This module provides a set of cryptographic functions.
References:
md4: The MD4 Message Digest Algorithm (RFC 1320)
md5: The MD5 Message Digest Algorithm (RFC 1321)
sha: Secure Hash Standard (FIPS 180-2)
hmac: Keyed-Hashing for Message Authentication (RFC 2104)
des: Data Encryption Standard (FIPS 46-3)
aes: Advanced Encryption Standard (AES) (FIPS 197)
ecb, cbc, cfb, ofb, ctr: Recommendation for Block Cipher Modes of Operation (NIST SP 800-38A).
rsa: Recommendation for Block Cipher Modes of Operation (NIST 800-38A)
dss: Digital Signature Standard (FIPS 186-2)
srp: Secure Remote Password Protocol (RFC 2945)
ecdsa: "Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Standard (ECDSA)", November, 2005.
ec: Standards for Efficient Cryptography Group (SECG), "SEC 1: Elliptic Curve Cryptography", Version 1.0, September 2000.
ecdsa: American National Standards Institute (ANSI), ANS X9.62-2005: The Elliptic Curve Digital Signature Algorithm (ECDSA), 2005.
The above publications can be found at
Types
byte() = 0 ... 255 ioelem() = byte() | binary() | iolist() iolist() = [ioelem()] Mpint() = >]]>
Starts the crypto server.
Stops the crypto server.
Provides the available crypto functions in terms of a list of atoms.
Provides the available crypto algorithms in terms of a list of atoms.
Provides the name and version of the libraries used by crypto.
> info_lib(). [{<<"OpenSSL">>,9469983,<<"OpenSSL 0.9.8a 11 Oct 2005">>}]
From OTP R16 the numeric version represents the version of the OpenSSL
header files (
Computes an
Creates an MD4 context, to be used in subsequent calls to
Updates an MD4
Finishes the update of an MD4
Computes an
Creates an MD5 context, to be used in subsequent calls to
Updates an MD5
Finishes the update of an MD5
Computes an
Creates an SHA context, to be used in subsequent calls to
Updates an SHA
Finishes the update of an SHA
Computes a message digest of type
May throw exception
Initializes the context for streaming hash operations.
May throw exception
Updates the digest represented by
Finalizes the hash operation referenced by
Computes an
Computes an
Computes a HMAC of type
Initializes the context for streaming HMAC operations.
Updates the HMAC represented by
Finalizes the HMAC operation referenced by
Finalizes the HMAC operation referenced by
Computes an
Computes an
Encrypts
Decrypts
Returns the
Encrypts
Decrypts
Returns the
Encrypts
Decrypts
Encrypts
May throw exception
Decrypts
May throw exception
Encrypts
Decrypts
Encrypts the first 64 bits of
Decrypts the first 64 bits of
Encrypts
Decrypts
Encrypts
Decrypts
Encrypts
Encrypts
Decrypts
Encrypts
Decrypts
Returns the
Encrypts
Decrypts
Initializes the state for use in streaming AES encryption using Counter mode (CTR).
Encrypts
Decrypts
Convert a binary multi-precision integer
Generates N bytes randomly uniform 0..255, and returns the
result in a binary. Uses the
Generates N bytes randomly uniform 0..255, and returns the
result in a binary. Uses a cryptographically secure prng seeded and
periodically mixed with operating system provided entropy. By default
this is the
May throw exception
Generate a random number
Generate an N bit random number using OpenSSL's
cryptographically strong pseudo random number generator
The parameter
If
May throw exception
This function performs the exponentiation
Computes the function
Creates a RSA signature with the private key
Verifies that a digest matches the RSA signature using the
signer's public key
May throw exception
Encrypts the
Decrypts the
Encrypts the
Decrypts the
Creates a DSS signature with the private key
A deprecated feature is having
Verifies that a digest matches the DSS signature using the
public key
A deprecated feature is having
Encrypts
Decrypts
Encrypts the data with RC4 symmetric stream encryption. Since it is symmetric, the same function is used for decryption.
Generates a Diffie-Hellman
Computes the shared secret from the private key and the other party's public key.
Generates SRP public keys for the client side (first argument is Generator) or for the server side (first argument is Verifier).
Computes the SRP session key (shared secret) for the client side (first argument is DerivedKey) or for the server side (first argument is Verifier). Also used as premaster secret by TLS-SRP cipher suites.
Generate an new EC key from the named curve. The private key will be initialized with random data.
Fills in the public key if only the private key is known or generates a new private/public key pair if only the curve parameters are known.
Convert a EC key from a NIF resource into an Erlang term.
Convert a EC key an Erlang term into a NIF resource.
Creates a ESDSA signature with the private key
Verifies that a digest matches the ECDSA signature using the
signer's public key
May throw exception
Computes the shared secret from the private key and the other party's public key.
Performs bit-wise XOR (exclusive or) on the data supplied.
Elliptic Curve keys consist of the curve paramters and a the private and public keys (points on the curve). Translating the raw curve paraters into something usable for the underlying OpenSSL implementation is a complicated process. The main cryptografic functions therefore expect a NIF resource as input that contains the key in an internal format. Two functions ec_key_to_term/1 and term_to_ec_key are provided to convert between Erlang terms and the resource format
Key in term form
ec_named_curve() = atom() ec_point() = binary() ec_basis() = {tpbasis, K :: non_neg_integer()} | {ppbasis, K1 :: non_neg_integer(), K2 :: non_neg_integer(), K3 :: non_neg_integer()} | onbasis ec_field() = {prime_field, Prime :: Mpint()} | {characteristic_two_field, M :: integer(), Basis :: ec_basis()} ec_prime() = {A :: Mpint(), B :: Mpint(), Seed :: binary()} ec_curve_spec() = {Field :: ec_field(), Prime :: ec_prime(), Point :: ec_point(), Order :: Mpint(), CoFactor :: none | Mpint()} ec_curve() = ec_named_curve() | ec_curve_spec() ec_key() = {Curve :: ec_curve(), PrivKey :: Mpint() | undefined, PubKey :: ec_point() | undefined}
The Data Encryption Standard (DES) defines an algorithm for encrypting and decrypting an 8 byte quantity using an 8 byte key (actually only 56 bits of the key is used).
When it comes to encrypting and decrypting blocks that are multiples of 8 bytes various modes are defined (NIST SP 800-38A). One of those modes is the Cipher Block Chaining (CBC) mode, where the encryption of an 8 byte segment depend not only of the contents of the segment itself, but also on the result of encrypting the previous segment: the encryption of the previous segment becomes the initializing vector of the encryption of the current segment.
Thus the encryption of every segment depends on the encryption key (which is secret) and the encryption of the previous segment, except the first segment which has to be provided with an initial initializing vector. That vector could be chosen at random, or be a counter of some kind. It does not have to be secret.
The following example is drawn from the old FIPS 81 standard (replaced by NIST SP 800-38A), where both the plain text and the resulting cipher text is settled. The following code fragment returns `true'.
>, IVec = <<16#12,16#34,16#56,16#78,16#90,16#ab,16#cd,16#ef>>, P = "Now is the time for all ", C = crypto:des_cbc_encrypt(Key, IVec, P), % Which is the same as P1 = "Now is t", P2 = "he time ", P3 = "for all ", C1 = crypto:des_cbc_encrypt(Key, IVec, P1), C2 = crypto:des_cbc_encrypt(Key, C1, P2), C3 = crypto:des_cbc_encrypt(Key, C2, P3), C = <>, C = <<16#e5,16#c7,16#cd,16#de,16#87,16#2b,16#f2,16#7c, 16#43,16#e9,16#34,16#00,16#8c,16#38,16#9c,16#0f, 16#68,16#37,16#88,16#49,16#9a,16#7c,16#05,16#f6>>, <<"Now is the time for all ">> == crypto:des_cbc_decrypt(Key, IVec, C). ]]>
The following is true for the DES CBC mode. For all
decompositions
Similarly, for all decompositions
For DES3 (which uses three 64 bit keys) the situation is the same.