Why does engineGeneratePublic need to use SecureRandom?

[artoonie]

Given the following:

import java.security.PublicKey;
import java.security.spec.RSAPublicKeySpec;
RSAPublicKeySpec spec = new RSAPublicKeySpec(rsaModulus, rsaExponent);
PublicKey publicKey = KeyFactory.getInstance("RSA").generatePublic(spec);

Why does generatePublic need to generate a random number? This operation is fully deterministic.

The following is the stack trace starting at generatePublic:

	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$CoreSecureRandom.<init>(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$4.run(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$4.run(Unknown Source)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getCoreSecureRandom(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.access$600(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$2.run(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$2.run(Unknown Source)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getEntropySourceProvider(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$PooledSecureRandomProvider.get(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.crypto.CryptoServicesRegistrar.getSecureRandomIfSet(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getDefaultSecureRandom(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.ProvRandom$1.createInstance(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$BcService.newInstance(Unknown Source)
	at java.base/java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:296)
	at java.base/java.security.SecureRandom.<init>(SecureRandom.java:225)
	at org.bouncycastle.fips.core/org.bouncycastle.crypto.asymmetric.KeyUtils.validatedModulus(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.crypto.asymmetric.KeyUtils.validated(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.crypto.asymmetric.AsymmetricRSAPublicKey.<init>(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.ProvRSAPublicKey.<init>(Unknown Source)
	at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.ProvRSA$RSAKeyFactory.engineGeneratePublic(Unknown Source)
	at java.base/java.security.KeyFactory.generatePublic(KeyFactory.java:351)

Forgive me if this is a more basic RSA question that belongs on stackoverflow, and not one specific to bouncycastle.

[peterdettman]

It is used in public key validation, specifically for Miller-Rabin tests on the modulus.

[artoonie]

Gotcha, thank you!

I may have questions later about how to get a FIPS-certified SecureRandom implementation if needed, but I'll follow the proper FIPS channels for that question.