# Themis Erlang NIF
<img src="https://img.shields.io/hexpm/v/themis_nif.svg" />

The Themis Erlang NIF module provides an interface to the [Themis](https://github.com/cossacklabs/themis) cryptographic framework.

## Installation

```bash
{:themis_nif, "~> 0.0.3"}
```

## Module Overview

The `themis_nif` module exports several functions for generating keys and encrypting/decrypting messages.

### Available Methods

| Method                |  Description                                                | Remarks |
|------------------------------|------------------------------------------------------------|-------------------------------------|
| `gen_ec_key_pair`                 | Generates an ECC (Elliptic Curve Cryptography) key pair.                | Public and private keys are generated. |
| `gen_rsa_key_pair`                | Generates an RSA key pair.                                              | Public and private keys are generated. |
| `gen_sym_key`                     | Generates a symmetric key, default length of 32 bytes.                  | Used for symmetric encryption methods. |
| `is_valid_key`                    | Checks if the provided key is valid based on length and format.        | Useful for key management and verification. |
| `is_private_key`                  | Checks if the provided key is a private key.                           | Ensures that private keys are kept secure. |
| `is_public_key`                   | Checks if the provided key is a public key.                            | Verifies the key type for communication. |
| `secure_cell_encrypt_seal`        | Encrypts bytes using a key in Seal mode for data protection and confidentiality. | Uses symmetric encryption with a protected key. |
| `secure_cell_decrypt_seal`        | Decrypts bytes that were encrypted using Seal mode, returning the original data. | Requires the same key used for encryption. |
| `secure_message_encrypt`       |  Encrypts a message using the sender's private key and the receiver's public key for confidentiality, integrity, and authenticity.    |    Uses ECC or RSA-based key pairs. |
| `secure_message_decrypt`       |  Decrypts an encrypted message using the receiver's private key and the sender's public key.    |    Ensures only authorized recipients can access the message. |
| `secure_message_sign`       |  Signs a message using the sender's private key, enabling integrity and authenticity.	|    Does not provide confidentiality. |
| `secure_message_verify`       |  Verifies the signature of a signed message using the corresponding public key.	|    Confirms the message's origin and integrity. |

### Missing API

The following API from the Themis API are currently not included in the `themis_nif` module:

-   [secure_session.c](https://github.com/cossacklabs/themis/blob/master/src/themis/secure_session.c "secure_session.c"): Handles secure session management.
-   [secure_comparator.c](https://github.com/cossacklabs/themis/blob/master/src/themis/secure_comparator.c "secure_comparator.c"): Provides functionalities for secure comparisons.

### Example Usage

```erlang
% Generate an EC key pair
{PublicKey, PrivateKey} = themis_nif:gen_ec_key_pair(),

% Validate a key
isValid = themis_nif:is_valid_key(PublicKey),

% Encrypt a message
EncryptedMessage = themis_nif:cell_seal_encrypt(PrivateKey, <<"Hello, World!">>),

% Decrypt the message
DecryptedMessage = themis_nif:cell_seal_decrypt(PrivateKey, EncryptedMessage).
```

## Contributing

Feel free to contribute by forking the repository and making pull requests for enhancements, bug fixes, or new features.