Just in case, if any one is looking for a complete (encryption and decryption) working example. with new API
The new (OTP> 23) API is used.
Please see the below link for detailed documenation.
Erlang -- crypto
defmodule Aes do
@aad "AES256GCM"
require Logger
def encrypt(text_to_encrypt \\ "5123456789012346") do
Logger.info("Entering encrypt function")
Logger.info("Encryption - Text to Encrypt #{text_to_encrypt}")
dek = :crypto.strong_rand_bytes(32)
iv = :crypto.strong_rand_bytes(32)
case :crypto.crypto_one_time_aead(:aes_256_gcm, dek, iv, text_to_encrypt, @aad, true) do
{ciphertext, ciphertag} ->
Base.encode64(iv <> ciphertag <> ciphertext)
Logger.info("Encryption - DEK (Data Encryption Key) in Base64 #{Base.encode64(dek)}")
Logger.info("Encryption - IV (Intialization Vector) in Base64 #{Base.encode64(iv)}")
Logger.info("Encryption - Encrypted text value in Base64 #{Base.encode64(iv <> ciphertag <> ciphertext)}")
decrypt(iv <> ciphertag <> ciphertext, dek)
_ ->
Logger.info("Error in crypto.crypto_one_time_aead")
end
end
def decrypt(encrypted_text, dek) do
Logger.info("Entering decypt function")
<<iv::binary-32, ciphertag::binary-16, ciphertext::binary>> = encrypted_text
Logger.info("Decryption - DEK (Data Encryption Key) in Base64 #{Base.encode64(dek)}")
Logger.info("Decryption - IV (Intialization Vector) in Base64 #{Base.encode64(iv)}")
Logger.info("Decryption - CipherTag in Base64 #{Base.encode64(ciphertag)}")
Logger.info("Decryption - CipherText in Base64 #{Base.encode64(ciphertext)}")
Logger.info("Decryption - Decrypted text #{:crypto.crypto_one_time_aead(:aes_256_gcm, dek,iv, ciphertext, @aad, ciphertag, false)}")
:crypto.crypto_one_time_aead(:aes_256_gcm, dek,iv, ciphertext, @aad, ciphertag, false)
end
end
If you would like to learn how this all works together, please visit the below excellent url. (This uses the old API, be careful). It gives detailed understanding of whats under the hood).
