beth-soptim
diff --git a/‎kse/src/main/java/org/kse/KSE.java‎
Lines changed: 2 additions & 0 deletions b/‎kse/src/main/java/org/kse/KSE.java‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎kse/src/main/java/org/kse/crypto/encryption/AES.java‎
Lines changed: 2 additions & 1 deletion b/‎kse/src/main/java/org/kse/crypto/encryption/AES.java‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎kse/src/main/java/org/kse/crypto/keypair/KeyPairUtil.java‎
Lines changed: 7 additions & 7 deletions b/‎kse/src/main/java/org/kse/crypto/keypair/KeyPairUtil.java‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎kse/src/main/java/org/kse/crypto/privatekey/MsPvkUtil.java‎
Lines changed: 2 additions & 2 deletions b/‎kse/src/main/java/org/kse/crypto/privatekey/MsPvkUtil.java‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎kse/src/main/java/org/kse/crypto/privatekey/OpenSslPvkUtil.java‎
Lines changed: 2 additions & 2 deletions b/‎kse/src/main/java/org/kse/crypto/privatekey/OpenSslPvkUtil.java‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎kse/src/main/java/org/kse/crypto/secretkey/SecretKeyUtil.java‎
Lines changed: 2 additions & 2 deletions b/‎kse/src/main/java/org/kse/crypto/secretkey/SecretKeyUtil.java‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎kse/src/main/java/org/kse/crypto/signing/JarSigner.java‎
Lines changed: 2 additions & 2 deletions b/‎kse/src/main/java/org/kse/crypto/signing/JarSigner.java‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎kse/src/main/java/org/kse/crypto/signing/TimeStampingClient.java‎
Lines changed: 2 additions & 1 deletion b/‎kse/src/main/java/org/kse/crypto/signing/TimeStampingClient.java‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎kse/src/main/java/org/kse/gui/actions/PreferencesAction.java‎
Lines changed: 4 additions & 0 deletions b/‎kse/src/main/java/org/kse/gui/actions/PreferencesAction.java‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎kse/src/main/java/org/kse/gui/actions/VerifyCertificateAction.java‎
Lines changed: 2 additions & 2 deletions b/‎kse/src/main/java/org/kse/gui/actions/VerifyCertificateAction.java‎
Lines changed: 2 additions & 2 deletions
@@ -48,6 +48,7 @@
 import org.kse.gui.preferences.data.LanguageItem;
 import org.kse.utilities.net.ProxySettingsUpdater;
 import org.kse.utilities.os.OperatingSystem;
+import org.kse.utilities.rng.RNG;
 import org.kse.version.Version;
 
 import com.sun.jna.Library;
@@ -118,6 +119,7 @@ public static void main(String[] args) {
             Security.addProvider(BC);
 
             Pkcs12Util.setEncryptionStrength(preferences.getPkcs12EncryptionSetting());
+            RNG.setType(preferences.getRngTypeSetting());
 
             setProperties(preferences.getProperties());
 
 
@@ -35,6 +35,7 @@
 import javax.crypto.spec.SecretKeySpec;
 
 import org.kse.gui.passwordmanager.EncryptionAlgorithm;
+import org.kse.utilities.rng.RNG;
 
 /**
  * Simplify AES encryption and decryption by wrapping the JCE calls
@@ -133,7 +134,7 @@ public static byte[] decryptAesGcm(byte[] encrData, byte[] iv, SecretKey aesKey)
     public static SecretKey generateKey(int keyLength) {
         try {
             KeyGenerator keyGen = KeyGenerator.getInstance("AES");
-            keyGen.init(keyLength, SecureRandom.getInstanceStrong());
+            keyGen.init(keyLength, RNG.newInstanceForLongLivedSecrets());
             return keyGen.generateKey();
         } catch (NoSuchAlgorithmException e) {
             throw new EncryptionException("AES algorithm not available", e);
 
@@ -75,7 +75,7 @@
 import org.kse.crypto.ecc.CurveSet;
 import org.kse.crypto.ecc.EccUtil;
 import org.kse.crypto.ecc.EdDSACurves;
-import org.kse.utilities.rng.StrongRNG;
+import org.kse.utilities.rng.RNG;
 
 /**
  * Provides utility methods relating to asymmetric key pairs.
@@ -114,7 +114,7 @@ public static KeyPair generateKeyPair(KeyPairType keyPairType, int keySize, Prov
             }
 
             // Initialise key pair generator with key strength and randomness
-            keyPairGen.initialize(keySize, StrongRNG.newInstance());
+            keyPairGen.initialize(keySize, RNG.newInstanceForLongLivedSecrets());
 
             // Generate and return the key pair
             return keyPairGen.generateKeyPair();
@@ -139,17 +139,17 @@ public static KeyPair generateECKeyPair(String curveName, Provider provider) thr
 
             if (EdDSACurves.ED25519.jce().equals(curveName) || EdDSACurves.ED448.jce().equals(curveName)) {
                 keyPairGen = KeyPairGenerator.getInstance(curveName, KSE.BC);
-                keyPairGen.initialize(new ECGenParameterSpec(curveName), StrongRNG.newInstance());
+                keyPairGen.initialize(new ECGenParameterSpec(curveName), RNG.newInstanceForLongLivedSecrets());
             } else if (CurveSet.ECGOST.getAllCurveNames().contains(curveName)) {
                 KeyPairType keyPairType = KeyPairType.getGostTypeFromCurve(curveName);
                 keyPairGen = KeyPairGenerator.getInstance(keyPairType.jce(), KSE.BC);
-                keyPairGen.initialize(new ECGenParameterSpec(curveName), StrongRNG.newInstance());
+                keyPairGen.initialize(new ECGenParameterSpec(curveName), RNG.newInstanceForLongLivedSecrets());
             } else if (provider != null) {
                 keyPairGen = KeyPairGenerator.getInstance(KeyPairType.EC.jce(), provider);
-                keyPairGen.initialize(new ECGenParameterSpec(curveName), StrongRNG.newInstance());
+                keyPairGen.initialize(new ECGenParameterSpec(curveName), RNG.newInstanceForLongLivedSecrets());
             } else {
                 keyPairGen = KeyPairGenerator.getInstance(KeyPairType.EC.jce(), KSE.BC);
-                keyPairGen.initialize(new ECGenParameterSpec(curveName), StrongRNG.newInstance());
+                keyPairGen.initialize(new ECGenParameterSpec(curveName), RNG.newInstanceForLongLivedSecrets());
             }
 
             // Generate and return the key pair
@@ -179,7 +179,7 @@ public static KeyPair generateKeyPair(KeyPairType keyPairType, Provider provider
             } else {
                 keyPairGen = KeyPairGenerator.getInstance(keyPairType.jce(), KSE.BC);
             }
-            keyPairGen.initialize(new NamedParameterSpec(keyPairType.jce()), SecureRandom.getInstanceStrong());
+            keyPairGen.initialize(new NamedParameterSpec(keyPairType.jce()), RNG.newInstanceForLongLivedSecrets());
 
             return keyPairGen.generateKeyPair();
         } catch (GeneralSecurityException ex) {
 
@@ -47,7 +47,7 @@
 import org.kse.crypto.keypair.KeyPairUtil;
 import org.kse.gui.passwordmanager.Password;
 import org.kse.utilities.io.UnsignedUtil;
-import org.kse.utilities.rng.StrongRNG;
+import org.kse.utilities.rng.RNG;
 
 // @formatter:off
 /**
@@ -913,7 +913,7 @@ private static byte[] encryptPrivateKeyBlob(byte[] privateKeyBlob, byte[] rc4Key
     }
 
     private static byte[] generate16ByteSalt() {
-        return StrongRNG.generate(ENCRYPTED_SALT_LENGTH);
+        return RNG.generate(ENCRYPTED_SALT_LENGTH);
     }
 
     private static byte[] getBufferBytes(ByteBuffer bb) {
 
@@ -68,7 +68,7 @@
 import org.kse.utilities.pem.PemAttributes;
 import org.kse.utilities.pem.PemInfo;
 import org.kse.utilities.pem.PemUtil;
-import org.kse.utilities.rng.StrongRNG;
+import org.kse.utilities.rng.RNG;
 
 /**
  * Provides utility methods relating to OpenSSL (= PKCS#1 for RSA) encoded private keys.
@@ -537,7 +537,7 @@ handle EC structure first (RFC 5915)
     }
 
     private static byte[] generateSalt(int size) {
-        return StrongRNG.generate(size);
+        return RNG.generate(size);
     }
 
     private static byte[] deriveKeyFromPassword(Password password, byte[] salt, int keySize) throws CryptoException {
 
@@ -32,7 +32,7 @@
 import org.kse.KSE;
 import org.kse.crypto.CryptoException;
 import org.kse.crypto.KeyInfo;
-import org.kse.utilities.rng.StrongRNG;
+import org.kse.utilities.rng.RNG;
 
 public final class SecretKeyUtil {
     private static ResourceBundle res = ResourceBundle.getBundle("org/kse/crypto/secretkey/resources");
@@ -51,7 +51,7 @@ private SecretKeyUtil() {
     public static SecretKey generateSecretKey(SecretKeyType secretKeyType, int keySize) throws CryptoException {
         try {
             KeyGenerator keyGenerator = KeyGenerator.getInstance(secretKeyType.jce(), KSE.BC);
-            keyGenerator.init(keySize, StrongRNG.newInstance());
+            keyGenerator.init(keySize, RNG.newInstanceForLongLivedSecrets());
 
             return keyGenerator.generateKey();
         } catch (GeneralSecurityException ex) {
 
@@ -73,7 +73,7 @@
 import org.kse.crypto.CryptoException;
 import org.kse.crypto.digest.DigestType;
 import org.kse.crypto.digest.DigestUtil;
-import org.kse.utilities.rng.StrongRNG;
+import org.kse.utilities.rng.RNG;
 
 /**
  * Class provides functionality to sign JAR files.
@@ -685,7 +685,7 @@ private static byte[] createSignatureBlock(byte[] toSign, PrivateKey privateKey,
             Collections.addAll(certList, certificateChain);
 
             DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider(KSE.BC).build();
-            JcaContentSignerBuilder csb = new JcaContentSignerBuilder(signatureType.jce()).setSecureRandom(StrongRNG.newInstance());
+            JcaContentSignerBuilder csb = new JcaContentSignerBuilder(signatureType.jce()).setSecureRandom(RNG.newInstanceForLongLivedSecrets());
             if (provider != null) {
                 csb.setProvider(provider);
             }
 
@@ -45,6 +45,7 @@
 import org.bouncycastle.tsp.TimeStampToken;
 import org.bouncycastle.util.encoders.Base64;
 import org.kse.crypto.digest.DigestType;
+import org.kse.utilities.rng.RNG;
 
 public class TimeStampingClient {
 
@@ -127,7 +128,7 @@ public void checkClientTrusted(X509Certificate[] certs, String authType) {
                 @Override
                 public void checkServerTrusted(X509Certificate[] certs, String authType) {
                 }
-            } }, new java.security.SecureRandom());
+            } }, RNG.newInstanceDefault());
         } catch (NoSuchAlgorithmException | KeyManagementException e) {
             throw new IOException(e);
         }
 
@@ -37,6 +37,7 @@
 
 import com.formdev.flatlaf.FlatLaf;
 import com.formdev.flatlaf.extras.FlatAnimatedLafChange;
+import org.kse.utilities.rng.RNG;
 
 /**
  * Action to show preferences.
@@ -110,6 +111,9 @@ public void showPreferences() {
         preferences.setPkcs12EncryptionSetting(dPreferences.getPkcs12EncryptionSetting());
         Pkcs12Util.setEncryptionStrength(preferences.getPkcs12EncryptionSetting());
 
+        preferences.setRngTypeSetting(dPreferences.getRngTypeSetting());
+        RNG.setType(preferences.getRngTypeSetting());
+
         preferences.setLookAndFeelClass(dPreferences.getLookFeelInfo().getClassName());
         preferences.setLookAndFeelDecorated(dPreferences.getLookFeelDecoration());
 
 
@@ -35,7 +35,6 @@
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
-import java.security.SecureRandom;
 import java.security.Security;
 import java.security.SignatureException;
 import java.security.cert.CertPath;
@@ -96,6 +95,7 @@
 import org.kse.gui.error.Problem;
 import org.kse.utilities.StringUtils;
 import org.kse.utilities.history.KeyStoreHistory;
+import org.kse.utilities.rng.RNG;
 
 public class VerifyCertificateAction extends KeyStoreExplorerAction {
 
@@ -241,7 +241,7 @@ private static OCSPReq makeOcspRequest(X509Certificate caCert, X509Certificate c
         gen.addRequest(certId);
         if (includeNonce) {
             byte[] nonce = new byte[16];
-            new SecureRandom().nextBytes(nonce);
+            RNG.newInstanceDefault().nextBytes(nonce);
             ExtensionsGenerator extGen = new ExtensionsGenerator();
             extGen.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce));
             gen.setRequestExtensions(extGen.generate());
Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@`
`47`	`47`	`import org.kse.crypto.keypair.KeyPairUtil;`
`48`	`48`	`import org.kse.gui.passwordmanager.Password;`
`49`	`49`	`import org.kse.utilities.io.UnsignedUtil;`
`50`		`-import org.kse.utilities.rng.StrongRNG;`
	`50`	`+import org.kse.utilities.rng.RNG;`
`51`	`51`
`52`	`52`	`// @formatter:off`
`53`	`53`	`/**`
`@@ -913,7 +913,7 @@ private static byte[] encryptPrivateKeyBlob(byte[] privateKeyBlob, byte[] rc4Key`
`913`	`913`	`}`
`914`	`914`
`915`	`915`	`private static byte[] generate16ByteSalt() {`
`916`		`- return StrongRNG.generate(ENCRYPTED_SALT_LENGTH);`
	`916`	`+ return RNG.generate(ENCRYPTED_SALT_LENGTH);`
`917`	`917`	`}`
`918`	`918`
`919`	`919`	`private static byte[] getBufferBytes(ByteBuffer bb) {`
Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@`
`68`	`68`	`import org.kse.utilities.pem.PemAttributes;`
`69`	`69`	`import org.kse.utilities.pem.PemInfo;`
`70`	`70`	`import org.kse.utilities.pem.PemUtil;`
`71`		`-import org.kse.utilities.rng.StrongRNG;`
	`71`	`+import org.kse.utilities.rng.RNG;`
`72`	`72`
`73`	`73`	`/**`
`74`	`74`	`* Provides utility methods relating to OpenSSL (= PKCS#1 for RSA) encoded private keys.`
`@@ -537,7 +537,7 @@ handle EC structure first (RFC 5915)`
`537`	`537`	`}`
`538`	`538`
`539`	`539`	`private static byte[] generateSalt(int size) {`
`540`		`- return StrongRNG.generate(size);`
	`540`	`+ return RNG.generate(size);`
`541`	`541`	`}`
`542`	`542`
`543`	`543`	`private static byte[] deriveKeyFromPassword(Password password, byte[] salt, int keySize) throws CryptoException {`
Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,7 @@`
`45`	`45`	`import org.bouncycastle.tsp.TimeStampToken;`
`46`	`46`	`import org.bouncycastle.util.encoders.Base64;`
`47`	`47`	`import org.kse.crypto.digest.DigestType;`
	`48`	`+import org.kse.utilities.rng.RNG;`
`48`	`49`
`49`	`50`	`public class TimeStampingClient {`
`50`	`51`
`@@ -127,7 +128,7 @@ public void checkClientTrusted(X509Certificate[] certs, String authType) {`
`127`	`128`	`@Override`
`128`	`129`	`public void checkServerTrusted(X509Certificate[] certs, String authType) {`
`129`	`130`	`}`
`130`		`- } }, new java.security.SecureRandom());`
	`131`	`+ } }, RNG.newInstanceDefault());`
`131`	`132`	`} catch (NoSuchAlgorithmException \| KeyManagementException e) {`
`132`	`133`	`throw new IOException(e);`
`133`	`134`	`}`