1crypto(7)                Erlang Application Definition               crypto(7)
2
3
4

NAME

6       crypto - The Crypto Application
7

DESCRIPTION

9       The  purpose  of  the Crypto application is to provide an Erlang API to
10       cryptographic functions, see crypto(3). Note  that  the  API  is  on  a
11       fairly  low level and there are some corresponding API functions avail‐
12       able in public_key(3), on a higher abstraction  level,  that  uses  the
13       crypto application in its implementation.
14

DEPENDENCIES

16       The  current  crypto  implementation  uses  nifs  to interface OpenSSLs
17       crypto library and may work with limited functionality with as old ver‐
18       sions  as  OpenSSL  0.9.8c. FIPS mode support requires at least version
19       1.0.1 and a FIPS capable OpenSSL installation.  We  recommend  using  a
20       version  that  is officially supported by the OpenSSL project. API com‐
21       patible backends like LibreSSL should also work.
22
23       The crypto app is tested daily with at least one version of each of the
24       OpenSSL  1.0.1,  1.0.2,  1.1.0, 1.1.1 and 3.0. FIPS mode is also tested
25       for 1.0.1, 1.0.2 and 3.0.
26
27       Using OpenSSL 3.0 with Engines is not yet supported by  the  OTP/crypto
28       app.
29
30       Source  releases  of OpenSSL can be downloaded from the OpenSSL project
31       home page, or mirror sites listed there.
32

CONFIGURATION

34       The following configuration parameters are defined for the  crypto  ap‐
35       plication.  See app(3) for more information about configuration parame‐
36       ters.
37
38         fips_mode = boolean():
39           Specifies whether to run crypto in FIPS  mode.  This  setting  will
40           take  effect  when  the  nif  module is loaded. If FIPS mode is re‐
41           quested but not available at run time the nif module and  thus  the
42           crypto  module will fail to load. This mechanism prevents the acci‐
43           dental use of non-validated algorithms.
44
45         rand_cache_size = integer():
46           Sets    the    cache    size     in     bytes     to     use     by
47           crypto:rand_seed_alg(crypto_cache)                              and
48           crypto:rand_seed_alg_s(crypto_cache). This parameter is read when a
49           seed  function is called, and then kept in generators state object.
50           It has a rather small default value that  causes  reads  of  strong
51           random  bytes  about once per hundred calls for a random value. The
52           set value is rounded up to an integral number of words of the  size
53           these seed functions use.
54

SEE ALSO

56       application(3)
57
58
59
60Ericsson AB                       crypto 5.3                         crypto(7)
Impressum