-
Notifications
You must be signed in to change notification settings - Fork 30
PK11SecureRandom Design
Endi S. Dewata edited this page Jul 29, 2022
·
2 revisions
PK11SecureRandom can be used as follows:
SecureRandom random = SecureRandom.getInstance("pkcs11prng", "Mozilla-JSS");
The Mozilla-JSS refers to JSSProvider which maps the pkcs11prng to JSSSecureRandomSpi:
public final class JSSProvider extends java.security.Provider {
public JSSProvider() {
super("Mozilla-JSS", JSS_VERSION, "Provides Signature, Message Digesting, and RNG");
put("SecureRandom.pkcs11prng", "org.mozilla.jss.provider.java.security.JSSSecureRandomSpi");
}
}
The JSSSecureRandomSpi uses a random number generator provided by the TokenSupplierManager:
JSSSecureRandom engine = TokenSupplierManager.getTokenSupplier().getSecureRNG();
The TokenSupplierManager uses CryptoManager which returns a PK11SecureRandom instance:
public final class CryptoManager implements TokenSupplier {
protected CryptoManager() {
TokenSupplierManager.setTokenSupplier(this);
reloadModules();
}
public JSSSecureRandom getSecureRNG() {
return new PK11SecureRandom();
}
}