prng.package-info Maven / Gradle / Ivy
Show all versions of SecurePRNG-core Show documentation
/**
* Secure Random Number Generation in Java.
*
* Installation
*
* To use this library in an application, you should do one of the following:
*
* As a normal security Provider
SecureRandom rand = new SecureRandom("Nist-SHA256",new prng.SecureRandomProvider());
*
* As a default security Provider
prng.SecureRandomProvider.install(true);
Installs the secure random provider as the
* default secure random provider, so calls to new SecureRandom() will use on of its algorithms.
*
* As an application override
java -javaagent:prng-1.0.0.jar ...rest of command line
Install the secure random
* provider and the default secure random number generator implementation prior to invoking the application's main method.
*
* As a platform extension
*
* The provider may be made a standard provider for all applications using a given Java Runtime Environment.
*
* - Copy
prng-1.0.0.jar to [java home]/jre/lib/ext - Open the file
[java
* home]/jre/lib/security/java.security in a text editor. - Add a line such as:
security.provider.1=prng.SecureRandomProvider
* - Adjust all the other
security.provider.N entries so each one has a unique name with the order you desire - Save the file
*
*
Permissions
The library requires permission to use unlimited strength cryptography. Consult the JCE documentation for how to configure
* that.
*
* The library uses the following JRE security permissions:
*
* - SecurityPermission insertProvider (JDK8+)
- SecurityPermission insertProvider.SecureRandomProvider
- Required to add this
* provider
*
* - SecurityPermission getProperty.securerandom.strongAlgorithms
- SecurityPermission setProperty.securerandom.strongAlgorithms
- Required to
* set the "strong" secure random algorithm.
*
* - RuntimePermission preferences
- Required for storing seed data in user or system preferences
*
* - PropertyPermission * read,write
- Required to resolve properties mentioned in the configuration file. Used in creating nonce factory. Note: the
* "write" permission is never used, but
System.getProperties() method requires it.
*
* - RuntimePermission getenv.*
- Required to environment variables mentioned in the configuration file. Used in creating nonce factory.
*
* - ManagementPermission monitor
- Used in creating nonce factory.
*
* - NetPermission getNetworkInformation
- The Type-1 UUIDs include the local MAC address. This permission is required to retrieve that.
*
* - SocketPermission * connect,resolve
- Required for local host and internet entropy URLs. Local host is used in creating the Type 1 UUIDs. A
* restricted alternative to '*' is in the example policy file.
*
* - URLPermission * get,post
- Required for internet entropy URLs. A restricted alternative to '*' is in the example policy file.
*
*
* - AWTPermission createRobot
- AWTPermission readDisplayPixels
- Used to collect entropy from the current display. The pixels of a random
* section of the display are passed into a secure hash, and the hash is used as entropy.
*
*
Configuration
The library is configured via the prng/secure-prng.properties file. See the comments in the file itself for what
* options are available. All options are described in the file.
*
*
Logging
This library uses the SLF4J for logging. The following loggers are defined:
* - prng.SecureRandomProvider
- Messages related to activating the provider and security privileges.
- prng.SystemRandom
- Messages
* related to use of the standard JRE SecureRandom instances
*
* - prng.collector.EntropyCollector
- Messages related to creating the entropy collectors, and collecting entropy.
*
* - prng.internet.NetRandom
- Messages related to internet sources entropy.
*
* - prng.seeds.SeedStorage
- Messages related to the storage and retrieval of seed entropy.
*
* - prng.utility.Config
- Messages concerning the use of the
prng/secure-prng.properties file.
*
* - prng.utility.TimeBasedUUID
- Messages related to creating a Type-1 UUID source.
*
*
*
* @author Simon Greatrix
*/
package prng;