There is a trace statement printed to stdout in the PKCS11SecureRandom constructor.
This is only a problem in one place. Michelle can workaround as follows: Instead of calling: SecureRandom rng = SecureRandom.getInstance("pkcs11prng"); call: JSSSecureRandom rng = CryptoManager.getSecureRNG(); JSSSecureRandom supports the nextByte() method, just like SecureRandom.
This is already fixed on the trunk, but it should be fixed for 3.1.1 as well.
Fixed on JSS_3_1_BRANCH. /cvsroot/mozilla/security/jss/org/mozilla/jss/provider/PKCS11SecureRandom.java,v <-- PKCS11SecureRandom.java new revision: 188.8.131.52; previous revision: 1.2