About Security Transforms
The security transforms application programming interface (API) is a set of C-based functions in the Security framework, based on Core Foundation. It provides high-level functions for performing cryptographic tasks, such as encryption, signing, and verification. Security transforms also provide support for encodings that are commonly used in conjunction with cryptographic signatures, such as Base64.
At a Glance
At a high level, security transforms take data in the form of a series of
CFDataRef objects and return similar objects. These Core Foundation data types are toll-free bridged to their Foundation equivalent (
NSData), so it is easy to use this API from within a Cocoa application.
As a special exception, because the read transform reads a file, it takes an
CFReadStreamRef object as its input and returns a
CFDataRef object that can be chained to the input of other transforms.
Each transform takes a parameters dictionary that you can use to specify encryption keys, input and output encoding, and so on. The specific dictionary keys and values supported by each transform type are described in the reference document for that specific transform type.
Security transforms can be used individually to perform a specific task, or can be used in a pipeline to perform a series of tasks on a single piece of data. For example, you might want to decode a Base64-encoded block of data, and then decrypt the resulting decoded data.
The underlying data flow architecture can also be extended to support custom transforms to perform custom encoding, encryption, or other data processing tasks specific to your application.
How to Use This Document
Begin by reading the chapter Security Transforms Basics. This chapter provides the foundation for understanding the chapters that follow, including a full code listing that demonstrates how to perform basic transforms (Base64 encoding and decoding).
If you need to take data from a file, you should read Reading Files. Otherwise, you can skip directly to Encryption and Decryption (to learn how to encrypt and decrypt files) or Signing and Verifying (to learn how to use public keys for computing and verifying signatures).
If you want to learn about creating your own transform types, read Creating Custom Transforms.
This document assumes a basic understanding of cryptography at a high level. It also assumes that you know what Base64 encoding is. Although detailed knowledge of cryptography or encoding formats is not required to understand the material in this book, you will likely need to know these things to some degree if you want to use what you learn.
For example, you need to have some idea of what types of encryption and padding formats (PKCS #7, for example) that your project requires.
Read Security Transforms Reference for detailed information about the security transforms API.