Apple introduced CryptoKit, a Swift based cryptoframework, at WWDC2019, which makes it easier to generate hashes, encrypt/decrypt data, sign digitally, and negotiate keys.

Hash value

  • Three Hash functions are provided:

    • SHA256
    • SHA384
    • SHA512
  • Hash ordinary Data of type Data

    let str = “Hello CryptoKit” let data = .utf8)!

    let hash256 = SHA256.hash(data: data) let hash384 = SHA384.hash(data: data) let hash512 = SHA512.hash(data: data)

    Print (hash256.description) copies the code

  • Hash file

    if let filePath = Bundle.main.path(forResource: “secret”, ofType: “json”), let data = FileManager.default.contents(atPath: filePath) {

    let hash256 = SHA256.hash(data: data)
    let hash384 = SHA384.hash(data: data)
    let hash512 = SHA512.hash(data: data)
    Copy the code

    } Duplicate code


HMAC can be understood as a more secure Hash, with the help of the Hash function described earlier.

Let salt = "YungFan". Data (using:.utf8)! // let key = SymmetricKey(size: .bits256) // HMAC with SHA256 let authenticationCode = HMAC<SHA256>.authenticationCode(for: salt, using: Key) print (authenticationCode) / / verification if HMAC < SHA256 >. IsValidAuthenticationCode (Data (authenticationCode), Authenticating: salt, using: key) {print(" not tampered ")} Copies the codeCopy the code

Encrypt and decrypt data

Aes-gcm and ChaChaPoly algorithms are supported. ChaChaChaPoly was chosen for development because it is officially faster on mobile devices. The core concept of ChaChaChaPoly is Chachachapoly. SealedBox, which can be understood as a data container accessible only by key. The encrypted ciphertext is placed in the data container during encryption operation, and the ciphertext needs to be extracted for decryption during decryption operation.

  • encryption

    // plaintext let STR = “Hello CryptoKit” let data =!

    Let key128 = SymmetricKey(size:.bits128) let key192 = SymmetricKey(size:. .bits192) let key256 = SymmetricKey(size: .bits256)

    // let encryptedContent = try? Chachapoly.seal (data, using: key256)

  • Decryption ps; IOS development exchange technology group: welcome to join, no matter you are big or small white welcome to enter, share BAT, Ali interview questions, interview experience, discuss technology, we exchange learning and growth together

    // encryptedContent = encryptedContent {if let sealedBox = try? ChaChaPoly.SealedBox(combined: encryptedContent) { if let decryptedContent = try?, using: key256) { print(String(data: decryptedContent, encoding: .utf8)) }

    Nonce let cipherText = SealedBox. Ciphertext let tag = SealedBox. Tag print(sealedBox.combined == nonce + ciphertext + tag) }Copy the code

    } Duplicate code

A digital signature

There are four different elliptic curve types built in for creating and verifying encrypted signatures: Curve25519, P521, P384 and P256. Different types have different security and speed, but Curve25519 is usually chosen.

  • Generate the public/private key

    / / private key let privateKey = Curve25519. Signing the privateKey () / / public key let publicKey = privateKey. PublicKey / / release the public key PublicKeyData = publicKey rawRepresentation duplicate code

  • The private key signature

    let str = “Hello CryptoKit” let data = .utf8)!

    let signature = try? Privatekey.signature (for: data) Copies the code

  • A public key to verify

    if let signature = signature { if publicKey.isValidSignature(NSData(data: signature) , for: Data) {print(” signature valid “)}} Copy code

Key agreement

Key negotiation is a process in which the communication parties can securely select an encryption key and use it to encrypt and decrypt data.

Let salt = "YungFan".data(using:.utf8)! / / the user A and user B will generate A pair of public and private keys let privateKeyA = P521. KeyAgreement. PrivateKey () let publicKeyA = privateKeyA. PublicKey let PrivateKeyB = P521. KeyAgreement. PrivateKey () let publicKeyB = privateKeyB. PublicKey / / the user with A private key and user B's public key to create A Shared key let sharedSecretA = try? privateKeyA.sharedSecretFromKeyAgreement(with: publicKeyB) let symmetricKeyA = sharedSecretA? .hkdfDerivedSymmetricKey(using: SHA256.self, salt: salt, sharedInfo: Data(), outputByteCount: 32) // User B uses the private key and user A's public key to generate A shared key. privateKeyB.sharedSecretFromKeyAgreement(with: publicKeyA) let symmetricKeyB = sharedSecretB? .hkdfDerivedSymmetricKey(using: SHA256.self, salt: salt, sharedInfo: Data(), outputByteCount: 32) if symmetricKeyA == symmetricKeyB {print("A and B have A shared key ")}Copy the code