erlang加密模块crypto的一些使用
crypto
模块描述:
该模块提供一系列加密函数:
- 散列函数-安全散列标准,MD5报文摘要算法(RFC 1321)和MD4报文摘要算法(RFC 1320);
- Hmac函数-散列消息认证(RFC 2104)
- 分组密码-DES和AES的分组密码模式-ECB,CBC,CFB,OFB和CTR
- RSA加密(RFC 1321)
- 数字签名 数字签名标准(DSS)和椭圆曲线数字签名算法(ECDSA)
- 安全远程密码协议(RFC 2945)
数据类型:
key_value() = integer() | binary()
digest_type() = md5 | sha | sha224 | sha256 | sha384 | sha512
hash_algorithms() = md5 | ripemd160 | sha | sha224 | sha256 | sha384 | sha512
rsa_private() = [key_value()] = [E, N, D] | [E, N, D, P1, P2, E1, E2, C]
dss_private() = [key_value()] = [P, Q, G, X]
ecdh_private() = key_value()
ecdh_params() = ec_named_curve() | ec_explicit_curve()
ec_named_curve() ->
sect571r1| sect571k1| sect409r1| sect409k1| secp521r1| secp384r1| secp224r1| secp224k1|
secp192k1| secp160r2| secp128r2| secp128r1| sect233r1| sect233k1| sect193r2| sect193r1|
sect131r2| sect131r1| sect283r1| sect283k1| sect163r2| secp256k1| secp160k1| secp160r1|
secp112r2| secp112r1| sect113r2| sect113r1| sect239k1| sect163r1| sect163k1| secp256r1|
secp192r1|
brainpoolP160r1| brainpoolP160t1| brainpoolP192r1| brainpoolP192t1| brainpoolP224r1|
brainpoolP224t1| brainpoolP256r1| brainpoolP256t1| brainpoolP320r1| brainpoolP320t1|
brainpoolP384r1| brainpoolP384t1| brainpoolP512r1| brainpoolP512t1
ec_explicit_curve() = {ec_field(), Prime :: key_value(), Point :: key_value(), Order :: integer(), CoFactor :: none | integer()}
ec_field() = {prime_field, Prime :: integer()} | {characteristic_two_field, M :: integer(), Basis :: ec_basis()}
ec_basis() = {tpbasis, K :: non_neg_integer()} | {ppbasis, K1 :: non_neg_integer(), K2 :: non_neg_integer(), K3 :: non_neg_integer()} | onbasis
常用函数:
sign/4
用法:
sign(Algorithm, DigestType, Msg, Key) -> binary() when Algorithm = rsa | dss | ecdsa, DigestType = digest_type(), Msg = binary() | {digest, binary()}, Key = rsa_private() | dss_private() | [ecdh_private(), ecdh_params()].
生成数字签名,类似于public_key:sign/3。
verify/5
verify(Algorithm, DigestType, Msg, Signature, Key) -> boolean() when Algorithm = rsa | dss | ecdsa, DigestType = digest_type(), Msg = binary() | {digest,binary()}, Signature = binary(), Key = rsa_public() | dss_public() | [ecdh_public(),ecdh_params()].
数字签名验证,类似于public_key:verify/4。
hmac/3 & hmac/4
hmac(Type, Key, Data, MacLength) -> binary() when Type = 散列算法,除了ripemd160, Key = iodata(), Data = iodata(), MacLength = integer().
利用哈希算法,一个密钥Key和一个消息Data为输入,生成一个消息摘要。
