.TH crypto 3erl "crypto 3.4.1" "Ericsson AB" "Erlang Module Definition"
.SH NAME
crypto \- Crypto Functions
.SH DESCRIPTION
.LP
This module provides a set of cryptographic functions\&.
.RS 2
.TP 2
*
Hash functions -  Secure Hash Standard,  The MD5 Message Digest Algorithm (RFC 1321) and The MD4 Message Digest Algorithm (RFC 1320) 
.LP
.TP 2
*
Hmac functions -  Keyed-Hashing for Message Authentication (RFC 2104) 
.LP
.TP 2
*
Block ciphers - DES and AES in Block Cipher Modes -  ECB, CBC, CFB, OFB and CTR 
.LP
.TP 2
*
 RSA encryption RFC 1321  
.LP
.TP 2
*
Digital signatures Digital Signature Standard (DSS) and Elliptic Curve Digital Signature Algorithm (ECDSA)  
.LP
.TP 2
*
 Secure Remote Password Protocol (SRP - RFC 2945) 
.LP
.RE

.SH "DATA TYPES "

.LP

.LP
.nf
key_value()  = integer() | binary() 
.fi
.LP
Always \fIbinary()\fR\& when used as return value
.LP

.LP
.nf
rsa_public()  = [key_value()] = [E, N]  
.fi
.LP
Where E is the public exponent and N is public modulus\&.
.LP

.LP
.nf
rsa_private() = [key_value()] = [E, N, D] | [E, N, D, P1, P2, E1, E2, C] 
.fi
.LP
Where E is the public exponent, N is public modulus and D is the private exponent\&.The longer key format contains redundant information that will make the calculation faster\&. P1,P2 are first and second prime factors\&. E1,E2 are first and second exponents\&. C is the CRT coefficient\&. Terminology is taken from  RFC 3447\&.
.LP

.LP
.nf
dss_public() = [key_value()] = [P, Q, G, Y] 
.fi
.LP
Where P, Q and G are the dss parameters and Y is the public key\&.
.LP

.LP
.nf
dss_private() =  [key_value()] = [P, Q, G, X] 
.fi
.LP
Where P, Q and G are the dss parameters and X is the private key\&.
.LP

.LP
.nf
srp_public() = key_value() 
.fi
.LP
Where is \fIA\fR\& or \fIB\fR\& from SRP design
.LP

.LP
.nf
srp_private() = key_value() 
.fi
.LP
Where is \fIa\fR\& or \fIb\fR\& from SRP design
.LP
Where Verifier is \fIv\fR\&, Generator is \fIg\fR\& and Prime is\fI N\fR\&, DerivedKey is \fIX\fR\&, and Scrambler is \fIu\fR\& (optional will be generated if not provided) from SRP design Version = \&'3\&' | \&'6\&' | \&'6a\&'
.LP

.LP
.nf
dh_public() = key_value() 
.fi
.LP

.LP
.nf
dh_private() = key_value() 
.fi
.LP

.LP
.nf
dh_params() = [key_value()] = [P, G] 
.fi
.LP

.LP
.nf
ecdh_public() = key_value() 
.fi
.LP

.LP
.nf
ecdh_private() = key_value() 
.fi
.LP

.LP
.nf
ecdh_params() =  ec_named_curve() | ec_explicit_curve()
.fi
.LP

.LP
.nf
ec_explicit_curve() =
    {ec_field(), Prime :: key_value(), Point :: key_value(), Order :: integer(), CoFactor :: none | integer()} 
.fi
.LP

.LP
.nf
ec_field() = {prime_field, Prime :: integer()} |
    {characteristic_two_field, M :: integer(), Basis :: ec_basis()}
.fi
.LP

.LP
.nf
ec_basis() =  {tpbasis, K :: non_neg_integer()} |
    {ppbasis, K1 :: non_neg_integer(), K2 :: non_neg_integer(), K3 :: non_neg_integer()} |
    onbasis
.fi
.LP

.LP
.nf
ec_named_curve() ->
      sect571r1| sect571k1| sect409r1| sect409k1| secp521r1| secp384r1| secp224r1| secp224k1|
      secp192k1| secp160r2| secp128r2| secp128r1| sect233r1| sect233k1| sect193r2| sect193r1|
      sect131r2| sect131r1| sect283r1| sect283k1| sect163r2| secp256k1| secp160k1| secp160r1|
      secp112r2| secp112r1| sect113r2| sect113r1| sect239k1| sect163r1| sect163k1| secp256r1|
      secp192r1|
      brainpoolP160r1| brainpoolP160t1| brainpoolP192r1| brainpoolP192t1| brainpoolP224r1|
      brainpoolP224t1| brainpoolP256r1| brainpoolP256t1| brainpoolP320r1| brainpoolP320t1|
      brainpoolP384r1| brainpoolP384t1| brainpoolP512r1| brainpoolP512t1
    
.fi Note that the \fIsect\fR\& curves are GF2m (characteristic two) curves and are only supported if the underlying OpenSSL has support for them\&. See also \fBcrypto:supports/0\fR\& 
.LP

.LP
.nf
stream_cipher() = rc4 | aes_ctr 
.fi
.LP

.LP
.nf
block_cipher() =  aes_cbc128 | aes_cfb8 | aes_cfb128 | aes_ige256 | blowfish_cbc |
     blowfish_cfb64 | des_cbc | des_cfb | des3_cbc | des3_cbf
     | des_ede3 | rc2_cbc 
.fi
.LP

.LP
.nf
stream_key() =  aes_key() | rc4_key() 
.fi
.LP

.LP
.nf
block_key() =  aes_key() |  blowfish_key() | des_key()| des3_key() 
.fi
.LP

.LP
.nf
aes_key() = iodata() 
.fi Key length is 128, 192 or 256 bits
.LP

.LP
.nf
rc4_key() = iodata() 
.fi Variable key length from 8 bits up to 2048 bits (usually between 40 and 256)
.LP

.LP
.nf
blowfish_key() = iodata() 
.fi Variable key length from 32 bits up to 448 bits
.LP

.LP
.nf
des_key() = iodata() 
.fi Key length is 64 bits (in CBC mode only 8 bits are used)
.LP

.LP
.nf
des3_key() = [binary(), binary(), binary()] 
.fi Each key part is 64 bits (in CBC mode only 8 bits are used)
.LP

.LP
.nf
digest_type() =  md5 | sha | sha224 | sha256 | sha384 | sha512
.fi
.LP

.LP
.nf
 hash_algorithms() =  md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512 
.fi md4 is also supported for hash_init/1 and hash/2\&. Note that both md4 and md5 are recommended only for compatibility with existing applications\&.
.LP

.LP
.nf
 cipher_algorithms() = des_cbc | des_cfb |  des3_cbc | des3_cbf | des_ede3 |
     blowfish_cbc | blowfish_cfb64 | aes_cbc128 | aes_cfb8 | aes_cfb128| aes_cbc256 | aes_ige256 | rc2_cbc | aes_ctr| rc4  
.fi 
.LP

.LP
.nf
 public_key_algorithms() =   rsa |dss | ecdsa | dh | ecdh | ec_gf2m
.fi Note that ec_gf2m is not strictly a public key algorithm, but a restriction on what curves are supported with ecdsa and ecdh\&.
.SH EXPORTS
.LP
.B
block_encrypt(Type, Key, Ivec, PlainText) -> CipherText
.br
.RS
.LP
Types:

.RS 3
Type = block_cipher() 
.br
Key = block_key() 
.br
PlainText = iodata() 
.br
IVec = CipherText = binary()
.br
.RE
.RE
.RS
.LP
Encrypt \fIPlainText\fR\&according to \fIType\fR\& block cipher\&. \fIIVec\fR\& is an arbitrary initializing vector\&.
.LP
May throw exception \fInotsup\fR\& in case the chosen \fIType\fR\& is not supported by the underlying OpenSSL implementation\&.
.RE

.LP
.B
block_decrypt(Type, Key, Ivec, CipherText) -> PlainText
.br
.RS
.LP
Types:

.RS 3
Type = block_cipher() 
.br
Key = block_key() 
.br
PlainText = iodata() 
.br
IVec = CipherText = binary()
.br
.RE
.RE
.RS
.LP
Decrypt \fICipherText\fR\&according to \fIType\fR\& block cipher\&. \fIIVec\fR\& is an arbitrary initializing vector\&.
.LP
May throw exception \fInotsup\fR\& in case the chosen \fIType\fR\& is not supported by the underlying OpenSSL implementation\&.
.RE

.LP
.B
bytes_to_integer(Bin) -> Integer 
.br
.RS
.LP
Types:

.RS 3
Bin = binary() - as returned by crypto functions
.br
Integer = integer() 
.br
.RE
.RE
.RS
.LP
Convert binary representation, of an integer, to an Erlang integer\&.
.RE

.LP
.B
compute_key(Type, OthersPublicKey, MyKey, Params) -> SharedSecret
.br
.RS
.LP
Types:

.RS 3
 Type = dh | ecdh | srp 
.br
OthersPublicKey = dh_public() | ecdh_public() | srp_public() 
.br
MyKey = dh_private() | ecdh_private() | {srp_public(),srp_private()}
.br
Params = dh_params() | ecdh_params() | SrpUserParams | SrpHostParams
.br
SrpUserParams = {user, [DerivedKey::binary(), Prime::binary(), Generator::binary(), Version::atom() | [Scrambler:binary()]]} 
.br
SrpHostParams = {host, [Verifier::binary(), Prime::binary(), Version::atom() | [Scrambler::binary]]} 
.br
SharedSecret = binary()
.br
.RE
.RE
.RS
.LP
Computes the shared secret from the private key and the other party\&'s public key\&. See also \fBpublic_key:compute_key/2\fR\& 
.RE

.LP
.B
exor(Data1, Data2) -> Result
.br
.RS
.LP
Types:

.RS 3
Data1, Data2 = iodata()
.br
Result = binary()
.br
.RE
.RE
.RS
.LP
Performs bit-wise XOR (exclusive or) on the data supplied\&.
.RE

.LP
.B
generate_key(Type, Params) -> {PublicKey, PrivKeyOut} 
.br
.B
generate_key(Type, Params, PrivKeyIn) -> {PublicKey, PrivKeyOut} 
.br
.RS
.LP
Types:

.RS 3
 Type = dh | ecdh | srp 
.br
Params = dh_params() | ecdh_params() | SrpUserParams | SrpHostParams 
.br
SrpUserParams = {user, [Generator::binary(), Prime::binary(), Version::atom()]}
.br
SrpHostParams = {host, [Verifier::binary(), Generator::binary(), Prime::binary(), Version::atom()]}
.br
PublicKey = dh_public() | ecdh_public() | srp_public() 
.br
PrivKeyIn = undefined | dh_private() | srp_private() 
.br
PrivKeyOut = dh_private() | ecdh_private() | srp_private() 
.br
.RE
.RE
.RS
.LP
Generates public keys of type \fIType\fR\&\&. See also \fBpublic_key:generate_key/1\fR\& 
.RE

.LP
.B
hash(Type, Data) -> Digest
.br
.RS
.LP
Types:

.RS 3
Type = md4 | hash_algorithms()
.br
Data = iodata()
.br
Digest = binary()
.br
.RE
.RE
.RS
.LP
Computes a message digest of type \fIType\fR\& from \fIData\fR\&\&.
.LP
May throw exception \fInotsup\fR\& in case the chosen \fIType\fR\& is not supported by the underlying OpenSSL implementation\&.
.RE

.LP
.B
hash_init(Type) -> Context
.br
.RS
.LP
Types:

.RS 3
Type = md4 | hash_algorithms()
.br
.RE
.RE
.RS
.LP
Initializes the context for streaming hash operations\&. \fIType\fR\& determines which digest to use\&. The returned context should be used as argument to \fBhash_update\fR\&\&.
.LP
May throw exception \fInotsup\fR\& in case the chosen \fIType\fR\& is not supported by the underlying OpenSSL implementation\&.
.RE

.LP
.B
hash_update(Context, Data) -> NewContext
.br
.RS
.LP
Types:

.RS 3
Data = iodata()
.br
.RE
.RE
.RS
.LP
Updates the digest represented by \fIContext\fR\& using the given \fIData\fR\&\&. \fIContext\fR\& must have been generated using \fBhash_init\fR\& or a previous call to this function\&. \fIData\fR\& can be any length\&. \fINewContext\fR\& must be passed into the next call to \fIhash_update\fR\& or \fBhash_final\fR\&\&.
.RE

.LP
.B
hash_final(Context) -> Digest
.br
.RS
.LP
Types:

.RS 3
Digest = binary()
.br
.RE
.RE
.RS
.LP
Finalizes the hash operation referenced by \fIContext\fR\& returned from a previous call to \fBhash_update\fR\&\&. The size of \fIDigest\fR\& is determined by the type of hash function used to generate it\&.
.RE

.LP
.B
hmac(Type, Key, Data) -> Mac
.br
.B
hmac(Type, Key, Data, MacLength) -> Mac
.br
.RS
.LP
Types:

.RS 3
Type = hash_algorithms() - except ripemd160
.br
Key = iodata()
.br
Data = iodata()
.br
MacLength = integer()
.br
Mac = binary()
.br
.RE
.RE
.RS
.LP
Computes a HMAC of type \fIType\fR\& from \fIData\fR\& using \fIKey\fR\& as the authentication key\&.\fIMacLength\fR\& will limit the size of the resultant \fIMac\fR\&\&. 
.RE

.LP
.B
hmac_init(Type, Key) -> Context
.br
.RS
.LP
Types:

.RS 3
Type = hash_algorithms() - except ripemd160
.br
Key = iodata()
.br
Context = binary()
.br
.RE
.RE
.RS
.LP
Initializes the context for streaming HMAC operations\&. \fIType\fR\& determines which hash function to use in the HMAC operation\&. \fIKey\fR\& is the authentication key\&. The key can be any length\&.
.RE

.LP
.B
hmac_update(Context, Data) -> NewContext
.br
.RS
.LP
Types:

.RS 3
Context = NewContext = binary()
.br
Data = iodata()
.br
.RE
.RE
.RS
.LP
Updates the HMAC represented by \fIContext\fR\& using the given \fIData\fR\&\&. \fIContext\fR\& must have been generated using an HMAC init function (such as \fBhmac_init\fR\&)\&. \fIData\fR\& can be any length\&. \fINewContext\fR\& must be passed into the next call to \fIhmac_update\fR\& or to one of the functions \fBhmac_final\fR\& and \fBhmac_final_n\fR\& 
.LP

.RS -4
.B
Warning:
.RE
Do not use a \fIContext\fR\& as argument in more than one call to hmac_update or hmac_final\&. The semantics of reusing old contexts in any way is undefined and could even crash the VM in earlier releases\&. The reason for this limitation is a lack of support in the underlying OpenSSL API\&.

.RE

.LP
.B
hmac_final(Context) -> Mac
.br
.RS
.LP
Types:

.RS 3
Context = Mac = binary()
.br
.RE
.RE
.RS
.LP
Finalizes the HMAC operation referenced by \fIContext\fR\&\&. The size of the resultant MAC is determined by the type of hash function used to generate it\&.
.RE

.LP
.B
hmac_final_n(Context, HashLen) -> Mac
.br
.RS
.LP
Types:

.RS 3
Context = Mac = binary()
.br
HashLen = non_neg_integer()
.br
.RE
.RE
.RS
.LP
Finalizes the HMAC operation referenced by \fIContext\fR\&\&. \fIHashLen\fR\& must be greater than zero\&. \fIMac\fR\& will be a binary with at most \fIHashLen\fR\& bytes\&. Note that if HashLen is greater than the actual number of bytes returned from the underlying hash, the returned hash will have fewer than \fIHashLen\fR\& bytes\&.
.RE

.LP
.B
info_lib() -> [{Name,VerNum,VerStr}]
.br
.RS
.LP
Types:

.RS 3
Name = binary()
.br
VerNum = integer()
.br
VerStr = binary()
.br
.RE
.RE
.RS
.LP
Provides the name and version of the libraries used by crypto\&.
.LP
\fIName\fR\& is the name of the library\&. \fIVerNum\fR\& is the numeric version according to the library\&'s own versioning scheme\&. \fIVerStr\fR\& contains a text variant of the version\&.
.LP
.nf

> info_lib()\&.
[{<<"OpenSSL">>,9469983,<<"OpenSSL 0.9.8a 11 Oct 2005">>}]
        
.fi
.LP

.RS -4
.B
Note:
.RE
From OTP R16 the \fInumeric version\fR\& represents the version of the OpenSSL \fIheader files\fR\& (\fIopenssl/opensslv\&.h\fR\&) used when crypto was compiled\&. The text variant represents the OpenSSL library used at runtime\&. In earlier OTP versions both numeric and text was taken from the library\&.

.RE

.LP
.B
mod_pow(N, P, M) -> Result
.br
.RS
.LP
Types:

.RS 3
N, P, M = binary() | integer()
.br
Result = binary() | error
.br
.RE
.RE
.RS
.LP
Computes the function \fIN^P mod M\fR\&\&.
.RE

.LP
.B
next_iv(Type, Data) -> NextIVec
.br
.B
next_iv(Type, Data, IVec) -> NextIVec
.br
.RS
.LP
Types:

.RS 3
Type = des_cbc | des3_cbc | aes_cbc | des_cfb
.br
Data = iodata()
.br
IVec = NextIVec = binary()
.br
.RE
.RE
.RS
.LP
Returns the initialization vector to be used in the next iteration of encrypt/decrypt of type \fIType\fR\&\&. \fIData\fR\& is the encrypted data from the previous iteration step\&. The \fIIVec\fR\& argument is only needed for \fIdes_cfb\fR\& as the vector used in the previous iteration step\&.
.RE

.LP
.B
private_decrypt(Type, CipherText, PrivateKey, Padding) -> PlainText
.br
.RS
.LP
Types:

.RS 3
Type = rsa
.br
CipherText = binary()
.br
PrivateKey = rsa_private()
.br
Padding = rsa_pkcs1_padding | rsa_pkcs1_oaep_padding | rsa_no_padding
.br
PlainText = binary()
.br
.RE
.RE
.RS
.LP
Decrypts the \fICipherText\fR\&, encrypted with \fBpublic_encrypt/4\fR\& (or equivalent function) using the \fIPrivateKey\fR\&, and returns the plaintext (message digest)\&. This is a low level signature verification operation used for instance by older versions of the SSL protocol\&. See also \fBpublic_key:decrypt_private/[2,3]\fR\& 
.RE

.LP
.B
private_encrypt(Type, PlainText, PrivateKey, Padding) -> CipherText
.br
.RS
.LP
Types:

.RS 3
Type = rsa
.br
PlainText = binary()
.br
.RS 2
 The size of the \fIPlainText\fR\& must be less than \fIbyte_size(N)-11\fR\& if \fIrsa_pkcs1_padding\fR\& is used, and \fIbyte_size(N)\fR\& if \fIrsa_no_padding\fR\& is used, where N is public modulus of the RSA key\&.
.RE
PrivateKey = rsa_private()
.br
Padding = rsa_pkcs1_padding | rsa_no_padding
.br
CipherText = binary()
.br
.RE
.RE
.RS
.LP
Encrypts the \fIPlainText\fR\& using the \fIPrivateKey\fR\& and returns the ciphertext\&. This is a low level signature operation used for instance by older versions of the SSL protocol\&. See also \fBpublic_key:encrypt_private/[2,3]\fR\& 
.RE

.LP
.B
public_decrypt(Type, CipherText, PublicKey, Padding) -> PlainText
.br
.RS
.LP
Types:

.RS 3
Type = rsa
.br
CipherText = binary()
.br
PublicKey = rsa_public() 
.br
Padding = rsa_pkcs1_padding | rsa_no_padding
.br
PlainText = binary()
.br
.RE
.RE
.RS
.LP
Decrypts the \fICipherText\fR\&, encrypted with \fBprivate_encrypt/4\fR\&(or equivalent function) using the \fIPrivateKey\fR\&, and returns the plaintext (message digest)\&. This is a low level signature verification operation used for instance by older versions of the SSL protocol\&. See also \fBpublic_key:decrypt_public/[2,3]\fR\& 
.RE

.LP
.B
public_encrypt(Type, PlainText, PublicKey, Padding) -> CipherText
.br
.RS
.LP
Types:

.RS 3
Type = rsa
.br
PlainText = binary()
.br
.RS 2
 The size of the \fIPlainText\fR\& must be less than \fIbyte_size(N)-11\fR\& if \fIrsa_pkcs1_padding\fR\& is used, and \fIbyte_size(N)\fR\& if \fIrsa_no_padding\fR\& is used, where N is public modulus of the RSA key\&.
.RE
PublicKey = rsa_public()
.br
Padding = rsa_pkcs1_padding | rsa_pkcs1_oaep_padding | rsa_no_padding
.br
CipherText = binary()
.br
.RE
.RE
.RS
.LP
Encrypts the \fIPlainText\fR\& (message digest) using the \fIPublicKey\fR\& and returns the \fICipherText\fR\&\&. This is a low level signature operation used for instance by older versions of the SSL protocol\&. See also \fBpublic_key:encrypt_public/[2,3]\fR\& 
.RE

.LP
.B
rand_bytes(N) -> binary()
.br
.RS
.LP
Types:

.RS 3
N = integer()
.br
.RE
.RE
.RS
.LP
Generates N bytes randomly uniform 0\&.\&.255, and returns the result in a binary\&. Uses the \fIcrypto\fR\& library pseudo-random number generator\&.
.RE

.LP
.B
rand_seed(Seed) -> ok
.br
.RS
.LP
Types:

.RS 3
Seed = binary()
.br
.RE
.RE
.RS
.LP
Set the seed for PRNG to the given binary\&. This calls the RAND_seed function from openssl\&. Only use this if the system you are running on does not have enough "randomness" built in\&. Normally this is when \fB stong_rand_bytes/1\fR\& returns \fIlow_entropy\fR\&
.RE

.LP
.B
rand_uniform(Lo, Hi) -> N
.br
.RS
.LP
Types:

.RS 3
Lo, Hi, N = integer()
.br
.RE
.RE
.RS
.LP
Generate a random number \fIN, Lo =< N < Hi\&.\fR\& Uses the \fIcrypto\fR\& library pseudo-random number generator\&. \fIHi\fR\& must be larger than \fILo\fR\&\&.
.RE

.LP
.B
sign(Algorithm, DigestType, Msg, Key) -> binary()
.br
.RS
.LP
Types:

.RS 3
Algorithm = rsa | dss | ecdsa 
.br
Msg = binary() | {digest,binary()}
.br
.RS 2
The msg is either the binary "cleartext" data to be signed or it is the hashed value of "cleartext" i\&.e\&. the digest (plaintext)\&.
.RE
DigestType = digest_type()
.br
Key = rsa_private() | dss_private() | [ecdh_private(),ecdh_params()]
.br
.RE
.RE
.RS
.LP
Creates a digital signature\&.
.LP
Algorithm \fIdss\fR\& can only be used together with digest type \fIsha\fR\&\&. See also \fBpublic_key:sign/3\fR\&
.RE

.LP
.B
start() -> ok
.br
.RS
.LP
Equivalent to application:start(crypto)\&.
.RE

.LP
.B
stop() -> ok
.br
.RS
.LP
Equivalent to application:stop(crypto)\&.
.RE

.LP
.B
strong_rand_bytes(N) -> binary()
.br
.RS
.LP
Types:

.RS 3
N = integer()
.br
.RE
.RE
.RS
.LP
Generates N bytes randomly uniform 0\&.\&.255, and returns the result in a binary\&. Uses a cryptographically secure prng seeded and periodically mixed with operating system provided entropy\&. By default this is the \fIRAND_bytes\fR\& method from OpenSSL\&.
.LP
May throw exception \fIlow_entropy\fR\& in case the random generator failed due to lack of secure "randomness"\&.
.RE

.LP
.B
stream_init(Type, Key) -> State
.br
.RS
.LP
Types:

.RS 3
Type = rc4 
.br
State = opaque() 
.br
Key = iodata()
.br
.RE
.RE
.RS
.LP
Initializes the state for use in RC4 stream encryption \fBstream_encrypt\fR\& and \fBstream_decrypt\fR\&
.RE

.LP
.B
stream_init(Type, Key, IVec) -> State
.br
.RS
.LP
Types:

.RS 3
Type = aes_ctr 
.br
State = opaque() 
.br
Key = iodata()
.br
IVec = binary()
.br
.RE
.RE
.RS
.LP
Initializes the state for use in streaming AES encryption using Counter mode (CTR)\&. \fIKey\fR\& is the AES key and must be either 128, 192, or 256 bts long\&. \fIIVec\fR\& is an arbitrary initializing vector of 128 bits (16 bytes)\&. This state is for use with \fBstream_encrypt\fR\& and \fBstream_decrypt\fR\&\&.
.RE

.LP
.B
stream_encrypt(State, PlainText) -> { NewState, CipherText}
.br
.RS
.LP
Types:

.RS 3
Text = iodata()
.br
CipherText = binary()
.br
.RE
.RE
.RS
.LP
Encrypts \fIPlainText\fR\& according to the stream cipher \fIType\fR\& specified in stream_init/3\&. \fIText\fR\& can be any number of bytes\&. The initial \fIState\fR\& is created using \fBstream_init\fR\&\&. \fINewState\fR\& must be passed into the next call to \fIstream_encrypt\fR\&\&.
.RE

.LP
.B
stream_decrypt(State, CipherText) -> { NewState, PlainText }
.br
.RS
.LP
Types:

.RS 3
CipherText = iodata()
.br
PlainText = binary()
.br
.RE
.RE
.RS
.LP
Decrypts \fICipherText\fR\& according to the stream cipher \fIType\fR\& specified in stream_init/3\&. \fIPlainText\fR\& can be any number of bytes\&. The initial \fIState\fR\& is created using \fBstream_init\fR\&\&. \fINewState\fR\& must be passed into the next call to \fIstream_encrypt\fR\&\&.
.RE

.LP
.B
supports() -> AlgorithmList 
.br
.RS
.LP
Types:

.RS 3
 AlgorithmList = [{hashs, [hash_algorithms()]}, {ciphers, [cipher_algorithms()]}, {public_keys, [public_key_algorithms()]} 
.br
.RE
.RE
.RS
.LP
Can be used to determine which crypto algorithms that are supported by the underlying OpenSSL library
.RE

.LP
.B
ec_curves() -> EllipticCurveList 
.br
.RS
.LP
Types:

.RS 3
EllipticCurveList = [ec_named_curve()]
.br
.RE
.RE
.RS
.LP
Can be used to determine which named elliptic curves are supported\&.
.RE

.LP
.B
ec_curve(NamedCurve) -> EllipticCurve 
.br
.RS
.LP
Types:

.RS 3
NamedCurve = ec_named_curve()
.br
EllipticCurve = ec_explicit_curve()
.br
.RE
.RE
.RS
.LP
Return the defining parameters of a elliptic curve\&.
.RE

.LP
.B
verify(Algorithm, DigestType, Msg, Signature, Key) -> boolean()
.br
.RS
.LP
Types:

.RS 3
 Algorithm = rsa | dss | ecdsa 
.br
Msg = binary() | {digest,binary()}
.br
.RS 2
The msg is either the binary "cleartext" data or it is the hashed value of "cleartext" i\&.e\&. the digest (plaintext)\&.
.RE
DigestType = digest_type()
.br
Signature = binary()
.br
Key = rsa_public() | dss_public() | [ecdh_public(),ecdh_params()]
.br
.RE
.RE
.RS
.LP
Verifies a digital signature
.LP
Algorithm \fIdss\fR\& can only be used together with digest type \fIsha\fR\&\&. See also \fBpublic_key:verify/4\fR\&
.RE