jammy (7) crypto.7.gz

Provided by: erlang-manpages_24.2.1+dfsg-1ubuntu0.1_all bug

NAME
       crypto - The Crypto Application


DESCRIPTION
       The  purpose  of  the  Crypto  application  is  to  provide an Erlang API to cryptographic functions, see
       crypto(3erl). Note that the API is on a fairly low level and there are some corresponding  API  functions
       available  in  public_key(3erl),  on  a higher abstraction level, that uses the crypto application in its
       implementation.


DEPENDENCIES
       The current crypto implementation uses nifs to interface  OpenSSLs  crypto  library  and  may  work  with
       limited functionality with as old versions as OpenSSL 0.9.8c. FIPS mode support requires at least version
       1.0.1 and a FIPS capable OpenSSL installation. We recommend using a version that is officially  supported
       by the OpenSSL project. API compatible backends like LibreSSL should also work.

       The  crypto  app  is  tested  daily with at least one version of each of the OpenSSL 0.9.8, 1.0.0, 1.0.1,
       1.0.2, 1.1.0 and 1.1.1. FIPS mode is also tested.

   Note:
       Compiling, linking and running with  OpenSSL  3.0.0  works  although  the  crypto  app  calls  deprecated
       functions.  We do not recommend it for other than experimental purposes or alpha testing, since it is not
       extensively tested yet.

       Source releases of OpenSSL can be downloaded from the OpenSSL project home page, or mirror  sites  listed
       there.


CONFIGURATION
       The  following  configuration  parameters  are defined for the crypto application. See app(3erl) for more
       information about configuration parameters.

         fips_mode = boolean():
           Specifies whether to run crypto in FIPS mode. This setting will take effect when the  nif  module  is
           loaded.  If  FIPS  mode is requested but not available at run time the nif module and thus the crypto
           module will fail to load. This mechanism prevents the accidental use of non-validated algorithms.

         rand_cache_size = integer():
           Sets   the   cache   size   in   bytes   to    use    by    crypto:rand_seed_alg(crypto_cache)    and
           crypto:rand_seed_alg_s(crypto_cache). This parameter is read when a seed function is called, and then
           kept in generators state object. It has a rather small default value  that  causes  reads  of  strong
           random  bytes  about  once  per  hundred  calls for a random value. The set value is rounded up to an
           integral number of words of the size these seed functions use.


SEE ALSO
       application(3erl)