Rubi Sharmax Rubi Sharmax - 5 months ago 51
Android Question

Does BouncyCastle have a SecureRandom service?

I'm trying to generate cryptographically secure random numbers using Java and using the following code section to create a SecureRandom object to view its provider and algorithm:

Provider prov=new org.spongycastle.jce.provider.BouncyCastleProvider();
Security.insertProviderAt(prov, 1);

SecureRandom sr=new SecureRandom();
srProvider=sr.getProvider().toString();
srAlgorithm=sr.getAlgorithm();


(spongy castle is bouncy castle equivalent for android made by Roberto Tyley - https://github.com/rtyley)

When I display provider and algorithm, it shows: Crypto version 1.0 SHA1PRNG

What surprises me is that the provider isn't Spongycastle even if it is installed as the first provider in the code. I'd like to ask you a) Isn't SecureRandom implemented in Spongy Castle (or Bouncy Castle). b) What "Crypto version 1.0" exactly is (I mean is it Sun JCE provider or what?)

Thanks...

Rubi

Answer

Assuming you are running on Android (you didn't state this explicitly). Bouncy Castle does not provide a SecureRandom implementation. 'Crypto' is the Apache Harmony (on which most of Android's core Java code is based on) JCE provider. There is no Sun JCE code in Android. BTW, the 'Crypto' provider only provides SHA1PRNG (RNG), SHA-1 (hash) and SHA1withDSA (signature) implementations. Everything else is provided by either Bouncy Castle or the OpenSSL-based provider.

Question: Why do you think you need a SecureRandom implementation from Bouncy/Spongy Castle?