--- title: Security framework: security role: collection role_heading: Framework path: security --- # Security Secure the data your app manages, and control access to your app. ## Overview Overview Use the Security framework to protect information, establish trust, and control access to software. Broadly, security services support these goals: Establish a user’s identity (authentication) and then selectively grant access to resources (authorization). Secure data, both on disk and in motion across a network connection. Ensure the validity of code to be executed for a particular purpose. As shown in the image below, you can also use lower level cryptographic resources to create new secure services. Cryptography is difficult and the cost of bugs typically so high that it’s rarely a good idea to implement your own cryptography solution. Rely on the Security framework when you need cryptography in your app. note: Always use the highest level API that meets your needs. The Security framework is not always your best option. For example, to conduct secure network communications, start by considering the Foundation framework’s URL Loading System, which builds on the Security framework. Only if your app requires lower level access to security protocol functions would you use the secure transport API directly. ## Topics ### Essentials - [Security updates](updates/security.md) ### Authorization and authentication - [Password AutoFill](security/password-autofill.md) - [Shared Web Credentials](security/shared-web-credentials.md) - [Authorization Services](security/authorization-services.md) - [Authorization Plug-ins](security/authorization-plug-ins.md) - [Sessions](security/sessions.md) - [One-time codes](security/one-time-codes.md) ### Secure data - [Keychain services](security/keychain-services.md) - [Preventing Insecure Network Connections](security/preventing-insecure-network-connections.md) ### Secure code - [Code Signing Services](security/code-signing-services.md) - [Notarizing macOS software before distribution](security/notarizing-macos-software-before-distribution.md) - [Preparing your app to work with pointer authentication](security/preparing-your-app-to-work-with-pointer-authentication.md) - [App Sandbox](security/app-sandbox.md) - [Hardened Runtime](security/hardened-runtime.md) - [Disabling and Enabling System Integrity Protection](security/disabling-and-enabling-system-integrity-protection.md) - [Using the latest code signature format](xcode/using-the-latest-code-signature-format.md) - [Updating Mac Software](security/updating-mac-software.md) - [TN3125: Inside Code Signing: Provisioning Profiles](technotes/tn3125-inside-code-signing-provisioning-profiles.md) ### Launch environment constraints - [Applying launch environment and library constraints](security/applying-launch-environment-and-library-constraints.md) - [Defining launch environment and library constraints](security/defining-launch-environment-and-library-constraints.md) - [Constraining a tool’s launch environment](security/constraining-a-tool's-launch-environment.md) ### Cryptography - [Complying with Encryption Export Regulations](security/complying-with-encryption-export-regulations.md) - [Certificate, Key, and Trust Services](security/certificate-key-and-trust-services.md) - [Cryptographic Message Syntax Services](security/cryptographic-message-syntax-services.md) - [Randomization Services](security/randomization-services.md) - [Security Transforms](security/security-transforms.md) - [ASN.1](security/asn-1.md) ### Result codes - [Security Framework Result Codes](security/security-framework-result-codes.md) ### Legacy interfaces - [Common Security Services Manager](security/common-security-services-manager.md) - [Secure Transport](security/secure-transport.md) - [Secure Download](security/secure-download.md) - [Security legacy reference](security/security-legacy-reference.md) ### Reference - [Security Structures](security/security-structures.md) - [Security Constants](security/security-constants.md) - [Security Functions](security/security-functions.md) - [Security Data Types](security/security-data-types.md) ### Variables - [CSSM_APPLE_PRIVATE_CSPDL_CODE_28](security/cssm_apple_private_cspdl_code_28.md) - [TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256](security/tls_ecdhe_psk_with_chacha20_poly1305_sha256.md) - [errSecCSDetachedCertificates](security/errseccsdetachedcertificates.md) - [errSecCSMultipleSelfSigning](security/errseccsmultipleselfsigning.md) - [errSecCSRemoteSignerFirstSlotFull](security/errseccsremotesignerfirstslotfull.md) - [errSecCSRemoteSignerSecondSlotFull](security/errseccsremotesignersecondslotfull.md) - [errSecCSUnsupportedAlgorithm](security/errseccsunsupportedalgorithm.md) - [errSecMissingQualifiedCertStatement](security/errsecmissingqualifiedcertstatement.md) - [kSecCFErrorDetachedCertificates](security/kseccferrordetachedcertificates.md) - [kSecCS_MAX_SIGNATURES](security/kseccs_max_signatures.md) - [kSecCodeInfoChosenSignature](security/kseccodeinfochosensignature.md) - [kSecCodeInfoSignerInfoSKID](security/kseccodeinfosignerinfoskid.md) - [kSecCodeInfoTotalSignatures](security/kseccodeinfototalsignatures.md) - [kSecPolicyAppleEAPClient](security/ksecpolicyappleeapclient.md) - [kSecPolicyAppleEAPServer](security/ksecpolicyappleeapserver.md) - [kSecPolicyAppleIPSecClient](security/ksecpolicyappleipsecclient.md) - [kSecPolicyAppleIPSecServer](security/ksecpolicyappleipsecserver.md) - [kSecPolicyAppleSSLClient](security/ksecpolicyapplesslclient.md) - [kSecPolicyAppleSSLServer](security/ksecpolicyapplesslserver.md) - [kSecTrustQCStatements](security/ksectrustqcstatements.md) - [kSecTrustQWACValidation](security/ksectrustqwacvalidation.md) ### Functions - [SecIdentityCreate(_:_:_:)](security/secidentitycreate(_:_:_:).md) - [sec_protocol_metadata_copy_negotiated_protocol(_:)](security/sec_protocol_metadata_copy_negotiated_protocol(_:).md) - [sec_protocol_metadata_copy_server_name(_:)](security/sec_protocol_metadata_copy_server_name(_:).md) ### Type Aliases - [CE_DataType](security/ce_datatype-swift.typealias.md) - [CE_ExtendedKeyUsage](security/ce_extendedkeyusage-swift.typealias.md) - [CE_GeneralNameType](security/ce_generalnametype-swift.typealias.md)