like RSA public/private keys. To help guide applications in selecting a suitable strong SecureRandomimplementation, Java distributions include a list of known strongSecureRandomimplementations in thesecurerandom.strongAlgorithmsSecurity property.Every implementation of the Java platform is required to support at least one strong SecureRandomimplementation.- Returns:
- a strong SecureRandomimplementation as indicated by thesecurerandom.strongAlgorithmsSecurity property
- Throws:
- NoSuchAlgorithmException- if no algorithm is available
- Since:
- 1.8
- See Also:
- Security.getProperty(String)
 
 - 
reseedpublic void reseed() Reseeds thisSecureRandomwith entropy input read from its entropy source.- Throws:
- UnsupportedOperationException- if the underlying provider implementation has not overridden this method.
- Since:
- 9
 
 - 
reseedpublic void reseed(SecureRandomParameters params) Reseeds thisSecureRandomwith entropy input read from its entropy source with additional parameters.Note that entropy is obtained from an entropy source. While some data in paramsmay contain entropy, its main usage is to provide diversity.- Parameters:
- params- extra parameters
- Throws:
- UnsupportedOperationException- if the underlying provider implementation has not overridden this method.
- IllegalArgumentException- if- paramsis- null, illegal or unsupported by this- SecureRandom
- Since:
- 9
 
 
- 
 
-