This module provides a set of cryptographic functions.
References:
Types
byte() = 0 ... 255 ioelem() = byte() | binary() | iolist() iolist() = [ioelem()]
Starts the crypto server.
Stops the crypto server.
Stops the crypto server.
Data = iolist() | binary()
Digest = binary()
Computes an MD5
message digest from Data
, where
the length of the digest is 128 bits (16 bytes).
Context = binary()
Creates an MD5 context, to be used in subsequent calls to
md5_update/2
.
md5_update(Context, Data) -> NewContext
Data = iolist() | binary()
Context = NewContext = binary()
Updates an MD5 Context
with Data
, and returns
a NewContext
.
Context = Digest = binary()
Finishes the update of an MD5 Context
and returns
the computed MD5
message digest.
Data = iolist() | binary()
Digest = binary()
Computes an SHA
message digest from Data
, where
the length of the digest is 160 bits (20 bytes).
Context = binary()
Creates an SHA context, to be used in subsequent calls to
sha_update/2
.
sha_update(Context, Data) -> NewContext
Data = iolist() | binary()
Context = NewContext = binary()
Updates an SHA Context
with Data
, and returns
a NewContext
.
Context = Digest = binary()
Finishes the update of an SHA Context
and returns
the computed SHA
message digest.
Key = Data = iolist() | binary()
Mac = binary()
Computes an MD5 MAC
message authentification code
from Key
and Data
, where the the length of the
Mac is 128 bits (16 bytes).
Key = Data = iolist() | binary()
Mac = binary()
Computes an MD5 MAC
message authentification code
from Key
and Data
, where the length of the Mac
is 96 bits (12 bytes).
Key = Data = iolist() | binary()
Mac = binary()
Computes an SHA MAC
message authentification code
from Key
and Data
, where the length of the Mac
is 160 bits (20 bytes).
Key = Data = iolist() | binary()
Mac = binary()
Computes an SHA MAC
message authentification code
from Key
and Data
, where the length of the Mac
is 96 bits (12 bytes).
des_cbc_encrypt(Key, IVec, Text) -> Cipher
Key = Text = iolist() | binary()
IVec = Cipher = binary()
Encrypts Text
according to DES in CBC
mode. Text
must be a multiple of 64 bits (8
bytes). Key
is the DES key, and IVec
is an
arbitrary initializing vector. The lengths of Key
and
IVec
must be 64 bits (8 bytes).
des_cbc_decrypt(Key, IVec, Cipher) -> Text
Key = Cipher = iolist() | binary()
IVec = Text = binary()
Decrypts Cipher
according to DES in CBC mode.
Key
is the DES key, and IVec
is an arbitrary
initializing vector. Key
and IVec
must have
the same values as those used when encrypting. Cipher
must be a multiple of 64 bits (8 bytes). The lengths of
Key
and IVec
must be 64 bits (8 bytes).
The Data Encryption Standard (DES) defines an algoritm for encrypting and decrypting an 8 byte quantity using an 8 byte key (actually only 56 bits of the key is used).
When it comes to encrypting and decrypting blocks that are multiples of 8 bytes various modes are defined (FIPS 81). One of those modes is the Cipher Block Chaining (CBC) mode, where the encryption of an 8 byte segment depend not only of the contents of the segment itself, but also on the result of encrypting the previous segment: the encryption of the previous segment becomes the initializing vector of the encryption of the current segment.
Thus the encryption of every segment depends on the encryption key (which is secret) and the encryption of the previous segment, except the first segment which has to be provided with a first initializing vector. That vector could be chosen at random, or be counter of some kind. It does not have to be secret.
The following example is drawn from the FIPS 81 standard, where both the plain text and the resulting cipher text is settled. We use the Erlang bitsyntax to define binary literals. The following Erlang code fragment returns `true'.
Key = <<16#01,16#23,16#45,16#67,16#89,16#ab,16#cd,16#ef>>, IVec = <<16#12,16#34,16#56,16#78,16#90,16#ab,16#cd,16#ef>>, P = "Now is the time for all ", C = crypto:des_cbc_encrypt(K, I, P), C == <<16#e5,16#c7,16#cd,16#de,16#87,16#2b,16#f2,16#7c, 16#43,16#e9,16#34,16#00,16#8c,16#38,16#9c,16#0f, 16#68,16#37,16#88,16#49,16#9a,16#7c,16#05,16#f6>>, <<"Now is the time for all ">> == crypto:des_cbc_decrypt(Key,IVec,C).
The following is true for the DES CBC mode. For all
decompositions P1 ++ P2 = P
of a plain text message
P
(where the length of all quantities are multiples of 8
bytes), the encryption C
of P
is equal to C1 ++
C2
, where C1
is obtained by encrypting P1
with
Key
and the initializing vector IVec
, and where
C2
is obtained by encrypting P2
with Key
and
the initializing vector l(C1)
, where l(B)
denotes
the last 8 bytes of the binary B
.
Similarly, for all decompositions C1 ++ C2 = C
of a
cipher text message C
(where the length of all quantities
are multiples of 8 bytes), the decryption P
of C
is equal to P1 ++ P2
, where P1
is obtained by
decrypting C1
with Key
and the initializing vector
IVec
, and where P2
is obtained by decrypting
C2
with Key
and the initializing vector
l(C1)
, where l(.)
is as above.