What’s new in CryptoKit
September 8, 2020
People expect apps to be secure and their data to be protected. You may need to perform cryptographic operations to implement features such as authentication, message encryption, or to meet regulatory requirements. CryptoKit is a Swift framework that makes it easier and safer to perform common cryptographic operations, whether you simply need to compute a hash or are implementing a more advanced authentication protocol. This year, CryptoKit adds new APIs for HMAC-based Extract-and-Expand Key Derivation Functions (HKDF), support for PEM and DER formats, and with Swift Crypto your code can now run everywhere Swift runs.
HKDF
Key derivation functions allow you to derive one or more secrets of the size of your choice from a master key or passcode. Starting in iOS 14, you can now use standalone APIs for HKDF. Integrate the easy to use one-shot variant for quick tasks such as deriving multiple keys from a master secret, or the two-step extract and expand API with fine-grained control over the key derivation process. In prior versions of iOS, HKDF was supported only when deriving a symmetric key from an elliptic curve key agreement protocol.
PEM and DER formats for encoding elliptic curve keys
PEM and DER formats are now supported directly in CryptoKit. You can now directly pass a PEM string or DER-encoded data to initialize CryptoKit public and private keys, without using another library to perform the conversion.
Portability
With Swift Crypto you can create cross-platform solutions using the CryptoKit APIs on all platforms that Swift supports, including Linux and servers. Portability is important when you need to run the same code on your client and server, such as supporting two-factor authentication using a One-Time Password.