This is not an issue, but rather a support request. I didn't find a better place to post it, so please feel free to point me in the right direction and close this ticket if such place exists!
We are already using the Cavium JCE Provider to perform different cryptographic operations in the AWS CloudHSM in our backend systems. Now we want to use it for "true" random number generation.
Our current assumption is that access to the HSM's RNG is possible using the SecureRandom JCE class. However, the Java documentation states that "Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG) […]", so it is not clear to us whether the following code is going to get "true" randomness from the HSM, or instead is going to use a (possibli HSM-seeded) pseudo-RNG.
SecureRandom random = new SecureRandom();
byte bytes[] = new byte[20];
random.nextBytes(bytes);
// or, alternatively
byte seed[] = random.generateSeed(20);
I have been surfing through the AWS CloudHSM documentation and could not find any clear reference to it.
So, in a nutshell, my questions would be:
Is any of the methods above (nextBytes() or generateSeed()) using raw data from the HSM?
If the answer to the previous question is "no", then: which is the right way to generate true randoms using the Cavium JCE API?
Hello!
This is not an issue, but rather a support request. I didn't find a better place to post it, so please feel free to point me in the right direction and close this ticket if such place exists!
We are already using the Cavium JCE Provider to perform different cryptographic operations in the AWS CloudHSM in our backend systems. Now we want to use it for "true" random number generation.
Our current assumption is that access to the HSM's RNG is possible using the SecureRandom JCE class. However, the Java documentation states that "Many SecureRandom implementations are in the form of a pseudo-random number generator (PRNG) […]", so it is not clear to us whether the following code is going to get "true" randomness from the HSM, or instead is going to use a (possibli HSM-seeded) pseudo-RNG.
I have been surfing through the AWS CloudHSM documentation and could not find any clear reference to it. So, in a nutshell, my questions would be:
nextBytes()
orgenerateSeed()
) using raw data from the HSM?Many thanks in advance! Marc