public class

SecureRandom

extends Random
java.lang.Object
   ↳ java.util.Random
     ↳ java.security.SecureRandom

Class Overview

This class generates cryptographically secure pseudo-random numbers.

Supported Algorithms

  • SHA1PRNG: Based on SHA-1. Not guaranteed to be compatible with the SHA1PRNG algorithm on the reference implementation.

The default algorithm is defined by the first SecureRandomSpi provider found in the VM's installed security providers. Use Security to install custom SecureRandomSpi providers.

Seeding SecureRandom may be insecure

A seed is an array of bytes used to bootstrap random number generation. To produce cryptographically secure random numbers, both the seed and the algorithm must be secure.

By default, instances of this class will generate an initial seed using an internal entropy source, such as /dev/urandom. This seed is unpredictable and appropriate for secure use.

You may alternatively specify the initial seed explicitly with the seeded constructor or by calling setSeed(byte[]) before any random numbers have been generated. Specifying a fixed seed will cause the instance to return a predictable sequence of numbers. This may be useful for testing but it is not appropriate for secure use.

Although it is common practice to seed Random with the current time, that is dangerous with SecureRandom since that value is predictable to an attacker and not appropriate for secure use.

Calling setSeed(byte[]) on a SecureRandom after it has been used to generate random numbers (ie. calling {#link nextBytes}) will supplement the existing seed. This does not cause the instance to return a predictable numbers, nor does it harm the security of the numbers generated.

Summary

Public Constructors
SecureRandom()
Constructs a new SecureRandom that uses the default algorithm.
SecureRandom(byte[] seed)
Constructs a new seeded SecureRandom that uses the default algorithm.
Protected Constructors
SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider)
Constructs a new instance of SecureRandom using the given implementation from the specified provider.
Public Methods
byte[] generateSeed(int numBytes)
Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.
String getAlgorithm()
Returns the name of the algorithm of this SecureRandom.
static SecureRandom getInstance(String algorithm, String provider)
Returns a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.
static SecureRandom getInstance(String algorithm, Provider provider)
Returns a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.
static SecureRandom getInstance(String algorithm)
Returns a new instance of SecureRandom that utilizes the specified algorithm.
final Provider getProvider()
Returns the provider associated with this SecureRandom.
static byte[] getSeed(int numBytes)
Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.
synchronized void nextBytes(byte[] bytes)
Generates and stores random bytes in the given byte[] for each array element.
synchronized void setSeed(byte[] seed)
Seeds this SecureRandom instance with the specified seed.
void setSeed(long seed)
Seeds this SecureRandom instance with the specified eight-byte seed.
Protected Methods
final int next(int numBits)
Generates and returns an int containing the specified number of random bits (right justified, with leading zeros).
[Expand]
Inherited Methods
From class java.util.Random
From class java.lang.Object

Public Constructors

public SecureRandom ()

Since: API Level 1

Constructs a new SecureRandom that uses the default algorithm.

public SecureRandom (byte[] seed)

Since: API Level 1

Constructs a new seeded SecureRandom that uses the default algorithm. Seeding SecureRandom may be insecure.

Protected Constructors

protected SecureRandom (SecureRandomSpi secureRandomSpi, Provider provider)

Since: API Level 1

Constructs a new instance of SecureRandom using the given implementation from the specified provider.

Parameters
secureRandomSpi the implementation.
provider the security provider.

Public Methods

public byte[] generateSeed (int numBytes)

Since: API Level 1

Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.

Parameters
numBytes the number of seed bytes.
Returns
  • the seed bytes.

public String getAlgorithm ()

Since: API Level 1

Returns the name of the algorithm of this SecureRandom.

Returns
  • the name of the algorithm of this SecureRandom.

public static SecureRandom getInstance (String algorithm, String provider)

Since: API Level 1

Returns a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.

Parameters
algorithm the name of the algorithm to use.
provider the name of the provider.
Returns
  • a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.
Throws
NoSuchAlgorithmException if the specified algorithm is not available.
NoSuchProviderException if the specified provider is not available.
NullPointerException if algorithm is null.
IllegalArgumentException if provider == null || provider.isEmpty()

public static SecureRandom getInstance (String algorithm, Provider provider)

Since: API Level 1

Returns a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.

Parameters
algorithm the name of the algorithm to use.
provider the security provider.
Returns
  • a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.
Throws
NoSuchAlgorithmException if the specified algorithm is not available.
NullPointerException if algorithm is null.
IllegalArgumentException if provider == null

public static SecureRandom getInstance (String algorithm)

Since: API Level 1

Returns a new instance of SecureRandom that utilizes the specified algorithm.

Parameters
algorithm the name of the algorithm to use.
Returns
  • a new instance of SecureRandom that utilizes the specified algorithm.
Throws
NoSuchAlgorithmException if the specified algorithm is not available.
NullPointerException if algorithm is null.

public final Provider getProvider ()

Since: API Level 1

Returns the provider associated with this SecureRandom.

Returns
  • the provider associated with this SecureRandom.

public static byte[] getSeed (int numBytes)

Since: API Level 1

Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.

Parameters
numBytes the number of seed bytes.
Returns
  • the seed bytes

public synchronized void nextBytes (byte[] bytes)

Since: API Level 1

Generates and stores random bytes in the given byte[] for each array element.

Parameters
bytes the byte[] to be filled with random bytes.

public synchronized void setSeed (byte[] seed)

Since: API Level 1

Seeds this SecureRandom instance with the specified seed. Seeding SecureRandom may be insecure.

public void setSeed (long seed)

Since: API Level 1

Seeds this SecureRandom instance with the specified eight-byte seed. Seeding SecureRandom may be insecure.

Protected Methods

protected final int next (int numBits)

Since: API Level 1

Generates and returns an int containing the specified number of random bits (right justified, with leading zeros).

Parameters
numBits number of bits to be generated. An input value should be in the range [0, 32].
Returns
  • an int containing the specified number of random bits.