Go to main content

man pages section 7: Standards, Environments, Macros, Character Sets, and Miscellany

Exit Print View

Updated: Wednesday, July 27, 2022

crypto (7erl)


crypto - The Crypto Application


Please see following description for synopsis


Erlang Application Definition                                        crypto(7)

       crypto - The Crypto Application

       The  purpose  of  the Crypto application is to provide an Erlang API to
       cryptographic functions, see crypto(3). Note  that  the  API  is  on  a
       fairly  low level and there are some corresponding API functions avail-
       able in public_key(3), on a higher abstraction  level,  that  uses  the
       crypto application in its implementation.

       The  current  crypto  implementation  uses  nifs  to interface OpenSSLs
       crypto library and may work with limited functionality with as old ver-
       sions  as  OpenSSL  0.9.8c. FIPS mode support requires at least version
       1.0.1 and a FIPS capable OpenSSL installation.  We  recommend  using  a
       version  that  is officially supported by the OpenSSL project. API com-
       patible backends like LibreSSL should also work.

       The crypto app is tested daily with at least one version of each of the
       OpenSSL  0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0 and 1.1.1. FIPS mode is also

       Compiling, linking and running with OpenSSL 3.0.0  works  although  the
       crypto app calls deprecated functions. We do not recommend it for other
       than experimental purposes or alpha testing, since  it  is  not  exten-
       sively tested yet.

       Source  releases  of OpenSSL can be downloaded from the OpenSSL project
       home page, or mirror sites listed there.

       The following configuration  parameters  are  defined  for  the  crypto
       application. See app(3) for more information about configuration param-

         fips_mode = boolean():
           Specifies whether to run crypto in FIPS  mode.  This  setting  will
           take  effect  when  the  nif  module  is  loaded.  If  FIPS mode is
           requested but not available at run time the nif module and thus the
           crypto  module will fail to load. This mechanism prevents the acci-
           dental use of non-validated algorithms.

         rand_cache_size = integer():
           Sets    the    cache    size     in     bytes     to     use     by
           crypto:rand_seed_alg(crypto_cache)                              and
           crypto:rand_seed_alg_s(crypto_cache). This parameter is read when a
           seed  function is called, and then kept in generators state object.
           It has a rather small default value that  causes  reads  of  strong
           random  bytes  about once per hundred calls for a random value. The
           set value is rounded up to an integral number of words of the  size
           these seed functions use.


Ericsson AB                      crypto 5.0.5                        crypto(7)