PK11SecureRandom Design - dogtagpki/jss GitHub Wiki

PK11SecureRandom can be used as follows:

SecureRandom random = SecureRandom.getInstance("pkcs11prng", "Mozilla-JSS");

The Mozilla-JSS refers to JSSProvider which maps the pkcs11prng to JSSSecureRandomSpi:

public final class JSSProvider extends java.security.Provider {

    public JSSProvider() {
        super("Mozilla-JSS", JSS_VERSION, "Provides Signature, Message Digesting, and RNG");

        put("SecureRandom.pkcs11prng", "org.mozilla.jss.provider.java.security.JSSSecureRandomSpi");
    }
}

The JSSSecureRandomSpi uses a random number generator provided by the TokenSupplierManager:

JSSSecureRandom engine = TokenSupplierManager.getTokenSupplier().getSecureRNG();

The TokenSupplierManager uses CryptoManager which returns a PK11SecureRandom instance:

public final class CryptoManager implements TokenSupplier {

    protected CryptoManager()  {
        TokenSupplierManager.setTokenSupplier(this);
        reloadModules();
    }

    public JSSSecureRandom getSecureRNG() {
        return new PK11SecureRandom();
    }
}
⚠️ **GitHub.com Fallback** ⚠️