Framework

Apple CryptoKit

Perform cryptographic operations securely and efficiently.

Overview

Use Apple CryptoKit to perform common cryptographic operations:

  • Compute and compare cryptographically secure digests.

  • Use public-key cryptography to create and evaluate digital signatures, and to perform key exchange. In addition to working with keys stored in memory, you can also use private keys stored in and managed by the Secure Enclave.

  • Generate symmetric keys, and use them in operations like message authentication and encryption.

Prefer CryptoKit over lower-level interfaces. CryptoKit frees your app from managing raw pointers, and automatically handles tasks that make your app more secure, like overwriting sensitive data during memory deallocation.

Topics

Essentials

Complying with Encryption Export Regulations

Declare the use of encryption in your app to streamline the app submission process.

Performing Common Cryptographic Operations

Use CryptoKit to carry out operations like hashing, key generation, and encryption.

Storing CryptoKit Keys in the Keychain

Convert between strongly typed cryptographic keys and native keychain types.

Cryptographically Secure Hashes

protocol HashFunction

A type that performs cryptographically secure hashing.

struct SHA512

An implementation of Secure Hashing Algorithm 2 (SHA-2) hashing with a 512-bit digest.

struct SHA384

An implementation of Secure Hashing Algorithm 2 (SHA-2) hashing with a 384-bit digest.

struct SHA256

An implementation of Secure Hashing Algorithm 2 (SHA-2) hashing with a 256-bit digest.

Message Authentication Codes

struct HMAC

A hash-based message authentication algorithm.

struct SymmetricKey

A symmetric cryptographic key.

Ciphers

enum AES

A container for Advanced Encryption Standard (AES) ciphers.

enum ChaChaPoly

An implementation of the ChaCha20-Poly1305 cipher.

Public-Key Cryptography

enum Curve25519

An elliptic curve that enables X25519 key agreement and ed25519 signatures.

enum P521

An elliptic curve that enables NIST P-521 signatures and key agreement.

enum P384

An elliptic curve that enables NIST P-384 signatures and key agreement.

enum P256

An elliptic curve that enables NIST P-256 signatures and key agreement.

enum SecureEnclave

A representation of a device’s hardware-based key manager.

struct SharedSecret

A key agreement result from which you can derive a symmetric cryptographic key.

Errors

enum CryptoKitError

General CryptoKit errors.

Legacy Algorithms

enum Insecure

A container for older, cryptographically insecure algorithms.