Difference between revisions of "Random Number Generator"

From Dogtag
Jump to: navigation, search
m (References)
Line 19: Line 19:
= JSS Subsystem =
= JSS Subsystem =
PKI Server uses a JSS subsystem to initialize JSS environment.
See [https://github.com/dogtagpki/pki/wiki/Configuring-Random-Generator Configuring Random Generator].
The random number generator configuration is located in CS.cfg:
It will use PK11SecureRandom by default. See also [[JSS Subsystem]].
= Session ID Generator =
= Session ID Generator =

Revision as of 16:12, 29 July 2022


SecureRandom is a generic Java API to access random number generator functionality.

SecureRandom random = new SecureRandom();

By default SecureRandom will use NativePRNG implementation which uses /dev/urandom for nextBytes() and /dev/random to generateSeed().

The API can be used to access other random number generators using the following interface:

SecureRandom random = SecureRandom.getInstance(algorithm, provider);

SHA1PRNG is a pure Java random number generator. It is not as strong as the algorithms used by approved DRBG mechanisms in NIST SP800-90.

There is a new version of SecureRandom coming in Java 9, JEP-273, which adds SHA-512 and AES-256 based off NIST SP800-90.

JSS provides a FIPS 140-2 compliant random number generator called PK11SecureRandom which can also be used via this API.

JSS Subsystem

See Configuring Random Generator.

Session ID Generator

The session ID generator configuration is stored in the web application context files:

<Manager secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>

See also Tomcat 8 - The Manager Component.

See Also