About Cryptographic Services
Describes the encryption, decryption, signing, hashing, and other cryptographic technologies in OS X and iOS.
At a Glance
Some of the cryptographic services provided by iOS and macOS include:
Encryption and decryption (both general-purpose and special-purpose)
Key management using keychains
Cryptographically strong random number generation
Secure communication (SSL and TLS)
Secure storage using FileVault and iOS File Protection
Encryption, Signing and Verifying, and Digital Certificates Can Protect Data from Prying Eyes
There are two main types of encryption: symmetric encryption, in which a single shared key is used for encrypting and decrypting data, and asymmetric encryption, in which you use one key to encrypt data and a separate (but related) key to decrypt the data. You can use a hash to detect modifications to a piece of data. You can combine hashes with asymmetric keys to create a digital signature that, when verified against a digital certificate, proves the source of a piece of data. Digital certificates, in turn, are verified by verifying the signature of the party that signed the certificate, then verifying that party’s certificate, and so on until you reach a certificate that you trust inherently, called an anchor certificate .
Relevant Chapter: Cryptography Concepts In Depth
macOS and iOS Provide Encryption and Hashing APIs
macOS and iOS provide a number of APIs for encrypting and hashing data, including Keychain Services; Cryptographic Message Syntax Services; Certificate, Key, and Trust Services; and Security Transforms.
Relevant Chapter: Encrypting and Hashing Data
Keychains Help You Store Secret Information
If your app stores encryption keys, passwords, certificates, and other security-related information, use a keychain. Keychains provide secure storage for small pieces of information so that is not accessible by other apps running on the system, and so that it is accessible only after the user has logged in or unlocked the device. macOS and iOS provide two APIs for working with the keychain and keys obtained from the keychain: Certificate, Key, and Trust Services and Keychain Services.
Relevant Chapter: Managing Keys, Certificates, and Passwords
macOS and iOS Provide Cryptographically Secure Random Number Generation
Some cryptographic tasks require you to generate cryptographically strong pseudorandom numbers. Use the Randomization Services API to generate these numbers.
Relevant Chapter: Generating Random Numbers
macOS and iOS Provide Secure Network Communication APIs
Transmitting data securely requires a secure communications channel. macOS and iOS provide a number of APIs for establishing secure communications channels, including the URL Loading System, socket streams in Core Foundation and Foundation, and Secure Transport.
Relevant Chapter: Transmitting Data Securely
Deprecated Technologies
Although the CDSA and CSSM API is deprecated in macOS 10.7 and later, its documentation is provided as an appendix.
Relevant Chapter: CDSA Overview
Prerequisites
Before reading this document, you should be familiar with the concepts in Security Overview and Secure Coding Guide .
See Also
For more information about macOS authentication and authorization (built on top of encryption technologies), read Authentication, Authorization, and Permissions Guide .
Next
Copyright © 2018 Apple Inc. All Rights Reserved. Terms of Use | Privacy Policy | Updated: 2018-06-04