Most developers should pause on use of standard cryptography APIs. It’s easy to fuck up massively