Apple Opens Up Cryptographic Libraries for Developers
Apple announced yesterday that it has opened up its cryptographic libraries in an effort to encourage developers to create more secure apps. In the light of recent malware attacks on both OS X and iOS, the move is more than welcome (via VentureBeat).
According to Apple, developers will get access to the “same libraries as secure iOS and OS X”, such as Security Framework and Common Crypto. Security Framework gives third-party developers interfaces for managing certificates, public and private keys, and trust policies, and supports the generation of cryptographically secure pseudorandom numbers.
The Common Crypto library gives additional support for operations such as symmetric encryption, hash-based message authentication codes, and digests.
Both Security Framework and Common Crypto rely on the corecrypto library to provide implementations of low level cryptographic primitives. This is also the library submitted for validation of compliance with U.S. Federal Information Processing Standards (FIPS) 140-2 Level 1. Although corecrypto does not directly provide programming interfaces for developers and should not be used by iOS or OS X apps, the source code is available to allow for verification of its security characteristics and correct functioning.
To learn more about the Apple’s open-source libraries, head over to Apple’s developer website.