Difference between revisions of "Random Number Generator"

From Dogtag
Jump to: navigation, search
m
m (Session ID Generator)
Line 23: Line 23:
 
= Session ID Generator =
 
= Session ID Generator =
  
The session ID generator configuration is stored in the web application context files:
+
See [https://github.com/dogtagpki/pki/wiki/Configuring-Session-ID-Generator Configuring Session ID Generator].
* https://github.com/dogtagpki/pki/blob/master/base/ca/tomcat8/conf/Catalina/localhost/ca.xml
 
* https://github.com/dogtagpki/pki/blob/master/base/kra/tomcat8/conf/Catalina/localhost/kra.xml
 
* https://github.com/dogtagpki/pki/blob/master/base/ocsp/tomcat8/conf/Catalina/localhost/ocsp.xml
 
* https://github.com/dogtagpki/pki/blob/master/base/tks/tomcat8/conf/Catalina/localhost/tks.xml
 
* https://github.com/dogtagpki/pki/blob/master/base/tps/tomcat8/conf/Catalina/localhost/tps.xml
 
 
 
<pre>
 
<Manager secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
 
</pre>
 
 
 
See also [https://tomcat.apache.org/tomcat-8.0-doc/config/manager.html Tomcat 8 - The Manager Component].
 
  
 
= See Also =
 
= See Also =

Revision as of 16:19, 29 July 2022

Overview

SecureRandom is a generic Java API to access random number generator functionality.

SecureRandom random = new SecureRandom();

By default SecureRandom will use NativePRNG implementation which uses /dev/urandom for nextBytes() and /dev/random to generateSeed().

The API can be used to access other random number generators using the following interface:

SecureRandom random = SecureRandom.getInstance(algorithm, provider);

SHA1PRNG is a pure Java random number generator. It is not as strong as the algorithms used by approved DRBG mechanisms in NIST SP800-90.

There is a new version of SecureRandom coming in Java 9, JEP-273, which adds SHA-512 and AES-256 based off NIST SP800-90.

JSS provides a FIPS 140-2 compliant random number generator called PK11SecureRandom which can also be used via this API.

JSS Subsystem

See Configuring Random Generator.

Session ID Generator

See Configuring Session ID Generator.

See Also