This module provides a set of cryptographic functions.
Hash functions -
Hmac functions -
Cmac functions -
Block ciphers -
GCM:
Digital signatures
The actual supported algorithms and features depends on their availability in the actual libcrypto used.
See the
Enabling FIPS mode will also disable algorithms and features.
The
Stream ciphers for
Block ciphers with initialization vector for
Block ciphers without initialization vector for
Ciphers with simultaneous MAC-calculation or MAC-checking.
The
Note that some curves are disabled if FIPS is enabled.
Parametric curve definition.
Curve definition details.
For keylengths, iv-sizes and blocksizes see the
A key for des3 is a list of three iolists
Always
rsa_public() = [E, N]
rsa_private() = [E, N, D] | [E, N, D, P1, P2, E1, E2, C]
Where E is the public exponent, N is public modulus and D is
the private exponent. The longer key format contains redundant
information that will make the calculation faster. P1,P2 are first
and second prime factors. E1,E2 are first and second exponents. C
is the CRT coefficient. Terminology is taken from
dss_public() = [P, Q, G, Y]
Where P, Q and G are the dss parameters and Y is the public key.
dss_private() = [P, Q, G, X]
Where P, Q and G are the dss parameters and X is the private key.
srp_public() = key_integer()
Where is
srp_private() = key_integer()
Where is
srp_user_gen_params() = [DerivedKey::binary(), Prime::binary(), Generator::binary(), Version::atom()]
srp_host_gen_params() = [Verifier::binary(), Prime::binary(), Version::atom() ]
srp_user_comp_params() = [DerivedKey::binary(), Prime::binary(), Generator::binary(), Version::atom() | ScramblerArg::list()]
srp_host_comp_params() = [Verifier::binary(), Prime::binary(), Version::atom() | ScramblerArg::list()]
Where Verifier is
Algorithms for public key encrypt/decrypt. Only RSA is supported.
Options for public key encrypt/decrypt. Only RSA is supported.
Those option forms are kept only for compatibility and should not be used in new code.
Algorithms for sign and verify.
Options for sign and verify.
dh_params() = [P, G] | [P, G, PrivateKeyBitLength]
The result of a call to
Identifies the key to be used. The format depends on the loaded engine. It is passed to
the
The password of the key stored in an engine.
Pre and Post commands for
Contexts with an internal state that should not be manipulated but passed between function calls.
Encrypt
May raise exception
For keylengths and blocksizes see the
Decrypt
May raise exception
For keylengths and blocksizes see the
Encrypt
In AEAD (Authenticated Encryption with Associated Data) mode, encrypt
May raise exception
For keylengths, iv-sizes and blocksizes see the
Decrypt
In AEAD (Authenticated Encryption with Associated Data) mode, decrypt
May raise exception
For keylengths, iv-sizes and blocksizes see the
Convert binary representation, of an integer, to an Erlang integer.
Computes the shared secret from the private key and the other party's public key.
See also
Performs bit-wise XOR (exclusive or) on the data supplied.
Generates a public key of type
RSA key generation is only available if the runtime was
built with dirty scheduler support. Otherwise, attempting to
generate an RSA key will raise exception
Computes a message digest of type
May raise exception
Initializes the context for streaming hash operations.
May raise exception
Updates the digest represented by
Finalizes the hash operation referenced by
Computes a HMAC of type
Initializes the context for streaming HMAC operations.
Updates the HMAC represented by
Do not use a
Finalizes the HMAC operation referenced by
Finalizes the HMAC operation referenced by
Computes a CMAC of type
Provides information about the FIPS operating status of
crypto and the underlying libcrypto library. If crypto was built
with FIPS support this can be either
See
In FIPS mode all non-FIPS compliant algorithms are
disabled and raise exception
Enables (
Note that to enable FIPS mode succesfully, OTP must be built with the configure option
See also
Provides the name and version of the libraries used by crypto.
> info_lib(). [{<<"OpenSSL">>,269484095,<<"OpenSSL 1.1.0c 10 Nov 2016"">>}]
From OTP R16 the numeric version represents the version of the OpenSSL
header files (
Computes the function
Returns the initialization vector to be used in the next
iteration of encrypt/decrypt of type
Computes a POLY1305 message authentication code (
Decrypts the
Encrypts the
Decrypts the
Encrypts the
Set the seed for PRNG to the given binary. This calls the
RAND_seed function from openssl. Only use this if the system
you are running on does not have enough "randomness" built in.
Normally this is when
Generate a random number
Equivalent to application:start(crypto).
Equivalent to application:stop(crypto).
Generates N bytes randomly uniform 0..255, and returns the
result in a binary. Uses a cryptographically secure prng seeded and
periodically mixed with operating system provided entropy. By default
this is the
May raise exception
Creates state object for
When using the state object from this function the
Example
_ = crypto:rand_seed(), _IntegerValue = rand:uniform(42), % [1; 42] _FloatValue = rand:uniform(). % [0.0; 1.0[
Creates state object for
When using the state object from this function the
The state returned from this function can not be used
to get a reproducable random sequence as from
the other
The only supported usage is to generate one distinct random sequence from this start state.
Creates state object for
When using the state object from this function the
The cache size can be changed from its default value using the
Example
_ = crypto:rand_seed_alg(crypto_cache), _IntegerValue = rand:uniform(42), % [1; 42] _FloatValue = rand:uniform(). % [0.0; 1.0[
Creates state object for
If
If
When using the state object from this function the
The cache size can be changed from its default value using the
The state returned from this function can not be used
to get a reproducable random sequence as from
the other
In fact since random data is cached some numbers may get reproduced if you try, but this is unpredictable.
The only supported usage is to generate one distinct random sequence from this start state.
Initializes the state for use in RC4 stream encryption
For keylengths see the
Initializes the state for use in streaming AES encryption using Counter mode (CTR).
For keylengths and iv-sizes see the
Encrypts
Decrypts
Can be used to determine which crypto algorithms that are supported by the underlying libcrypto library
Note: the
Can be used to determine which named elliptic curves are supported.
Return the defining parameters of a elliptic curve.
Creates a digital signature.
The msg is either the binary "cleartext" data to be signed or it is the hashed value of "cleartext" i.e. the digest (plaintext).
Algorithm
See also
Verifies a digital signature
The msg is either the binary "cleartext" data to be signed or it is the hashed value of "cleartext" i.e. the digest (plaintext).
Algorithm
See also
Fetches the corresponding public key from a private key stored in an Engine. The key must be of the type indicated by the Type parameter.
Returns a list of all possible engine methods.
May raise exception
See also the chapter
Loads the OpenSSL engine given by
The function raises a
See also the chapter
Loads the OpenSSL engine given by
The function raises a
See also the chapter
Unloads the OpenSSL engine given by
The function raises a
See also the chapter
Get a reference to an already loaded engine with
The function raises a
See also the chapter
Sends ctrl commands to the OpenSSL engine given by
The function raises a
Sends ctrl commands to the OpenSSL engine given by
The function raises a
Add the engine to OpenSSL's internal list.
The function raises a
Remove the engine from OpenSSL's internal list.
The function raises a
Return the ID for the engine, or an empty binary if there is no id set.
The function raises a
Return the name (eg a description) for the engine, or an empty binary if there is no name set.
The function raises a
List the id's of all engines in OpenSSL's internal list.
It may also raise the exception
See also the chapter
May raise exception
Loads the OpenSSL engine given by
The function raises a
See also the chapter
Loads the OpenSSL engine given by
The function raises a
See also the chapter
Unloads an engine loaded with the
The function raises a
See also the chapter
Unloads an engine loaded with the
The function raises a
See also the chapter