crypto - The Crypto Application
Please see following description for synopsis
Erlang Application Definition crypto(7)
NAME
crypto - The Crypto Application
DESCRIPTION
The purpose of the Crypto application is to provide an Erlang API to
cryptographic functions, see crypto(3). Note that the API is on a
fairly low level and there are some corresponding API functions avail-
able in public_key(3), on a higher abstraction level, that uses the
crypto application in its implementation.
DEPENDENCIES
The current crypto implementation uses nifs to interface OpenSSLs
crypto library and may work with limited functionality with as old ver-
sions as OpenSSL 0.9.8c. FIPS mode support requires at least version
1.0.1 and a FIPS capable OpenSSL installation. We recommend using a
version that is officially supported by the OpenSSL project. API com-
patible backends like LibreSSL should also work.
The crypto app is tested daily with at least one version of each of the
OpenSSL 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0 and 1.1.1. FIPS mode is also
tested.
Note:
Compiling, linking and running with OpenSSL 3.0.0 works although the
crypto app calls deprecated functions. We do not recommend it for other
than experimental purposes or alpha testing, since it is not exten-
sively tested yet.
Source releases of OpenSSL can be downloaded from the OpenSSL project
home page, or mirror sites listed there.
CONFIGURATION
The following configuration parameters are defined for the crypto
application. See app(3) for more information about configuration param-
eters.
fips_mode = boolean():
Specifies whether to run crypto in FIPS mode. This setting will
take effect when the nif module is loaded. If FIPS mode is
requested but not available at run time the nif module and thus the
crypto module will fail to load. This mechanism prevents the acci-
dental use of non-validated algorithms.
rand_cache_size = integer():
Sets the cache size in bytes to use by
crypto:rand_seed_alg(crypto_cache) and
crypto:rand_seed_alg_s(crypto_cache). This parameter is read when a
seed function is called, and then kept in generators state object.
It has a rather small default value that causes reads of strong
random bytes about once per hundred calls for a random value. The
set value is rounded up to an integral number of words of the size
these seed functions use.
SEE ALSO
application(3)
Ericsson AB crypto 5.0.5 crypto(7)