to top
Android APIs
public class

SecureRandom

extends Random
java.lang.Object
   ↳ java.util.Random
     ↳ java.security.SecureRandom

Class Overview

This class generates cryptographically secure pseudo-random numbers. It is best to invoke SecureRandom using the default constructor. This will provide an instance of the most cryptographically strong provider available:

SecureRandom sr = new SecureRandom();
 byte[] output = new byte[16];
 sr.nextBytes(output);

The default algorithm is defined by the first SecureRandomSpi provider found in the installed security providers. Use Security to install custom SecureRandomSpi providers.

Note that the output of a SecureRandom instance should never be relied upon to be deterministic. For deterministic output from a given input, see MessageDigest which provides one-way hash functions. For deriving keys from passwords, see SecretKeyFactory.

Seeding SecureRandom may be insecure

A seed is an array of bytes used to bootstrap random number generation. To produce cryptographically secure random numbers, both the seed and the algorithm must be secure.

By default, instances of this class will generate an initial seed using an internal entropy source, such as /dev/urandom. This seed is unpredictable and appropriate for secure use.

Using the seeded constructor or calling setSeed(byte[]) may completely replace the cryptographically strong default seed causing the instance to return a predictable sequence of numbers unfit for secure use. Due to variations between implementations it is not recommended to use setSeed at all.

Summary

Public Constructors
SecureRandom()
Constructs a new SecureRandom that uses the default algorithm.
SecureRandom(byte[] seed)
Constructs a new seeded SecureRandom that uses the default algorithm.
Protected Constructors
SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider)
Constructs a new instance of SecureRandom using the given implementation from the specified provider.
Public Methods
byte[] generateSeed(int numBytes)
Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.
String getAlgorithm()
Returns the name of the algorithm of this SecureRandom.
static SecureRandom getInstance(String algorithm, String provider)
Returns a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.
static SecureRandom getInstance(String algorithm, Provider provider)
Returns a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.
static SecureRandom getInstance(String algorithm)
Returns a new instance of SecureRandom that utilizes the specified algorithm.
final Provider getProvider()
Returns the provider associated with this SecureRandom.
static byte[] getSeed(int numBytes)
Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.
synchronized void nextBytes(byte[] bytes)
Generates and stores random bytes in the given byte[] for each array element.
synchronized void setSeed(byte[] seed)
Seeds this SecureRandom instance with the specified seed.
void setSeed(long seed)
Seeds this SecureRandom instance with the specified eight-byte seed.
Protected Methods
final int next(int numBits)
Generates and returns an int containing the specified number of random bits (right justified, with leading zeros).
[Expand]
Inherited Methods
From class java.util.Random
From class java.lang.Object

Public Constructors

public SecureRandom ()

Added in API level 1

Constructs a new SecureRandom that uses the default algorithm.

public SecureRandom (byte[] seed)

Added in API level 1

Constructs a new seeded SecureRandom that uses the default algorithm. Seeding SecureRandom may be insecure.

Protected Constructors

protected SecureRandom (SecureRandomSpi secureRandomSpi, Provider provider)

Added in API level 1

Constructs a new instance of SecureRandom using the given implementation from the specified provider.

Parameters
secureRandomSpi the implementation.
provider the security provider.

Public Methods

public byte[] generateSeed (int numBytes)

Added in API level 1

Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.

Parameters
numBytes the number of seed bytes.
Returns
  • the seed bytes.

public String getAlgorithm ()

Added in API level 1

Returns the name of the algorithm of this SecureRandom.

Returns
  • the name of the algorithm of this SecureRandom.

public static SecureRandom getInstance (String algorithm, String provider)

Added in API level 1

Returns a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.

Parameters
algorithm the name of the algorithm to use.
provider the name of the provider.
Returns
  • a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.
Throws
NoSuchAlgorithmException if the specified algorithm is not available.
NoSuchProviderException if the specified provider is not available.
NullPointerException if algorithm is null.
IllegalArgumentException if provider == null || provider.isEmpty()

public static SecureRandom getInstance (String algorithm, Provider provider)

Added in API level 1

Returns a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.

Parameters
algorithm the name of the algorithm to use.
provider the security provider.
Returns
  • a new instance of SecureRandom that utilizes the specified algorithm from the specified provider.
Throws
NoSuchAlgorithmException if the specified algorithm is not available.
NullPointerException if algorithm is null.
IllegalArgumentException if provider == null

public static SecureRandom getInstance (String algorithm)

Added in API level 1

Returns a new instance of SecureRandom that utilizes the specified algorithm.

Parameters
algorithm the name of the algorithm to use.
Returns
  • a new instance of SecureRandom that utilizes the specified algorithm.
Throws
NoSuchAlgorithmException if the specified algorithm is not available.
NullPointerException if algorithm is null.

public final Provider getProvider ()

Added in API level 1

Returns the provider associated with this SecureRandom.

Returns
  • the provider associated with this SecureRandom.

public static byte[] getSeed (int numBytes)

Added in API level 1

Generates and returns the specified number of seed bytes, computed using the seed generation algorithm used by this SecureRandom.

Parameters
numBytes the number of seed bytes.
Returns
  • the seed bytes

public synchronized void nextBytes (byte[] bytes)

Added in API level 1

Generates and stores random bytes in the given byte[] for each array element.

Parameters
bytes the byte[] to be filled with random bytes.

public synchronized void setSeed (byte[] seed)

Added in API level 1

Seeds this SecureRandom instance with the specified seed. Seeding SecureRandom may be insecure.

public void setSeed (long seed)

Added in API level 1

Seeds this SecureRandom instance with the specified eight-byte seed. Seeding SecureRandom may be insecure.

Protected Methods

protected final int next (int numBits)

Added in API level 1

Generates and returns an int containing the specified number of random bits (right justified, with leading zeros).

Parameters
numBits number of bits to be generated. An input value should be in the range [0, 32].
Returns
  • an int containing the specified number of random bits.