NAME

       crypto - The Crypto Application

DESCRIPTION

       The  purpose  of  the  Crypto  application  is  to  provide an Erlang API to cryptographic
       functions, see crypto(3erl). Note that the API is on a fairly low level and there are some
       corresponding  API functions available in public_key(3erl), on a higher abstraction level,
       that uses the crypto application in its implementation.

DEPENDENCIES

       The current crypto implementation uses nifs to interface OpenSSLs crypto library  and  may
       work  with limited functionality with as old versions as OpenSSL 0.9.8c. FIPS mode support
       requires at least version 1.0.1 and a FIPS  capable  OpenSSL  installation.  We  recommend
       using  a  version  that  is  officially  supported  by the OpenSSL project. API compatible
       backends like LibreSSL should also work.

       The crypto app is tested daily with at least one version of each  of  the  OpenSSL  0.9.8,
       1.0.0, 1.0.1, 1.0.2, 1.1.0 and 1.1.1. FIPS mode is also tested.

   Note:
       Compiling,  linking  and  running  with  OpenSSL  3.0  works although the crypto app calls
       deprecated functions. We do not recommend it for other than experimental purposes or alpha
       testing, since it is not extensively tested yet.

       Source releases of OpenSSL can be downloaded from the OpenSSL project home page, or mirror
       sites listed there.

CONFIGURATION

       The following configuration  parameters  are  defined  for  the  crypto  application.  See
       app(3erl) for more information about configuration parameters.

         fips_mode = boolean():
           Specifies  whether  to run crypto in FIPS mode. This setting will take effect when the
           nif module is loaded. If FIPS mode is requested but not available at run time the  nif
           module  and  thus  the  crypto  module  will fail to load. This mechanism prevents the
           accidental use of non-validated algorithms.

         rand_cache_size = integer():
           Sets the  cache  size  in  bytes  to  use  by  crypto:rand_seed_alg(crypto_cache)  and
           crypto:rand_seed_alg_s(crypto_cache).  This  parameter is read when a seed function is
           called, and then kept in generators state object. It has a rather small default  value
           that  causes  reads  of  strong random bytes about once per hundred calls for a random
           value. The set value is rounded up to an integral number of words of  the  size  these
           seed functions use.

SEE ALSO

       application(3erl)