000027426 - How to set the default random algorithm for Crypto-J and Cert-J

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027426
Applies ToCert-J 3.1
Crypto-J 4.1
IssueHow to set the default random algorithm for Crypto-J and Cert-J
Notes

The Crypto-J Installation Guide mentions that the following values can be set:


- ECDRBG
- ECDRBG128                                                   (this is the new default)
- ECDRBG192
- ECDRBG256
- HMACDRBG
- HMACDRBG128
- HMACDRBG192
- HMACDRBG256
- FIPS186Random                                  (this was the previous default)
- FIPS186PRNG


You can set the com.rsa.crypto.default.random property in 3 ways:


1. Modify the java.security file:
                Add "com.rsa.crypto.default.random=FIPS186Random" anywhere in the file.
2. Set the property on the command line when running the application:
                Add "-Dcom.rsa.crypto.default.random=FIPS186Random" in the java command line.
3. Set the property within your application before using the default random:
                Security.setProperty("com.rsa.crypto.default.random", "FIPS186Random");


The safe recommendations are 1 & 2, which should work in all cases. 3 works if you make sure it is set before the first use of the default random. For example, the Cert-J performance tests set this property in the static initializer of the class with the main method:


static {
   Security.setProperty("com.rsa.crypto.default.random",
"FIPS186PRNG");
}

Legacy Article IDa49058

Attachments

    Outcomes