diff --git a/.github/workflows/hex-publish.yml b/.github/workflows/hex-publish.yml
new file mode 100644
index 0000000..4592c83
--- /dev/null
+++ b/.github/workflows/hex-publish.yml
@@ -0,0 +1,18 @@
+name: Hex Publish
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out
+        uses: actions/checkout@v2
+
+      - name: Publish to Hex.pm
+        uses: erlangpack/github-action@v1
+        env:
+          HEX_API_KEY: ${{ secrets.HEX_API_KEY }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..8dba323
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,36 @@
+# This workflow checks the tests and dialyzer.
+
+name: Test
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the master branch
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  linux:
+    name: Test on OTP ${{ matrix.otp_version }}
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        otp_version: [22.3, 23.2.5, 24.0.1]
+        os: [ubuntu-latest]
+
+    container:
+      image: erlang:${{ matrix.otp_version }}
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Compile
+        run: make
+      - name: Test
+        run: make test
+      - name: XRef
+        run: make xref
+      - name: Dialyzer
+        run: make dialyzer
diff --git a/.gitignore b/.gitignore
index a476804..c5b9e8a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,7 +2,9 @@ ebin
 deps
 .eunit
 .ct
-.rebar
+.rebar3
+rebar3
 logs
 test/*.beam
 erl_crash.dump
+_build
diff --git a/Makefile b/Makefile
index ee9c8cf..f113927 100644
--- a/Makefile
+++ b/Makefile
@@ -1,29 +1,31 @@
-all: deps compile check test
+ERL ?= erl
+REBAR := ./rebar3
+REBAR_URL := https://s3.amazonaws.com/rebar3/rebar3
 
-deps:
-	rebar get-deps
+.PHONY: all compile check test clean
 
-compile:
-	rebar compile
+all: ./rebar3 compile check test
+
+$(REBAR):
+	$(ERL) -noshell -s inets -s ssl \
+	  -eval '{ok, saved_to_file} = httpc:request(get, {"$(REBAR_URL)", []}, [{ssl, [ {verify, verify_none} ]}], [{stream, "$(REBAR)"}])' \
+	  -s init stop
+	chmod +x $(REBAR)
 
-run: compile
-	sh start.sh
+compile:
+	$(REBAR) compile
 
 clean:
-	rebar clean
-	rm -fr ebin .ct test/*.beam
+	$(REBAR) clean
 
 check:
-	rebar eunit skip_deps=true
-
-test: deps compile check
-	#rebar ct
-	mkdir -p .ct
-	ct_run -dir test -logdir .ct -pa ebin
+	$(REBAR) eunit
 
-dist: deps compile
-	echo TODO
+test: compile check
+	$(REBAR) ct
 
-.PHONY: all deps compile check test run clean dist
-.SILENT:
+dialyzer:
+	$(REBAR) dialyzer
 
+xref:
+	$(REBAR) xref
diff --git a/rebar.config b/rebar.config
index 17effc6..6cf888b 100644
--- a/rebar.config
+++ b/rebar.config
@@ -15,3 +15,9 @@
 ]}.
 
 {cover_enabled, true}.
+
+{xref_checks, [
+    undefined_function_calls,
+    locals_not_used,
+    deprecated_function_calls
+]}.
diff --git a/rebar.lock b/rebar.lock
new file mode 100644
index 0000000..57afcca
--- /dev/null
+++ b/rebar.lock
@@ -0,0 +1 @@
+[].
diff --git a/src/termit.erl b/src/termit.erl
index 7c5cd4c..f86f1a7 100644
--- a/src/termit.erl
+++ b/src/termit.erl
@@ -75,47 +75,12 @@ decode(Bin, _) when is_binary(Bin) ->
   {error, forged}.
 
 
-
--ifdef(crypto_compatibility).
--spec key(
-    Secret :: binary()) ->
-  MAC16 :: binary().
-
-key(Secret) ->
-  crypto:md5_mac(Secret, []).
-
--spec sign(
-    Data :: binary(),
-    Secret :: binary()) ->
-  MAC20 :: binary().
-
-sign(Data, Key) ->
-  crypto:sha_mac(Key, Data).
-
--spec encrypt(
-    Data :: binary(),
-    Key :: binary(),
-    IV :: binary()) ->
-  Cipher :: binary().
-
-encrypt(Data, Key, IV) ->
-  Crypt = crypto:aes_cfb_128_encrypt(Key, IV, Data),
-  << IV/binary, Crypt/binary>>.
-
--spec uncrypt(
-    Cipher :: binary(),
-    Key :: binary()) ->
-  Uncrypted :: binary().
-
-uncrypt(<< IV:16/binary, Data/binary >>, Key) ->
-  crypto:aes_cfb_128_decrypt(Key, IV, Data).
--else
 -spec key(
     Secret :: binary()) ->
   MAC16 :: binary().
 
 key(Secret) ->
-  crypto:hmac(md5, Secret, []).
+  crypto:mac(hmac, md5, Secret, []).
 
 -spec sign(
     Data :: binary(),
@@ -123,7 +88,7 @@ key(Secret) ->
   MAC20 :: binary().
 
 sign(Data, Key) ->
-  crypto:hmac(sha, Key, Data).
+  crypto:mac(hmac, sha, Key, Data).
 -spec encrypt(
     Data :: binary(),
     Key  :: binary(),
@@ -131,7 +96,7 @@ sign(Data, Key) ->
   Cipher :: binary().
 
 encrypt(Data, Key, IV) ->
-  Crypt = crypto:block_encrypt(aes_cfb128, Key, IV, Data),
+  Crypt = crypto:crypto_one_time(aes_128_cfb128, Key, IV, Data, true),
   << IV/binary, Crypt/binary>>.
 
 -spec uncrypt(
@@ -140,9 +105,8 @@ encrypt(Data, Key, IV) ->
   Uncrypted :: binary().
 
 uncrypt(<< IV:16/binary, Data/binary >>, Key) ->
-  crypto:block_decrypt(aes_cfb128, Key, IV, Data).
+  crypto:crypto_one_time(aes_128_cfb128, Key, IV, Data, false).
 
--endif.
 
 %%
 %% -----------------------------------------------------------------------------
@@ -286,7 +250,7 @@ rand_uniform(N) ->
 
 encrypt_test() ->
   IV = crypto:strong_rand_bytes(16),
-  Secret = crypto:hmac(md5, <<"Make It Elegant">>, []),
+  Secret = crypto:mac(hmac, md5, <<"Make It Elegant">>, []),
   << Secret15:15/binary, _/binary >> = Secret,
   Bin = <<"Transire Benefaciendo">>,
   ?assertEqual(Bin, uncrypt(encrypt(Bin, Secret, IV), Secret)),