blob: 8296b1bc77c9b216f658e84f72d28cf8cb3a68f0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE appref SYSTEM "appref.dtd">
<appref>
<header>
<copyright>
<year>1999</year>
<year>2017</year>
<holder>Ericsson AB, All Rights Reserved</holder>
</copyright>
<legalnotice>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
The Initial Developer of the Original Code is Ericsson AB.
</legalnotice>
<title>crypto</title>
<file>crypto_app.sgml</file>
</header>
<app>crypto</app>
<appsummary>The Crypto Application</appsummary>
<description>
<p>The purpose of the Crypto application is to provide an Erlang API
to cryptographic functions, see <seealso marker="crypto">crypto(3)</seealso>.
Note that the API is on a fairly low level and there are some
corresponding API functions available in <seealso marker="public_key:public_key">public_key(3)</seealso>,
on a higher abstraction level, that uses the crypto application in its implementation.
</p>
</description>
<section>
<title>DEPENDENCIES</title>
<p>The current crypto implementation uses nifs to interface
OpenSSLs crypto library and may work with limited functionality
with as old versions as <em>OpenSSL</em> 0.9.8c.
FIPS mode support requires at least
version 1.0.1 and a FIPS capable OpenSSL installation. We recommend using a
version that is officially supported by the OpenSSL project. API compatible backends like
LibreSSL should also work.</p>
<p>Source releases of OpenSSL can be downloaded from the <url href="http://www.openssl.org">OpenSSL</url> project home page,
or mirror sites listed there.
</p>
</section>
<section>
<title>CONFIGURATION</title>
<p>The following configuration parameters are defined for the
crypto application. See <c>app(3)</c> for more information about
configuration parameters.</p>
<taglist>
<tag><c>fips_mode = boolean()</c></tag>
<item>
<p>Specifies whether to run crypto in FIPS mode. This setting
will take effect when the nif module is loaded. If FIPS mode
is requested but not available at run time the nif module and
thus the crypto module will fail to load. This mechanism
prevents the accidental use of non-validated algorithms.</p>
</item>
<tag><c>rand_cache_size = integer()</c></tag>
<item>
<p>
Sets the cache size in bytes to use by
<seealso marker="crypto#rand_seed_alg-1">
<c>crypto:rand_seed_alg(crypto_cache)</c>
</seealso> and
<seealso marker="crypto#rand_seed_alg_s-1">
<c>crypto:rand_seed_alg_s(crypto_cache)</c>
</seealso>.
This parameter is read when a seed function is called,
and then kept in generators state object. It has a rather
small default value that causes reads of strong random bytes
about once per hundred calls for a random value.
The set value is rounded up to an integral number of words
of the size these seed functions use.
</p>
</item>
</taglist>
</section>
<section>
<title>SEE ALSO</title>
<p>application(3)</p>
</section>
</appref>
|
