Added in API level 1

SecureRandom

open class SecureRandom : Random
kotlin.Any
   ↳ java.util.Random
   ↳ java.security.SecureRandom

This class provides a cryptographically strong random number generator (RNG).

A cryptographically strong random number minimally complies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in RFC 4086: Randomness Requirements for Security.

Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG, also known as deterministic random bits generator or DRBG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.

A caller obtains a SecureRandom instance via the no-argument constructor or one of the getInstance methods. For example:

SecureRandom r1 = new SecureRandom();
  SecureRandom r2 = SecureRandom.getInstance("NativePRNG");
  SecureRandom r3 = SecureRandom.getInstance("DRBG",
          DrbgParameters.instantiation(128, RESEED_ONLY, null));

The third statement above returns a SecureRandom object of the specific algorithm supporting the specific instantiate parameters. The implementation's effective instantiated parameters must match this minimum request but is not necessarily the same. For example, even if the request does not require a certain feature, the actual instantiation can provide the feature. An implementation may lazily instantiate a SecureRandom until it's actually used, but the effective instantiate parameters must be determined right after it's created and getParameters() should always return the same result unchanged.

Typical callers of SecureRandom invoke the following methods to retrieve random bytes:

SecureRandom random = new SecureRandom();
  byte[] bytes = new byte[20];
  random.nextBytes(bytes);

Callers may also invoke the generateSeed method to generate a given number of seed bytes (to seed other random number generators, for example):

byte[] seed = random.generateSeed(20);

A newly created PRNG SecureRandom object is not seeded (except if it is created by SecureRandom(byte[])). The first call to nextBytes will force it to seed itself from an implementation- specific entropy source. This self-seeding will not occur if setSeed was previously called.

A SecureRandom can be reseeded at any time by calling the reseed or setSeed method. The reseed method reads entropy input from its entropy source to reseed itself. The setSeed method requires the caller to provide the seed.

Please note that reseed may not be supported by all SecureRandom implementations.

Some SecureRandom implementations may accept a SecureRandomParameters parameter in its nextBytes(byte[],java.security.SecureRandomParameters) and reseed(java.security.SecureRandomParameters) methods to further control the behavior of the methods.

Note: Depending on the implementation, the generateSeed, reseed and nextBytes methods may block as entropy is being gathered, for example, if the entropy source is /dev/random on various Unix-like operating systems.

Thread safety

SecureRandom objects are safe for use by multiple concurrent threads.

Summary

Public constructors

Constructs a secure random number generator (RNG) implementing the default random number algorithm.

Constructs a secure random number generator (RNG) implementing the default random number algorithm.

Protected constructors
SecureRandom(secureRandomSpi: SecureRandomSpi!, provider: Provider!)

Creates a SecureRandom object.

Public methods
open ByteArray!
generateSeed(numBytes: Int)

Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself.

open String!

Returns the name of the algorithm implemented by this SecureRandom object.

open static SecureRandom!
getInstance(algorithm: String!)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

open static SecureRandom!
getInstance(algorithm: String!, provider: String!)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

open static SecureRandom!
getInstance(algorithm: String!, provider: Provider!)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

open static SecureRandom!
getInstance(algorithm: String!, params: SecureRandomParameters!)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm and supports the specified SecureRandomParameters request.

open static SecureRandom!
getInstance(algorithm: String!, params: SecureRandomParameters!, provider: String!)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm and supports the specified SecureRandomParameters request.

open static SecureRandom!
getInstance(algorithm: String!, params: SecureRandomParameters!, provider: Provider!)

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm and supports the specified SecureRandomParameters request.

open static SecureRandom!

Returns a SecureRandom object.

open SecureRandomParameters!

Returns the effective SecureRandomParameters for this SecureRandom instance.

Provider!

Returns the provider of this SecureRandom object.

open static ByteArray!
getSeed(numBytes: Int)

Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself.

open Unit

Generates a user-specified number of random bytes.

open Unit

Generates a user-specified number of random bytes with additional parameters.

open Unit

Reseeds this SecureRandom with entropy input read from its entropy source.

open Unit

Reseeds this SecureRandom with entropy input read from its entropy source with additional parameters.

open Unit

Reseeds this random object with the given seed.

open Unit
setSeed(seed: Long)

Reseeds this random object, using the eight bytes contained in the given long seed.

open String

Returns a Human-readable string representation of this SecureRandom.

Protected methods
Int
next(numBits: Int)

Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading zeros).

Inherited functions

Public constructors

SecureRandom

Added in API level 1
SecureRandom()

Constructs a secure random number generator (RNG) implementing the default random number algorithm.

This constructor traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom object encapsulating the SecureRandomSpi implementation from the first Provider that supports a SecureRandom (RNG) algorithm is returned. If none of the Providers support a RNG algorithm, then an implementation-specific default is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.

SecureRandom

Added in API level 1
SecureRandom(seed: ByteArray!)

Constructs a secure random number generator (RNG) implementing the default random number algorithm. The SecureRandom instance is seeded with the specified seed bytes.

This constructor traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom object encapsulating the SecureRandomSpi implementation from the first Provider that supports a SecureRandom (RNG) algorithm is returned. If none of the Providers support a RNG algorithm, then an implementation-specific default is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.

Parameters
seed ByteArray!: the seed.

Protected constructors

SecureRandom

Added in API level 1
protected SecureRandom(
    secureRandomSpi: SecureRandomSpi!,
    provider: Provider!)

Creates a SecureRandom object.

Parameters
secureRandomSpi SecureRandomSpi!: the SecureRandom implementation.
provider Provider!: the provider.

Public methods

generateSeed

Added in API level 1
open fun generateSeed(numBytes: Int): ByteArray!

Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. This call may be used to seed other random number generators.

Parameters
numBytes Int: the number of seed bytes to generate.
Return
ByteArray! the seed bytes.
Exceptions
java.lang.IllegalArgumentException if numBytes is negative

getAlgorithm

Added in API level 1
open fun getAlgorithm(): String!

Returns the name of the algorithm implemented by this SecureRandom object.

Return
String! the name of the algorithm or unknown if the algorithm name cannot be determined.

getInstance

Added in API level 1
open static fun getInstance(algorithm: String!): SecureRandom!

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

This method traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom object encapsulating the SecureRandomSpi implementation from the first Provider that supports the specified algorithm is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

Parameters
algorithm String!: the name of the RNG algorithm. See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
Return
SecureRandom! the new SecureRandom object
Exceptions
java.security.NoSuchAlgorithmException if no Provider supports a SecureRandomSpi implementation for the specified algorithm
java.lang.NullPointerException if algorithm is null

getInstance

Added in API level 1
open static fun getInstance(
    algorithm: String!,
    provider: String!
): SecureRandom!

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

A new SecureRandom object encapsulating the SecureRandomSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

Parameters
algorithm String!: the name of the RNG algorithm. See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
provider String!: the name of the provider.
Return
SecureRandom! the new SecureRandom object
Exceptions
java.lang.IllegalArgumentException if the provider name is null or empty
java.security.NoSuchAlgorithmException if a SecureRandomSpi implementation for the specified algorithm is not available from the specified provider
java.security.NoSuchProviderException if the specified provider is not registered in the security provider list
java.lang.NullPointerException if algorithm is null

getInstance

Added in API level 1
open static fun getInstance(
    algorithm: String!,
    provider: Provider!
): SecureRandom!

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm.

A new SecureRandom object encapsulating the SecureRandomSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.

Parameters
algorithm String!: the name of the RNG algorithm. See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
provider Provider!: the provider.
Return
SecureRandom! the new SecureRandom object
Exceptions
java.lang.IllegalArgumentException if the specified provider is null
java.security.NoSuchAlgorithmException if a SecureRandomSpi implementation for the specified algorithm is not available from the specified Provider object
java.lang.NullPointerException if algorithm is null

getInstance

Added in API level 35
open static fun getInstance(
    algorithm: String!,
    params: SecureRandomParameters!
): SecureRandom!

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm and supports the specified SecureRandomParameters request.

This method traverses the list of registered security Providers, starting with the most preferred Provider. A new SecureRandom object encapsulating the SecureRandomSpi implementation from the first Provider that supports the specified algorithm and the specified SecureRandomParameters is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

Parameters
algorithm String!: the name of the RNG algorithm. See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
params SecureRandomParameters!: the SecureRandomParameters the newly created SecureRandom object must support.
Return
SecureRandom! the new SecureRandom object
Exceptions
java.lang.IllegalArgumentException if the specified params is null
java.security.NoSuchAlgorithmException if no Provider supports a SecureRandomSpi implementation for the specified algorithm and parameters
java.lang.NullPointerException if algorithm is null

getInstance

Added in API level 35
open static fun getInstance(
    algorithm: String!,
    params: SecureRandomParameters!,
    provider: String!
): SecureRandom!

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm and supports the specified SecureRandomParameters request.

A new SecureRandom object encapsulating the SecureRandomSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

Parameters
algorithm String!: the name of the RNG algorithm. See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
params SecureRandomParameters!: the SecureRandomParameters the newly created SecureRandom object must support.
provider String!: the name of the provider.
Return
SecureRandom! the new SecureRandom object
Exceptions
java.lang.IllegalArgumentException if the provider name is null or empty, or params is null
java.security.NoSuchAlgorithmException if the specified provider does not support a SecureRandomSpi implementation for the specified algorithm and parameters
java.security.NoSuchProviderException if the specified provider is not registered in the security provider list
java.lang.NullPointerException if algorithm is null

getInstance

Added in API level 35
open static fun getInstance(
    algorithm: String!,
    params: SecureRandomParameters!,
    provider: Provider!
): SecureRandom!

Returns a SecureRandom object that implements the specified Random Number Generator (RNG) algorithm and supports the specified SecureRandomParameters request.

A new SecureRandom object encapsulating the SecureRandomSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.

Parameters
algorithm String!: the name of the RNG algorithm. See the SecureRandom section in the Java Security Standard Algorithm Names Specification for information about standard RNG algorithm names.
params SecureRandomParameters!: the SecureRandomParameters the newly created SecureRandom object must support.
provider Provider!: the provider.
Return
SecureRandom! the new SecureRandom object
Exceptions
java.lang.IllegalArgumentException if the specified provider or params is null
java.security.NoSuchAlgorithmException if the specified provider does not support a SecureRandomSpi implementation for the specified algorithm and parameters
java.lang.NullPointerException if algorithm is null

getInstanceStrong

Added in API level 26
open static fun getInstanceStrong(): SecureRandom!

Returns a SecureRandom object. In Android this is equivalent to get a SHA1PRNG from AndroidOpenSSL. Some situations require strong random values, such as when creating high-value/long-lived secrets like RSA public/private keys. To help guide applications in selecting a suitable strong SecureRandom implementation, Java distributions include a list of known strong SecureRandom implementations in the securerandom.strongAlgorithms Security property.

Every implementation of the Java platform is required to support at least one strong SecureRandom implementation.

Return
SecureRandom! a strong SecureRandom implementation
Exceptions
java.security.NoSuchAlgorithmException if no algorithm is available

getParameters

Added in API level 35
open fun getParameters(): SecureRandomParameters!

Returns the effective SecureRandomParameters for this SecureRandom instance.

The returned value can be different from the SecureRandomParameters object passed into a getInstance method, but it cannot change during the lifetime of this SecureRandom object.

A caller can use the returned value to find out what features this SecureRandom supports.

Return
SecureRandomParameters! the effective SecureRandomParameters parameters, or null if no parameters were used.

getProvider

Added in API level 1
fun getProvider(): Provider!

Returns the provider of this SecureRandom object.

Return
Provider! the provider of this SecureRandom object.

getSeed

Added in API level 1
open static fun getSeed(numBytes: Int): ByteArray!

Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. This call may be used to seed other random number generators.

This method is only included for backwards compatibility. The caller is encouraged to use one of the alternative getInstance methods to obtain a SecureRandom object, and then call the generateSeed method to obtain seed bytes from that object.

Parameters
numBytes Int: the number of seed bytes to generate.
Return
ByteArray! the seed bytes.
Exceptions
java.lang.IllegalArgumentException if numBytes is negative

See Also

    nextBytes

    Added in API level 1
    open fun nextBytes(bytes: ByteArray!): Unit

    Generates a user-specified number of random bytes.

    Parameters
    bytes ByteArray!: the array to be filled in with random bytes.
    Exceptions
    java.lang.NullPointerException if the byte array is null

    nextBytes

    Added in API level 35
    open fun nextBytes(
        bytes: ByteArray!,
        params: SecureRandomParameters!
    ): Unit

    Generates a user-specified number of random bytes with additional parameters.

    Parameters
    bytes ByteArray!: the array to be filled in with random bytes
    params SecureRandomParameters!: additional parameters
    Exceptions
    java.lang.NullPointerException if bytes is null
    java.lang.UnsupportedOperationException if the underlying provider implementation has not overridden this method
    java.lang.IllegalArgumentException if params is null, illegal or unsupported by this SecureRandom

    reseed

    Added in API level 35
    open fun reseed(): Unit

    Reseeds this SecureRandom with entropy input read from its entropy source.

    Exceptions
    java.lang.UnsupportedOperationException if the underlying provider implementation has not overridden this method.

    reseed

    Added in API level 35
    open fun reseed(params: SecureRandomParameters!): Unit

    Reseeds this SecureRandom with entropy input read from its entropy source with additional parameters.

    Note that entropy is obtained from an entropy source. While some data in params may contain entropy, its main usage is to provide diversity.

    Parameters
    params SecureRandomParameters!: extra parameters
    Exceptions
    java.lang.UnsupportedOperationException if the underlying provider implementation has not overridden this method.
    java.lang.IllegalArgumentException if params is null, illegal or unsupported by this SecureRandom

    setSeed

    Added in API level 1
    open fun setSeed(seed: ByteArray!): Unit

    Reseeds this random object with the given seed. The seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.

    A PRNG SecureRandom will not seed itself automatically if setSeed is called before any nextBytes or reseed calls. The caller should make sure that the seed argument contains enough entropy for the security of this SecureRandom.

    Parameters
    seed ByteArray!: the seed.

    See Also

    setSeed

    Added in API level 1
    open fun setSeed(seed: Long): Unit

    Reseeds this random object, using the eight bytes contained in the given long seed. The given seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.

    This method is defined for compatibility with java.util.Random.

    Parameters
    seed Long: the seed.
    Exceptions
    java.lang.UnsupportedOperationException if the setSeed operation is not supported by this random number generator

    See Also

    toString

    Added in API level 1
    open fun toString(): String

    Returns a Human-readable string representation of this SecureRandom.

    Return
    String the string representation

    Protected methods

    next

    Added in API level 1
    protected fun next(numBits: Int): Int

    Generates an integer containing the user-specified number of pseudo-random bits (right justified, with leading zeros). This method overrides a java.util.Random method, and serves to provide a source of random bits to all of the methods inherited from that class (for example, nextInt, nextLong, and nextFloat).

    Parameters
    bits random bits
    numBits Int: number of pseudo-random bits to be generated, where 0 <= numBits <= 32.
    Return
    Int an int containing the user-specified number of pseudo-random bits (right justified, with leading zeros).