Examples of java.security.SecureRandom

• java.security.SecureRandom
  nist.gov/cryptval/140-2.htm"> FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in RFC 1750: Randomness Recommendations for Security.

  A caller obtains a SecureRandom instance via the no-argument constructor or one of the getInstance methods:

   SecureRandom random = new SecureRandom(); 

  Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG), which means they use a deterministic algorithm to produce a pseudo-random sequence from a true random seed. Other implementations may produce true random numbers, and yet others may use a combination of both techniques.

  Typical callers of SecureRandom invoke the following methods to retrieve random bytes:

   SecureRandom random = new SecureRandom(); byte bytes[] = new byte[20]; random.nextBytes(bytes); 

  Callers may also invoke the generateSeed method to generate a given number of seed bytes (to seed other random number generators, for example):

   byte seed[] = random.generateSeed(20); 

  @see java.security.SecureRandomSpi @see java.util.Random @version 1.54, 04/21/06 @author Benjamin Renaud @author Josh Bloch

   * @throws Exception
   */
  public static byte[] decrypt(byte[] src, byte[] key)
    throws Exception {
    //    DES�㷨Ҫ����һ�������ε������Դ
    SecureRandom sr = new SecureRandom();
    // ��ԭʼ�ܳ����ݴ���һ��DESKeySpec����
    DESKeySpec dks = new DESKeySpec(key);
    // ����һ���ܳ׹�����Ȼ��������DESKeySpec����ת����
    // һ��SecretKey����
    SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(DES);

   * @throws Exception
   */
  public static byte[] encrypt(byte[] src, byte[] key)
    throws Exception {
    //    DES�㷨Ҫ����һ�������ε������Դ
    SecureRandom sr = new SecureRandom();
    // ��ԭʼ�ܳ����ݴ���DESKeySpec����
    DESKeySpec dks = new DESKeySpec(key);
    // ����һ���ܳ׹�����Ȼ��������DESKeySpecת����
    // һ��SecretKey����
    SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(DES);

   * @throws Exception
   */
  public static byte[] decrypt(byte[] src, byte[] key)
    throws Exception {
    //    DES�㷨Ҫ����һ�������ε������Դ
    SecureRandom sr = new SecureRandom();
    // ��ԭʼ�ܳ����ݴ���һ��DESKeySpec����
    DESKeySpec dks = new DESKeySpec(key);
    // ����һ���ܳ׹�����Ȼ��������DESKeySpec����ת����
    // һ��SecretKey����
    SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(DES);

            throw new IOException("Could not delete " + file.getAbsolutePath());
        }
    }

    private static void testLoop() throws Exception {
        Random random = new SecureRandom();
        while (true) {
            runOneTest(random.nextInt());
        }
    }

            // In this case it is initialized using our own seed implementation
            // and afterwards (in the thread) using the regular algorithm.
            Runnable runnable = new Runnable() {
                public void run() {
                    try {
                        SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
                        byte[] seed = sr.generateSeed(20);
                        synchronized (cachedSecureRandom) {
                            cachedSecureRandom.setSeed(seed);
                            seeded = true;
                        }
                    } catch (Exception e) {
                        // NoSuchAlgorithmException
                        warn("SecureRandom", e);
                    }
                }
            };

            try {
                Thread t = new Thread(runnable);
                // let the process terminate even if generating the seed is really slow
                t.setDaemon(true);
                t.start();
                Thread.yield();
                try {
                    // normally, generateSeed takes less than 200 ms
                    t.join(400);
                } catch (InterruptedException e) {
                    warn("InterruptedException", e);
                }
                if (!seeded) {
                    byte[] seed = generateAlternativeSeed();
                    // this never reduces randomness
                    synchronized (cachedSecureRandom) {
                        cachedSecureRandom.setSeed(seed);
                    }
                }
            } catch (SecurityException e) {
                // workaround for the Google App Engine: don't use a thread
                runnable.run();
                generateAlternativeSeed();
            }

        } catch (Exception e) {
            // NoSuchAlgorithmException
            warn("SecureRandom", e);
            cachedSecureRandom = new SecureRandom();
        }
        return cachedSecureRandom;
    }

     * Get a cryptographically secure pseudo random long value.
     *
     * @return the random long value
     */
    public static long secureRandomLong() {
        SecureRandom sr = getSecureRandom();
        synchronized (sr) {
            return sr.nextLong();
        }
    }

    public static byte[] secureRandomBytes(int len) {
        if (len <= 0) {
            len = 1;
        }
        byte[] buff = new byte[len];
        SecureRandom sr = getSecureRandom();
        synchronized (sr) {
            sr.nextBytes(buff);
        }
        return buff;
    }

     *
     * @param lowerThan the value returned will be lower than this value
     * @return the random long value
     */
    public static int secureRandomInt(int lowerThan) {
        SecureRandom sr = getSecureRandom();
        synchronized (sr) {
            return sr.nextInt(lowerThan);
        }
    }

            byte[]  d = new byte[16];
            byte[]  e = new byte[16];

            if (random == null)
            {
                random = new SecureRandom();
            }

            random.nextBytes(d);
            random.nextBytes(e);

    // System.out.println( "get( " + keys + ") " + this );

    try{
      putInt( buffer, VERSION, 255 );

      SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

      Signature sig = CryptoECCUtils.getSignature(myPrivateKey);

      if ( keys ){

        final byte[] rawMyPubkey = CryptoECCUtils.keyToRawdata(myPublicKey);

        final byte[] rawEphemeralPubkey = CryptoECCUtils.keyToRawdata(ephemeralKeyPair.getPublic());

        sig.update(rawMyPubkey);

        sig.update(rawEphemeralPubkey);

        final byte[] rawSign = sig.sign();

        final byte[] pad = new byte[random.nextInt(32)];

        random.nextBytes(pad);

        putBytes( buffer, rawMyPubkey, 65535 );

        putBytes( buffer, rawEphemeralPubkey, 65535 );

        putBytes( buffer, rawSign, 65535 );

        putBytes( buffer, pad, 65535 );

      }else{

        if ( sharedSecret == null ){

          throw( new CryptoManagerException( "phase error: keys not received" ));
        }

        final byte[] IV = new byte[20 + random.nextInt(32)];

        random.nextBytes(IV);

        sig.update(IV);

        sig.update(sharedSecret);