1crypto(7)                Erlang Application Definition               crypto(7)
2
3
4

NAME

6       crypto - The Crypto Application
7

DESCRIPTION

9       The  purpose  of  the Crypto application is to provide an Erlang API to
10       cryptographic functions, see crypto(3). Note  that  the  API  is  on  a
11       fairly  low level and there are some corresponding API functions avail‐
12       able in public_key(3), on a higher abstraction  level,  that  uses  the
13       crypto application in its implementation.
14

DEPENDENCIES

16       The  current  crypto  implementation  uses  nifs  to interface OpenSSLs
17       crypto library and may work with limited functionality with as old ver‐
18       sions  as  OpenSSL  0.9.8c. FIPS mode support requires at least version
19       1.0.1 and a FIPS capable OpenSSL installation.  We  recommend  using  a
20       version  that  is officially supported by the OpenSSL project. API com‐
21       patible backends like LibreSSL should also work.
22
23       The crypto app is tested daily with at least one version of each of the
24       OpenSSL  0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0 and 1.1.1. FIPS mode is also
25       tested.
26
27   Note:
28       Compiling, linking and running with  OpenSSL  3.0  works  although  the
29       crypto app calls deprecated functions. We do not recommend it for other
30       than experimental purposes or alpha testing, since  it  is  not  exten‐
31       sively tested yet.
32
33
34       Source  releases  of OpenSSL can be downloaded from the OpenSSL project
35       home page, or mirror sites listed there.
36

CONFIGURATION

38       The following configuration parameters are defined for the  crypto  ap‐
39       plication.  See app(3) for more information about configuration parame‐
40       ters.
41
42         fips_mode = boolean():
43           Specifies whether to run crypto in FIPS  mode.  This  setting  will
44           take  effect  when  the  nif  module is loaded. If FIPS mode is re‐
45           quested but not available at run time the nif module and  thus  the
46           crypto  module will fail to load. This mechanism prevents the acci‐
47           dental use of non-validated algorithms.
48
49         rand_cache_size = integer():
50           Sets    the    cache    size     in     bytes     to     use     by
51           crypto:rand_seed_alg(crypto_cache)                              and
52           crypto:rand_seed_alg_s(crypto_cache). This parameter is read when a
53           seed  function is called, and then kept in generators state object.
54           It has a rather small default value that  causes  reads  of  strong
55           random  bytes  about once per hundred calls for a random value. The
56           set value is rounded up to an integral number of words of the  size
57           these seed functions use.
58

SEE ALSO

60       application(3)
61
62
63
64Ericsson AB                     crypto 5.0.6.1                       crypto(7)
Impressum