Security

Overview

Use the Security framework to protect information, establish trust, and control access to software. Broadly, security services support these goals:

• Establish a user’s identity (authentication) and then selectively grant access to resources (authorization).

• Secure data, both on disk and in motion across a network connection.

• Ensure the validity of code to be executed for a particular purpose.

As shown in the image below, you can also use lower level cryptographic resources to create new secure services. Cryptography is difficult and the cost of bugs typically so high that it’s rarely a good idea to implement your own cryptography solution. Rely on the Security framework when you need cryptography in your app.

[Image]

Topics

Essentials

• Security updates

Authorization and authentication

• Password AutoFill
• Shared Web Credentials
• Authorization Services
• Authorization Plug-ins
• Sessions
• One-time codes

Secure data

• Keychain services
• Preventing Insecure Network Connections

Secure code

• Code Signing Services
• Notarizing macOS software before distribution
• Preparing your app to work with pointer authentication
• App Sandbox
• Hardened Runtime
• Disabling and Enabling System Integrity Protection
• Using the latest code signature format
• Updating Mac Software
• TN3125: Inside Code Signing: Provisioning Profiles

Launch environment constraints

• Applying launch environment and library constraints
• Defining launch environment and library constraints
• Constraining a tool’s launch environment

Cryptography

• Complying with Encryption Export Regulations
• Certificate, Key, and Trust Services
• Cryptographic Message Syntax Services
• Randomization Services
• Security Transforms
• ASN.1

Result codes

• Security Framework Result Codes

Legacy interfaces

• Common Security Services Manager
• Secure Transport
• Secure Download
• Security legacy reference

Reference

• Security Structures
• Security Constants
• Security Functions
• Security Data Types

Variables

• CSSM_APPLE_PRIVATE_CSPDL_CODE_28
• TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
• errSecCSDetachedCertificates
• errSecCSMultipleSelfSigning
• errSecCSRemoteSignerFirstSlotFull
• errSecCSRemoteSignerSecondSlotFull
• errSecCSUnsupportedAlgorithm
• errSecMissingQualifiedCertStatement
• kSecCFErrorDetachedCertificates
• kSecCS_MAX_SIGNATURES
• kSecCodeInfoChosenSignature
• kSecCodeInfoSignerInfoSKID
• kSecCodeInfoTotalSignatures
• kSecPolicyAppleEAPClient
• kSecPolicyAppleEAPServer
• kSecPolicyAppleIPSecClient
• kSecPolicyAppleIPSecServer
• kSecPolicyAppleSSLClient
• kSecPolicyAppleSSLServer
• kSecTrustQCStatements
• kSecTrustQWACValidation

Functions

• SecIdentityCreate(_:_:_:)
• sec_protocol_metadata_copy_negotiated_protocol(_:)
• sec_protocol_metadata_copy_server_name(_:)

Type Aliases

• CE_DataType
• CE_ExtendedKeyUsage
• CE_GeneralNameType