Erlang standard library: crypto
- Consider using higher-level APIs to meet your application’s cryptographic needs
- Use the higher-level functions for operations with asymmetrical keys in the public_key application:
- Use public_key:sign/3,4 instead of crypto:sign/4,5
- Use public_key:verify/4,5 instead of crypto:verify/5,6
Background
The crypto application mostly exists to provide an API to cryptographic primitives of OpenSSL. Using these primitives in applications requires a thorough understanding of the underlying algorithms and the proper way to apply them. It is very easy to use otherwise sound cryptographic algorithms in ways that completely fail to meet the security requirements of an application.
Consider using a higher-level API that offers the functionality the application needs, e.g.:
- NaCl / libsodium, through the enacl package
- The plug_crypto package, for simple encrypt/decrypt or sign/verify operations, especially in Plug/Phoenix applications