antikythera v0.2.0 Antikythera.Crypto.Aes View Source

Easy to use data encryption/decryption utilities.

Both Counter (CTR) mode and Galois/Counter mode (GCM) are supported. When only secrecy of data is required, use CTR mode. If you need not only secrecy but also data integrity, use GCM.

Deriving an AES key from given password

The functions defined in this module accept arbitrary binary as password. To make an AES key (which is 128bit length) from a given password, the functions by default use MD5 hash algorithm. If you need to increase computational cost of key derivation and make attacks such as dictionary attacks more difficult, you may pass your own key derivation function. To implement your key derivation function you can use :pbkdf2 library.

Transparent handling of initialization vector

When encrypting given data, the encrypt function generates a random initialization vector and prepends it to the encrypted data. The decrypt function extracts the initialization vector and use it to decrypt the rest.

Associated Authenticated Data (AAD) for GCM

For GCM you may pass AAD (arbitrary binary) as an additional argument. AAD is used only for generating/validating authentication tag; it doesn’t affect resulting cipher text.

AAD can be used to provide contextual information for the authentication of cipher text. For example, you could pass “login user ID” as AAD when encrypting/decrypting each user’s data, This way, even when a malicious user who somehow copied another user’s encrypted data and secret key into his own account, you could prevent him from decrypting the data because of the difference in AAD.

If you don’t have any suitable data for AAD you can pass an empty string (which is the default value).

Link to this section Summary

Link to this section Types

Link to this type key128() View Source
key128() :: <<_::_*128>>

Link to this section Functions

Link to this function ctr128_decrypt(encrypted, password, key_derivation_fun \\ &md5/1) View Source
ctr128_decrypt(binary(), binary(), (binary() -> key128())) :: Croma.Result.t(binary())
Link to this function ctr128_encrypt(plain, password, key_derivation_fun \\ &md5/1) View Source
ctr128_encrypt(binary(), binary(), (binary() -> key128())) :: binary()
Link to this function gcm128_decrypt(encrypted, password, aad \\ "", key_derivation_fun \\ &md5/1) View Source
gcm128_decrypt(binary(), binary(), binary(), (binary() -> key128())) :: Croma.Result.t(binary())
Link to this function gcm128_encrypt(plain, password, aad \\ "", key_derivation_fun \\ &md5/1) View Source
gcm128_encrypt(binary(), binary(), binary(), (binary() -> key128())) :: binary()