Raxol.Crypto (Raxol v2.6.0)

View Source

Cryptographic utilities for Raxol.

Provides encryption, decryption, and key derivation functions using industry-standard algorithms.

Example

key = Raxol.Crypto.derive_key(password, salt, iterations: 100_000)
encrypted = Raxol.Crypto.encrypt(plaintext, key)
decrypted = Raxol.Crypto.decrypt(encrypted, key)

Summary

Functions

Decrypt ciphertext encrypted with AES-256-GCM.

Derive a cryptographic key from a password using PBKDF2.

Encrypt plaintext using AES-256-GCM.

Generate a random key of the specified length.

Hash data using SHA-256.

Generate a secure random token.

Securely compare two binaries in constant time.

Functions

decrypt(ciphertext, key)

@spec decrypt(binary(), binary()) :: {:ok, binary()} | {:error, :decryption_failed}

Decrypt ciphertext encrypted with AES-256-GCM.

Example

{:ok, plaintext} = Raxol.Crypto.decrypt(encrypted, key)

derive_key(password, salt, opts \\ [])

@spec derive_key(binary(), binary(), keyword()) :: binary()

Derive a cryptographic key from a password using PBKDF2.

Options

  • :iterations - Number of PBKDF2 iterations (default: 100_000)
  • :length - Output key length in bytes (default: 32)
  • :hash - Hash algorithm (default: :sha256)

Example

key = Raxol.Crypto.derive_key(password, salt,
  iterations: 100_000,
  length: 32
)

encrypt(plaintext, key)

@spec encrypt(binary(), binary()) :: binary()

Encrypt plaintext using AES-256-GCM.

Example

encrypted = Raxol.Crypto.encrypt("secret data", key)

generate_key(length \\ 32)

@spec generate_key(pos_integer()) :: binary()

Generate a random key of the specified length.

Example

key = Raxol.Crypto.generate_key(32)

hash(data)

@spec hash(binary()) :: binary()

Hash data using SHA-256.

Example

hash = Raxol.Crypto.hash("data to hash")

random_token(length \\ 32)

@spec random_token(pos_integer()) :: String.t()

Generate a secure random token.

Example

token = Raxol.Crypto.random_token(32)

secure_compare(a, b)

@spec secure_compare(binary(), binary()) :: boolean()

Securely compare two binaries in constant time.

Prevents timing attacks when comparing secrets.