.TH crypto 7 "crypto 5.4.2" "Ericsson AB" "Erlang Application Definition"
.SH NAME
crypto \- The Crypto Application
.SH DESCRIPTION
.LP
The purpose of the Crypto application is to provide an Erlang API to cryptographic functions, see crypto(3erl)\&. Note that the API is on a fairly low level and there are some corresponding API functions available in public_key(3erl), on a higher abstraction level, that uses the crypto application in its implementation\&.
.SH "DEPENDENCIES"

.LP
The current crypto implementation uses nifs to interface OpenSSLs crypto library and may work with limited functionality with as old versions as \fIOpenSSL\fR\& 0\&.9\&.8c\&. FIPS mode support requires at least version 1\&.0\&.1 and a FIPS capable OpenSSL installation\&. We recommend using a version that is officially supported by the OpenSSL project\&. API compatible backends like LibreSSL should also work\&.
.LP
The crypto app is tested daily with at least one version of each of the OpenSSL 1\&.0\&.1, 1\&.0\&.2, 1\&.1\&.0, 1\&.1\&.1 and 3\&.0\&. FIPS mode is also tested for 1\&.0\&.1, 1\&.0\&.2 and 3\&.0\&.
.LP
Using OpenSSL 3\&.0 with Engines is supported since OTP 26\&.2\&.
.LP
Source releases of OpenSSL can be downloaded from the OpenSSL project home page, or mirror sites listed there\&.
.SH "CONFIGURATION"

.LP
The following configuration parameters are defined for the crypto application\&. See \fIapp(3erl)\fR\& for more information about configuration parameters\&.
.RS 2
.TP 2
.B
\fIfips_mode = boolean()\fR\&:
Specifies whether to run crypto in FIPS mode\&. This setting will take effect when the nif module is loaded\&. If FIPS mode is requested but not available at run time the nif module and thus the crypto module will fail to load\&. This mechanism prevents the accidental use of non-validated algorithms\&.
.TP 2
.B
\fIrand_cache_size = integer()\fR\&:
Sets the cache size in bytes to use by \fIcrypto:rand_seed_alg(crypto_cache)\fR\& and \fIcrypto:rand_seed_alg_s(crypto_cache)\fR\&\&. This parameter is read when a seed function is called, and then kept in generators state object\&. It has a rather small default value that causes reads of strong random bytes about once per hundred calls for a random value\&. The set value is rounded up to an integral number of words of the size these seed functions use\&.
.RE
.SH "SEE ALSO"

.LP
application(3erl)