Introducing CryptoKit
Cryptography is key to protecting your users’ data. This tutorial shows you how to use Apple’s new CryptoKit API to authenticate or encrypt your app’s data. By Audrey Tam.
Sign up/Sign in
With a free Kodeco account you can download source code, track your progress, bookmark, personalise your learner profile and more!
Create accountAlready a member of Kodeco? Sign in
Sign up/Sign in
With a free Kodeco account you can download source code, track your progress, bookmark, personalise your learner profile and more!
Create accountAlready a member of Kodeco? Sign in
Sign up/Sign in
With a free Kodeco account you can download source code, track your progress, bookmark, personalise your learner profile and more!
Create accountAlready a member of Kodeco? Sign in
Contents
Introducing CryptoKit
40 mins
- Getting Started
- Protecting Users’ Data
- Increasing Protection for Voldemort’s Secrets
- Keychain and Secure Enclave
- Using CryptoKit
- Rolling Your Own Crypto: Don’t
- Performance: Don’t Worry
- Cryptographic Hashing
- Signing the Digest
- Encrypting and Authenticating Data
- Public-Key Cryptography
- Creating Private and Public Keys
- ECC: How Does It Work?
- Digital Signatures
- Creating a Symmetric Key for Encryption
- P256 Key in Secure Enclave
- Complying With Encryption Export Regulations
- Where To Go From Here?
Complying With Encryption Export Regulations
One last thing. Encryption is a sensitive political issue in many countries. This map shows which countries have licensing or registration requirements, import/export controls, obligations on providers to assist authorities and other restrictions.
The U.S. is one of the countries with export controls. It’s legal stuff, so I’ll quote directly from Apple’s article Complying with Encryption Export Regulations:
When you submit your app to TestFlight or the App Store, you upload your app to a server in the United States. If you distribute your app outside the U.S. or Canada, your app is subject to U.S. export laws, regardless of where your legal entity is based. If your app uses, accesses, contains, implements, or incorporates encryption, this is considered an export of encryption software, which means your app is subject to U.S. export compliance requirements, as well as the import compliance requirements of the countries where you distribute your app.
And from Apple’s App Store Connect Help Export compliance overview:
Use of encryption includes, but is not limited to:
- Making calls over secure channels (i.e. HTTPS, SSL, and so on).
- Using standard encryption algorithms.
- Using crypto functionality from other sources such as iOS or macOS.
- Using proprietary or non-standard encryption algorithms. The U.S. Government defines “non-standard cryptography” as any implementation of “cryptography” involving the incorporation or use of proprietary or unpublished cryptographic functionality, including encryption algorithms or protocols that have not been adopted or approved by a duly recognized international standards body ( e.g., IEEE, IETF, ISO, ITU, ETSI, 3GPP, TIA, and GSMA) and have not otherwise been published.
App Store Connect provides a set of questions to help you determine if export compliance documentation is required from you, and which forms are needed.
Where To Go From Here?
Congratulations! You’ve taken a quick tour of all the things CryptoKit can do and learned a little of how cryptography works. And aren’t you glad CryptoKit makes everything so easy?
You can download the completed version of the project using the Download Materials button at the top or bottom of this tutorial.
As always, you can find out more at the source:
- WWDC 2019 Session 709: Cryptography and Your Apps.
- Apple CryptoKit documentation.
In addition to the (mostly Wikipedia) links throughout this tutorial, here’s the explanation of elliptic curve cryptography that really helped me see what was going on:
- A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography really is pretty easy to understand, and has some really helpful animated GIFs. But be sure to scan the comments for some missing info. Cloudflare has many other great articles about cryptography topics.