Class NonceGenerator

java.lang.Object
cloud.opencode.base.crypto.random.NonceGenerator
public final class NonceGenerator extends Object
Nonce (Number Used Once) generator providing various nonce generation strategies. Nonce(一次性数字)生成器,提供多种 nonce 生成策略。

Features | 主要功能:

  • Cryptographic nonce generation - 加密随机数生成
  • Counter-based and random nonce strategies - 基于计数器和随机的随机数策略

Usage Examples | 使用示例:

NonceGenerator gen = NonceGenerator.random(12);
byte[] nonce = gen.nextNonce();

Security | 安全性:

  • Thread-safe: Yes - 线程安全: 是
  • Null-safe: Yes - 空值安全: 是
Since:
JDK 25, opencode-base-crypto V1.0.0
Author:
Leon Soo www.LeonSoo.com
See Also:

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    AES_GCM_NONCE_SIZE
    Recommended nonce size for AES-GCM (96 bits / 12 bytes).
    static final int
    CHACHA20_NONCE_SIZE
    Recommended nonce size for ChaCha20-Poly1305 (96 bits / 12 bytes).

  • Method Summary

    Modifier and Type
    Method
    Description
    static byte[]
    counter(long counter, int length)
    Generates a counter-based nonce by encoding a counter value into bytes.
    static byte[]
    forAesGcm()
    Generates a 12-byte (96-bit) random nonce suitable for AES-GCM.
    static byte[]
    forAesGcm(SecureRandom random)
    Generates a 12-byte (96-bit) random nonce suitable for AES-GCM using the provided SecureRandom.
    static byte[]
    forChaCha20()
    Generates a 12-byte (96-bit) random nonce suitable for ChaCha20-Poly1305.
    static byte[]
    forChaCha20(SecureRandom random)
    Generates a 12-byte (96-bit) random nonce suitable for ChaCha20-Poly1305 using the provided SecureRandom.
    static byte[]
    hybrid(int totalLength)
    Generates a hybrid nonce combining timestamp with random bytes.
    static byte[]
    hybrid(int totalLength, SecureRandom random)
    Generates a hybrid nonce combining timestamp with random bytes.
    static byte[]
    random(int length)
    Generates a random nonce of the specified length.
    static byte[]
    random(int length, SecureRandom random)
    Generates a random nonce of the specified length using the provided SecureRandom.
    static byte[]
    timestamp(int randomLength)
    Generates a timestamp-based nonce combining current timestamp with random bytes.
    static byte[]
    timestamp(int randomLength, SecureRandom random)
    Generates a timestamp-based nonce combining current timestamp with random bytes.

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • AES_GCM_NONCE_SIZE

      public static final int AES_GCM_NONCE_SIZE
      Recommended nonce size for AES-GCM (96 bits / 12 bytes). AES-GCM 推荐的 nonce 大小(96 位 / 12 字节)。
      See Also:

    • CHACHA20_NONCE_SIZE

      public static final int CHACHA20_NONCE_SIZE
      Recommended nonce size for ChaCha20-Poly1305 (96 bits / 12 bytes). ChaCha20-Poly1305 推荐的 nonce 大小(96 位 / 12 字节)。
      See Also:

  • Method Details

    • random

      public static byte[] random(int length)
      Generates a random nonce of the specified length. 生成指定长度的随机 nonce。
      Parameters:
      length - the length of the nonce in bytes
      Returns:
      array of random nonce bytes
      Throws:
      IllegalArgumentException - if length is not positive

    • random

      public static byte[] random(int length, SecureRandom random)
      Generates a random nonce of the specified length using the provided SecureRandom. 使用提供的 SecureRandom 生成指定长度的随机 nonce。
      Parameters:
      length - the length of the nonce in bytes
      random - the SecureRandom instance to use
      Returns:
      array of random nonce bytes
      Throws:
      IllegalArgumentException - if length is not positive or random is null

    • counter

      public static byte[] counter(long counter, int length)
      Generates a counter-based nonce by encoding a counter value into bytes. Note: The counter must be securely stored and incremented for each operation. 通过将计数器值编码为字节生成基于计数器的 nonce。 注意:计数器必须安全存储并在每次操作时递增。
      Parameters:
      counter - the counter value (must be unique for each operation)
      length - the total length of the nonce in bytes
      Returns:
      array of nonce bytes with counter value
      Throws:
      IllegalArgumentException - if length is less than 8 bytes

    • timestamp

      public static byte[] timestamp(int randomLength)
      Generates a timestamp-based nonce combining current timestamp with random bytes. 生成基于时间戳的 nonce,将当前时间戳与随机字节组合。
      Parameters:
      randomLength - the number of random bytes to append to the timestamp
      Returns:
      array of nonce bytes (timestamp + random bytes)
      Throws:
      IllegalArgumentException - if randomLength is negative

    • timestamp

      public static byte[] timestamp(int randomLength, SecureRandom random)
      Generates a timestamp-based nonce combining current timestamp with random bytes. 生成基于时间戳的 nonce,将当前时间戳与随机字节组合。
      Parameters:
      randomLength - the number of random bytes to append to the timestamp
      random - the SecureRandom instance to use
      Returns:
      array of nonce bytes (timestamp + random bytes)
      Throws:
      IllegalArgumentException - if randomLength is negative or random is null

    • hybrid

      public static byte[] hybrid(int totalLength)
      Generates a hybrid nonce combining timestamp with random bytes. The nonce structure: [8-byte timestamp][remaining random bytes]. 生成混合 nonce,将时间戳与随机字节组合。 Nonce 结构:[8 字节时间戳][剩余随机字节]。
      Parameters:
      totalLength - the total length of the nonce in bytes
      Returns:
      array of hybrid nonce bytes
      Throws:
      IllegalArgumentException - if totalLength is less than 8 bytes

    • hybrid

      public static byte[] hybrid(int totalLength, SecureRandom random)
      Generates a hybrid nonce combining timestamp with random bytes. The nonce structure: [8-byte timestamp][remaining random bytes]. 生成混合 nonce,将时间戳与随机字节组合。 Nonce 结构:[8 字节时间戳][剩余随机字节]。
      Parameters:
      totalLength - the total length of the nonce in bytes
      random - the SecureRandom instance to use
      Returns:
      array of hybrid nonce bytes
      Throws:
      IllegalArgumentException - if totalLength is less than 8 bytes or random is null

    • forAesGcm

      public static byte[] forAesGcm()
      Generates a 12-byte (96-bit) random nonce suitable for AES-GCM. This is the NIST-recommended nonce size for AES-GCM. 生成适用于 AES-GCM 的 12 字节(96 位)随机 nonce。 这是 NIST 推荐的 AES-GCM nonce 大小。
      Returns:
      12-byte array of random nonce bytes

    • forAesGcm

      public static byte[] forAesGcm(SecureRandom random)
      Generates a 12-byte (96-bit) random nonce suitable for AES-GCM using the provided SecureRandom. 使用提供的 SecureRandom 生成适用于 AES-GCM 的 12 字节(96 位)随机 nonce。
      Parameters:
      random - the SecureRandom instance to use
      Returns:
      12-byte array of random nonce bytes
      Throws:
      IllegalArgumentException - if random is null

    • forChaCha20

      public static byte[] forChaCha20()
      Generates a 12-byte (96-bit) random nonce suitable for ChaCha20-Poly1305. 生成适用于 ChaCha20-Poly1305 的 12 字节(96 位)随机 nonce。
      Returns:
      12-byte array of random nonce bytes

    • forChaCha20

      public static byte[] forChaCha20(SecureRandom random)
      Generates a 12-byte (96-bit) random nonce suitable for ChaCha20-Poly1305 using the provided SecureRandom. 使用提供的 SecureRandom 生成适用于 ChaCha20-Poly1305 的 12 字节(96 位)随机 nonce。
      Parameters:
      random - the SecureRandom instance to use
      Returns:
      12-byte array of random nonce bytes
      Throws:
      IllegalArgumentException - if random is null