I've been experimenting with the BouncyCastle API for Java and slowly working my way through their "Java Cryptography - Tools and Techniques" ebook. The book contains a short section titled "A Word About Entropy" which states the following:
What the JVM is using as an entropy source will vary, on Linux for example, it is normally set to “/dev/random” which may block. Usually installing “rng-tools” or the nearest equivalent will deal with this as it will also expose any underlying hardware supporting RNG generation to be used for seeding “/dev/random”. With some virtual environments hardware RNG may never be available, in that case it is important to find other ways of making entropy available to your JVM. Ways of doing this will vary with the environment you are using.
I might be misunderstanding what this excerpt is saying, but how exactly can I make entropy available to the JVM? The book isn't very specific about this other than stating that the "Ways of doing this will vary with the environment you are using". Is there some kind of Entropy SPI that I am unaware of which can be used to make a source of entropy available to the JVM? My question isn't how to generate entropy or retrieve it from the JVM, but rather, if I already know of and have access to a reliable source of entropy (Such as a file of random bits) how can I make this source of entropy available to the JVM so that it may be used for seeding in cases where other secure sources of entropy are unavailable?
This may vary depending on the JVM vendor but as per
Avoiding JVM Delays Caused by Random Number Generation for Sun/Oracle JVM one can set securerandom.source property in $JAVA_HOME/jre/lib/security/java.security file. This allows to change the source of entropy e.g. from /dev/random to /dev/urandom.
To add more entropy one can simply write to /dev/random. As per this answer this can potentially not be secure but:
It is also possible to write to /dev/random. This allows any user to mix random data into the pool.