DRBGusingSHA512 ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- java.security.SecureRandomSpi
- - com.entrust.toolkit.security.crypto.random.FIPS140_2Compliant
  - - com.entrust.toolkit.security.crypto.random.DRBGusingSHA512

All Implemented Interfaces:

java.io.Serializable
```
public final class DRBGusingSHA512
extends FIPS140_2Compliant
```
A software based implementation of the deterministic random bit generator (DRBG), pseudo-random number generator (PRNG) that is based on the algorithm defined by NIST Special Publication 800-90, which uses a SHA512.
An instance of this algorithm can be obtained using the Java Cryptography Architecture (JCA), by requesting a 'DRBGusingSHA512' PRNG from the Entrust cryptographic service provider. This can be done using the following call:

SecureRandom.getInstance("DRBGusingSHA512", "Entrust");

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details

Since:

8.0

See Also:
NIST SP 800-90, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Serialized Form

Constructor Summary

Constructors
Constructor and Description

DRBGusingSHA512()
The constructor; creates a new instance of the DRBGusingSHA512 pseudo-random number generation algorithm.

Constructors
Constructor and Description
`DRBGusingSHA512()` The constructor; creates a new instance of the DRBGusingSHA512 pseudo-random number generation algorithm.

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`engineSetSeed(byte[] seed)` Reseeds this random object.
`static void`	`runFipsKat()` Runs a FIPS 140-2 known answer test on this DRBG.

Methods inherited from class com.entrust.toolkit.security.crypto.random.FIPS140_2Compliant
engineGenerateSeed, engineNextBytes

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - DRBGusingSHA512
```
public DRBGusingSHA512()
                throws java.lang.SecurityException
```
    The constructor; creates a new instance of the DRBGusingSHA512 pseudo-random number generation algorithm.
    Applications should not use this constructor, instead the signature algorithm should be requested from the appropriate JCA/JCE cryptographic service provider as follows: SecureRandom.getInstance("DRBGusingSHA512", "Entrust").
    FIPS 140-2:
    
    FIPS Service: Modify Object
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    status output interface (exceptions)
    Throws:
    
    java.lang.SecurityException
- Method Detail
  - engineSetSeed
```
protected void engineSetSeed(byte[] seed)
                      throws java.lang.SecurityException
```
    Description copied from class: FIPS140_2Compliant
    Reseeds this random object.
    The given seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.
    
    This implementation DOES NOT allow the caller to set the initial seed, even when the caller follows the call to SecureRandom.getInstance() method with a call to the setSeed() method. This ensures that it is impossible to have an initial seed that is not cryptographically strong.
    
    The seed that is passed in is not used directly; instead the seed is hashed before prior to use. The hashing is done because the entropy of the provided seed may not be spread evenly through all of the seed bits (no way to guarantee a cryptographically strong seed will be passed in the API). By passing the seed through a hash (message digest) algorithm, the entropy is spread (more or less) evenly through all of the bits.
    
    Once the provided seed has been hashed, the result is used to supplement (not replace) the existing internal seed data. Following this call, the seed passed is NOT automatically wiped from memory; this SHOULD be done manually. All internal temporary data used is in this call is also automatically wiped following usage.
    FIPS 140-2:
    
    FIPS Service: Modify Object
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    data input interface (parameters)
    
    status output interface (exceptions)
    Specified by:
    
    engineSetSeed in class FIPS140_2Compliant
    
    Parameters:
    seed - [FIPS 140-2 data input] [FIPS 140-2 CSP] the seed.
    
    Throws:
    
    java.lang.SecurityException
  - runFipsKat
```
public static void runFipsKat()
```
    Runs a FIPS 140-2 known answer test on this DRBG.
    This API is intended for internal use only during initialization in FIPS_OPERATIONAL mode; it should NEVER be called externally.
    FIPS 140-2:
    
    FIPS Service: Cryptographic Operation
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    status output interface (exceptions)
    Throws:
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations or the self-test fails

Class DRBGusingSHA512

Constructor Summary

Method Summary

Methods inherited from class com.entrust.toolkit.security.crypto.random.FIPS140_2Compliant

Methods inherited from class java.lang.Object

Constructor Detail

DRBGusingSHA512

Method Detail

engineSetSeed

runFipsKat