Convert Figma logo to code with AI

krzyzanowskim logoCryptoSwift

CryptoSwift is a growing collection of standard and secure cryptographic algorithms implemented in Swift

10,145
1,652
10,145
6
View on GitHub

Top Related Projects

openssl's avatar

openssl

25,667

TLS/SSL and crypto library

tink-crypto's avatar

tink

13,491

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

jedisct1's avatar

libsodium

12,235

A modern, portable, easy to use crypto library.

RNCryptor's avatar

RNCryptor

3,350

CCCryptor (AES encryption) wrappers for iOS and Mac in Swift. -- For ObjC, see RNCryptor/RNCryptor-objc

bitwiseshiftleft's avatar

sjcl

7,188

Stanford Javascript Crypto Library

Mbed-TLS's avatar

mbedtls

5,199

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

Quick Overview

CryptoSwift is a growing collection of standard and secure cryptographic algorithms implemented in Swift. It provides a wide range of cryptographic functions, including hashing, message authentication codes, ciphers, and more, all written in pure Swift with no dependencies on external C libraries or frameworks.

Pros

  • Pure Swift implementation, ensuring compatibility and performance on all Swift platforms
  • Extensive collection of cryptographic algorithms, including AES, ChaCha20, SHA, HMAC, and more
  • Regular updates and maintenance, keeping up with Swift language evolution
  • Well-documented and easy to integrate into Swift projects

Cons

  • May have slower performance compared to optimized C implementations for some algorithms
  • Not officially audited, which might be a concern for highly sensitive applications
  • Some advanced cryptographic features might be missing compared to more established libraries
  • Potential for introducing security vulnerabilities if not used correctly

Code Examples

  1. AES Encryption and Decryption:
import CryptoSwift

let key = "secretkey123456".bytes
let iv = "initialvector123".bytes
let message = "Hello, CryptoSwift!"

// Encryption
let encrypted = try! message.encryptToBase64(cipher: AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7))

// Decryption
let decrypted = try! encrypted.decryptBase64ToString(cipher: AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7))

print(decrypted) // Outputs: Hello, CryptoSwift!
  1. SHA256 Hashing:
import CryptoSwift

let input = "Hello, CryptoSwift!"
let hashed = input.sha256()

print(hashed) // Outputs the SHA256 hash of the input string
  1. HMAC Generation:
import CryptoSwift

let key = "secretkey123456".bytes
let message = "Hello, CryptoSwift!"

let hmac = try! HMAC(key: key, variant: .sha256).authenticate(message.bytes)

print(hmac.toHexString()) // Outputs the HMAC as a hexadecimal string

Getting Started

  1. Add CryptoSwift to your project using Swift Package Manager:

  2. Import CryptoSwift in your Swift file:

import CryptoSwift
  1. Start using the cryptographic functions:
let encrypted = try! "Hello, World!".encrypt(cipher: AES(key: "secretkey123456", blockMode: ECB()))
print(encrypted.toHexString())

Competitor Comparisons

openssl logo

openssl

25,667

TLS/SSL and crypto library

Pros of OpenSSL

  • Comprehensive cryptographic library with a wide range of algorithms and protocols
  • Extensively tested and widely used in production environments
  • Supports multiple platforms and programming languages

Cons of OpenSSL

  • Complex API and steep learning curve
  • Large codebase with potential security vulnerabilities
  • Not specifically designed for Swift or iOS development

Code Comparison

OpenSSL (C):

#include <openssl/aes.h>

AES_KEY key;
AES_set_encrypt_key(user_key, 128, &key);
AES_encrypt(plaintext, ciphertext, &key);

CryptoSwift (Swift):

import CryptoSwift

let aes = try! AES(key: key, blockMode: .ECB, padding: .pkcs7)
let encrypted = try! aes.encrypt(plaintext)

Summary

OpenSSL is a comprehensive, widely-used cryptographic library supporting multiple platforms, while CryptoSwift is a Swift-specific implementation focused on iOS and macOS development. OpenSSL offers a broader range of algorithms but has a steeper learning curve, whereas CryptoSwift provides a more Swift-friendly API with easier integration for Apple platforms. The choice between the two depends on the specific project requirements, target platform, and developer expertise.

tink-crypto logo

tink

13,491

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Pros of Tink

  • Multi-language support: Tink offers implementations in C++, Java, Go, and Python, making it more versatile for cross-platform development
  • Backed by Google: Provides robust security audits and ongoing maintenance from a major tech company
  • Comprehensive cryptographic toolkit: Includes a wide range of cryptographic primitives and higher-level abstractions

Cons of Tink

  • Steeper learning curve: More complex API and setup compared to CryptoSwift's straightforward approach
  • Larger footprint: Tink's comprehensive nature may lead to increased binary size and resource usage

Code Comparison

CryptoSwift (Swift):

let encrypted = try AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).encrypt(plaintext)

Tink (Go):

aead, err := aead.New(keysetHandle)
ciphertext, err := aead.Encrypt(plaintext, associatedData)

Both libraries provide encryption functionality, but Tink's API is more abstracted and focuses on higher-level operations, while CryptoSwift offers more direct control over cryptographic primitives.

CryptoSwift is specifically designed for Swift, making it a natural choice for iOS and macOS developers. It's lightweight and easy to integrate into Swift projects. Tink, on the other hand, offers a more comprehensive and cross-platform solution, suitable for larger projects or those requiring support for multiple programming languages.

jedisct1 logo

libsodium

12,235

A modern, portable, easy to use crypto library.

Pros of libsodium

  • Cross-platform support with bindings for multiple languages
  • Extensive auditing and security-focused design
  • Broader range of cryptographic primitives and operations

Cons of libsodium

  • Requires external dependencies and compilation
  • Steeper learning curve for beginners
  • Less Swift-specific optimizations

Code Comparison

CryptoSwift:

let key = "secret0key000000".bytes
let iv = "0123456789012345".bytes
let aes = try! AES(key: key, blockMode: CBC(iv: iv))
let encrypted = try! aes.encrypt("Hello, World!".bytes)

libsodium (using Swift bindings):

let message = "Hello, World!".bytes
let key = Bytes(repeating: 0, count: SecretBox.KeyBytes)
let nonce = Bytes(repeating: 0, count: SecretBox.NonceBytes)
let encrypted = try! SecretBox.seal(message: message, secretKey: key, nonce: nonce)

Both libraries offer encryption capabilities, but CryptoSwift provides a more Swift-idiomatic API, while libsodium offers a lower-level interface with potentially better performance and security guarantees. CryptoSwift is easier to integrate into Swift projects, whereas libsodium requires additional setup but provides a more comprehensive cryptographic toolkit.

RNCryptor logo

RNCryptor

3,350

CCCryptor (AES encryption) wrappers for iOS and Mac in Swift. -- For ObjC, see RNCryptor/RNCryptor-objc

Pros of RNCryptor

  • Focused specifically on data encryption and decryption
  • Provides a simple, high-level API for easy integration
  • Cross-platform compatibility (iOS, Android, and other platforms)

Cons of RNCryptor

  • Limited to AES encryption only
  • Less actively maintained compared to CryptoSwift
  • Fewer cryptographic primitives and algorithms available

Code Comparison

RNCryptor:

let data = "Hello, World!".data(using: .utf8)!
let password = "secret"
let encryptedData = RNCryptor.encrypt(data: data, withPassword: password)
let decryptedData = try RNCryptor.decrypt(data: encryptedData, withPassword: password)

CryptoSwift:

let data = "Hello, World!".data(using: .utf8)!
let key = "secret".bytes
let encrypted = try AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).encrypt(data.bytes)
let decrypted = try AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).decrypt(encrypted)

CryptoSwift offers a more comprehensive set of cryptographic functions and algorithms, making it suitable for a wider range of applications. It provides low-level access to various cryptographic primitives, allowing for more flexibility in implementation. However, this comes at the cost of a steeper learning curve and potentially more complex code.

RNCryptor, on the other hand, focuses solely on data encryption and decryption using AES. It offers a simpler API, making it easier to integrate for basic encryption needs. Its cross-platform compatibility is advantageous for projects targeting multiple platforms.

bitwiseshiftleft logo

sjcl

7,188

Stanford Javascript Crypto Library

Pros of sjcl

  • Written in JavaScript, making it suitable for both browser and Node.js environments
  • Extensive documentation and examples available in the repository
  • Supports a wider range of cryptographic primitives and operations

Cons of sjcl

  • Less actively maintained compared to CryptoSwift (last commit over 2 years ago)
  • Potentially slower performance due to JavaScript implementation
  • May require additional setup for use in modern JavaScript frameworks

Code Comparison

sjcl:

var encrypted = sjcl.encrypt("password", "data to be encrypted");
var decrypted = sjcl.decrypt("password", encrypted);

CryptoSwift:

let encrypted = try AES(key: "password", blockMode: .ECB).encrypt("data to be encrypted".bytes)
let decrypted = try AES(key: "password", blockMode: .ECB).decrypt(encrypted)

Both libraries provide simple encryption and decryption methods, but CryptoSwift offers more granular control over the encryption process in Swift. sjcl's API is more straightforward for basic use cases in JavaScript environments.

While sjcl is versatile for web-based applications, CryptoSwift is tailored for Swift developers and iOS/macOS platforms. The choice between the two depends on the target environment and specific cryptographic needs of the project.

Mbed-TLS logo

mbedtls

5,199

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.

Pros of mbedtls

  • More comprehensive cryptographic library with a wider range of algorithms and protocols
  • Better suited for embedded systems and IoT devices due to its lightweight design
  • Supports multiple platforms and operating systems, including bare-metal environments

Cons of mbedtls

  • Written in C, which may be less appealing for Swift developers
  • Steeper learning curve compared to CryptoSwift's Swift-native API
  • May require additional setup and configuration for integration in Swift projects

Code Comparison

mbedtls (C):

#include "mbedtls/aes.h"

mbedtls_aes_context aes;
mbedtls_aes_init(&aes);
mbedtls_aes_setkey_enc(&aes, key, 256);
mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_ENCRYPT, input, output);

CryptoSwift (Swift):

import CryptoSwift

let aes = try! AES(key: key, blockMode: .ECB, padding: .noPadding)
let encrypted = try! aes.encrypt(input)

While mbedtls offers more flexibility and broader platform support, CryptoSwift provides a more Swift-friendly API with easier integration for iOS and macOS projects. The choice between the two depends on the specific requirements of your project, such as target platforms, performance needs, and development ecosystem preferences.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Platform

Swift support Swift Package Manager compatible CocoaPods Compatible Carthage compatible

CryptoSwift

Crypto related functions and helpers for Swift implemented in Swift. (#PureSwift)

Note: The main branch follows the latest currently released version of Swift. If you need an earlier version for an older version of Swift, specify its version in your Podfile or use the code on the branch for that version. Older branches are unsupported. Check versions for details.

Requirements | Features | Contribution | Installation | Swift versions | How-to | Author | License | Changelog

Support & Sponsors

The financial sustainability of the project is possible thanks to the ongoing contributions from our GitHub Sponsors

Premium Sponsors

Emerge Tools is a suite of revolutionary products designed to supercharge mobile apps and the teams that build them.

www.emergetools.com/

Requirements

Good mood

Features

  • Easy to use
  • Convenient extensions for String and Data
  • Support for incremental updates (stream, ...)
  • iOS, Android, macOS, AppleTV, watchOS, Linux support

Hash (Digest)

MD5 | SHA1 | SHA2-224 | SHA2-256 | SHA2-384 | SHA2-512 | SHA3

Cyclic Redundancy Check (CRC)

CRC32 | CRC32C | CRC16

Cipher

AES-128, AES-192, AES-256 | ChaCha20 | XChaCha20 | Rabbit | Blowfish

RSA (public-key encryption algorithm)

Encryption, Signature

Message authenticators

Poly1305 | HMAC (MD5, SHA1, SHA256) | CMAC | CBC-MAC

Cipher mode of operation

  • Electronic codebook (ECB)
  • Cipher-block chaining (CBC)
  • Propagating Cipher Block Chaining (PCBC)
  • Cipher feedback (CFB)
  • Output Feedback (OFB)
  • Counter Mode (CTR)
  • Galois/Counter Mode (GCM)
  • Counter with Cipher Block Chaining-Message Authentication Code (CCM)
  • OCB Authenticated-Encryption Algorithm (OCB)

Password-Based Key Derivation Function

  • PBKDF1 (Password-Based Key Derivation Function 1)
  • PBKDF2 (Password-Based Key Derivation Function 2)
  • HKDF (HMAC-based Extract-and-Expand Key Derivation Function)
  • Scrypt (The scrypt Password-Based Key Derivation Function)

Data padding

Authenticated Encryption with Associated Data (AEAD)

Why

Why? Because I can.

How do I get involved?

You want to help, great! Go ahead and fork our repo, make your changes and send us a pull request.

Contribution

Check out CONTRIBUTING.md for more information on how to help with CryptoSwift.

Installation

Hardened Runtime (macOS) and Xcode

Binary CryptoSwift.xcframework (Used by Swift Package Manager package integration) won't load properly in your app if the app uses Sign to Run Locally Signing Certificate with Hardened Runtime enabled. It is possible to setup Xcode like this. To solve the problem you have two options:

  • Use proper Signing Certificate, eg. Development <- this is the proper action
  • Use Disable Library Validation aka com.apple.security.cs.disable-library-validation entitlement

Xcode Project

To install CryptoSwift, add it as a submodule to your project (on the top level project directory):

git submodule add https://github.com/krzyzanowskim/CryptoSwift.git

It is recommended to enable Whole-Module Optimization to gain better performance. Non-optimized build results in significantly worse performance.

Swift Package Manager

You can use Swift Package Manager and specify dependency in Package.swift by adding this:

.package(url: "https://github.com/krzyzanowskim/CryptoSwift.git", from: "1.8.3")

See: Package.swift - manual

Notice: Swift Package Manager uses debug configuration for debug Xcode build, that may result in significant (up to x10000) worse performance. Performance characteristic is different in Release build. To overcome this problem, consider embed CryptoSwift.xcframework described below.

CocoaPods

You can use CocoaPods.

pod 'CryptoSwift', '~> 1.8.3'

Bear in mind that CocoaPods will build CryptoSwift without Whole-Module Optimization that may impact performance. You can change it manually after installation, or use cocoapods-wholemodule plugin.

Carthage

You can use Carthage. Specify in Cartfile:

github "krzyzanowskim/CryptoSwift"

Run carthage to build the framework and drag the built CryptoSwift.framework into your Xcode project. Follow build instructions. Common issues.

XCFramework

XCFrameworks require Xcode 11 or later and they can be integrated similarly to how we’re used to integrating the .framework format. Please use script scripts/build-framework.sh to generate binary CryptoSwift.xcframework archive that you can use as a dependency in Xcode.

CryptoSwift.xcframework is a Release (Optimized) binary that offer best available Swift code performance.

Screen Shot 2020-10-27 at 00 06 32

Embedded Framework

Embedded frameworks require a minimum deployment target of iOS 11.0 or macOS Sierra (10.13). Drag the CryptoSwift.xcodeproj file into your Xcode project, and add appropriate framework as a dependency to your target. Now select your App and choose the General tab for the app target. Find Embedded Binaries and press "+", then select CryptoSwift.framework (iOS, macOS, watchOS or tvOS)

Sometimes "embedded framework" option is not available. In that case, you have to add new build phase for the target.

iOS, macOS, watchOS, tvOS

In the project, you'll find single scheme for all platforms:

  • CryptoSwift

Swift versions support

  • Swift 1.2: branch swift12 version <= 0.0.13
  • Swift 2.1: branch swift21 version <= 0.2.3
  • Swift 2.2, 2.3: branch swift2 version <= 0.5.2
  • Swift 3.1, branch swift3 version <= 0.6.9
  • Swift 3.2, branch swift32 version = 0.7.0
  • Swift 4.0, branch swift4 version <= 0.12.0
  • Swift 4.2, branch swift42 version <= 0.15.0
  • Swift 5.0, branch swift5 version <= 1.2.0
  • Swift 5.1, branch swift5 version <= 1.3.3
  • Swift 5.3 and newer, branch main

How-to

Basics
import CryptoSwift

CryptoSwift uses array of bytes aka Array<UInt8> as a base type for all operations. Every data may be converted to a stream of bytes. You will find convenience functions that accept String or Data, and it will be internally converted to the array of bytes.

Data types conversion

For your convenience, CryptoSwift provides two functions to easily convert an array of bytes to Data or Data to an array of bytes:

Data from bytes:

let data = Data([0x01, 0x02, 0x03])

Data to Array<UInt8>

let bytes = data.bytes                     // [1,2,3]

Hexadecimal encoding:

let bytes = Array<UInt8>(hex: "0x010203")  // [1,2,3]
let hex   = bytes.toHexString()            // "010203"

Build bytes out of String

let bytes: Array<UInt8> = "cipherkey".bytes  // Array("cipherkey".utf8)

Also... check out helpers that work with Base64 encoded data:

"aPf/i9th9iX+vf49eR7PYk2q7S5xmm3jkRLejgzHNJs=".decryptBase64ToString(cipher)
"aPf/i9th9iX+vf49eR7PYk2q7S5xmm3jkRLejgzHNJs=".decryptBase64(cipher)
bytes.toBase64()
Calculate Digest

Hashing a data or array of bytes (aka Array<UInt8>)

/* Hash struct usage */
let bytes: Array<UInt8> = [0x01, 0x02, 0x03]
let digest = input.md5()
let digest = Digest.md5(bytes)

let data = Data([0x01, 0x02, 0x03])

let hash = data.md5()
let hash = data.sha1()
let hash = data.sha224()
let hash = data.sha256()
let hash = data.sha384()
let hash = data.sha512()

do {
    var digest = MD5()
    let partial1 = try digest.update(withBytes: [0x31, 0x32])
    let partial2 = try digest.update(withBytes: [0x33])
    let result = try digest.finish()
} catch { }

Hashing a String and printing result

let hash = "123".md5() // "123".bytes.md5()
Calculate CRC
bytes.crc16()
data.crc16()

bytes.crc32()
data.crc32()
Message authenticators
// Calculate Message Authentication Code (MAC) for message
let key: Array<UInt8> = [1,2,3,4,5,6,7,8,9,10,...]

try Poly1305(key: key).authenticate(bytes)
try HMAC(key: key, variant: .sha256).authenticate(bytes)
try CMAC(key: key).authenticate(bytes)
Password-Based Key Derivation Functions
let password: Array<UInt8> = Array("s33krit".utf8)
let salt: Array<UInt8> = Array("nacllcan".utf8)

let key = try PKCS5.PBKDF2(password: password, salt: salt, iterations: 4096, keyLength: 32, variant: .sha256).calculate()

let password: Array<UInt8> = Array("s33krit".utf8)
let salt: Array<UInt8> = Array("nacllcan".utf8)
// Scrypt implementation does not implement work parallelization, so `p` parameter will
// increase the work time even in multicore systems
let key = try Scrypt(password: password, salt: salt, dkLen: 64, N: 16384, r: 8, p: 1).calculate()
HMAC-based Key Derivation Function
let password: Array<UInt8> = Array("s33krit".utf8)
let salt: Array<UInt8> = Array("nacllcan".utf8)

let key = try HKDF(password: password, salt: salt, variant: .sha256).calculate()
Data Padding

Some content-encryption algorithms assume the input length is a multiple of k octets, where k is greater than one. For such algorithms, the input shall be padded.

Padding.pkcs7.add(to: bytes, blockSize: AES.blockSize)

Working with Ciphers

ChaCha20
let encrypted = try ChaCha20(key: key, iv: iv).encrypt(message)
let decrypted = try ChaCha20(key: key, iv: iv).decrypt(encrypted)
Rabbit
let encrypted = try Rabbit(key: key, iv: iv).encrypt(message)
let decrypted = try Rabbit(key: key, iv: iv).decrypt(encrypted)
Blowfish
let encrypted = try Blowfish(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).encrypt(message)
let decrypted = try Blowfish(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).decrypt(encrypted)
AES

Notice regarding padding: Manual padding of data is optional, and CryptoSwift is using PKCS7 padding by default. If you need to manually disable/enable padding, you can do this by setting parameter for AES class

Variant of AES encryption (AES-128, AES-192, AES-256) depends on given key length:

  • AES-128 = 16 bytes
  • AES-192 = 24 bytes
  • AES-256 = 32 bytes

AES-256 example

let encryptedBytes = try AES(key: [1,2,3,...,32], blockMode: CBC(iv: [1,2,3,...,16]), padding: .pkcs7)

Full example:

let password: [UInt8] = Array("s33krit".utf8)
let salt: [UInt8] = Array("nacllcan".utf8)

/* Generate a key from a `password`. Optional if you already have a key */
let key = try PKCS5.PBKDF2(
    password: password,
    salt: salt,
    iterations: 4096,
    keyLength: 32, /* AES-256 */
    variant: .sha256
).calculate()

/* Generate random IV value. IV is public value. Either need to generate, or get it from elsewhere */
let iv = AES.randomIV(AES.blockSize)

/* AES cryptor instance */
let aes = try AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7)

/* Encrypt Data */
let inputData = Data()
let encryptedBytes = try aes.encrypt(inputData.bytes)
let encryptedData = Data(encryptedBytes)

/* Decrypt Data */
let decryptedBytes = try aes.decrypt(encryptedData.bytes)
let decryptedData = Data(decryptedBytes)
All at once
do {
    let aes = try AES(key: "keykeykeykeykeyk", iv: "drowssapdrowssap") // aes128
    let ciphertext = try aes.encrypt(Array("Nullam quis risus eget urna mollis ornare vel eu leo.".utf8))
} catch { }
Incremental updates

Incremental operations use instance of Cryptor and encrypt/decrypt one part at a time, this way you can save on memory for large files.

do {
    var encryptor = try AES(key: "keykeykeykeykeyk", iv: "drowssapdrowssap").makeEncryptor()

    var ciphertext = Array<UInt8>()
    // aggregate partial results
    ciphertext += try encryptor.update(withBytes: Array("Nullam quis risus ".utf8))
    ciphertext += try encryptor.update(withBytes: Array("eget urna mollis ".utf8))
    ciphertext += try encryptor.update(withBytes: Array("ornare vel eu leo.".utf8))
    // finish at the end
    ciphertext += try encryptor.finish()

    print(ciphertext.toHexString())
} catch {
    print(error)
}
AES Advanced usage
let input: Array<UInt8> = [0,1,2,3,4,5,6,7,8,9]

let key: Array<UInt8> = [0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00]
let iv: Array<UInt8> = // Random bytes of `AES.blockSize` length

do {
    let encrypted = try AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).encrypt(input)
    let decrypted = try AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).decrypt(encrypted)
} catch {
    print(error)
}

AES without data padding

let input: Array<UInt8> = [0,1,2,3,4,5,6,7,8,9]
let encrypted: Array<UInt8> = try! AES(key: Array("secret0key000000".utf8), blockMode: CBC(iv: Array("0123456789012345".utf8)), padding: .noPadding).encrypt(input)

Using convenience extensions

let plain = Data([0x01, 0x02, 0x03])
let encrypted = try! plain.encrypt(ChaCha20(key: key, iv: iv))
let decrypted = try! encrypted.decrypt(ChaCha20(key: key, iv: iv))
AES-GCM

The result of Galois/Counter Mode (GCM) encryption is ciphertext and authentication tag, that is later used to decryption.

encryption

do {
    // In combined mode, the authentication tag is directly appended to the encrypted message. This is usually what you want.
    let gcm = GCM(iv: iv, mode: .combined)
    let aes = try AES(key: key, blockMode: gcm, padding: .noPadding)
    let encrypted = try aes.encrypt(plaintext)
    let tag = gcm.authenticationTag
} catch {
    // failed
}

decryption

do {
    // In combined mode, the authentication tag is appended to the encrypted message. This is usually what you want.
    let gcm = GCM(iv: iv, mode: .combined)
    let aes = try AES(key: key, blockMode: gcm, padding: .noPadding)
    return try aes.decrypt(encrypted)
} catch {
    // failed
}

Note: GCM instance is not intended to be reused. So you can't use the same GCM instance from encoding to also perform decoding.

AES-CCM

The result of Counter with Cipher Block Chaining-Message Authentication Code encryption is ciphertext and authentication tag, that is later used to decryption.

do {
    // The authentication tag is appended to the encrypted message.
	let tagLength = 8
	let ccm = CCM(iv: iv, tagLength: tagLength, messageLength: ciphertext.count - tagLength, additionalAuthenticatedData: data)
    let aes = try AES(key: key, blockMode: ccm, padding: .noPadding)
    return try aes.decrypt(encrypted)
} catch {
    // failed
}

Check documentation or CCM specification for valid parameters for CCM.

AEAD
let encrypt = try AEADChaCha20Poly1305.encrypt(plaintext, key: key, iv: nonce, authenticationHeader: header)
let decrypt = try AEADChaCha20Poly1305.decrypt(ciphertext, key: key, iv: nonce, authenticationHeader: header, authenticationTag: tagArr: tag)
RSA

RSA initialization from parameters

let input: Array<UInt8> = [0,1,2,3,4,5,6,7,8,9]

let n: Array<UInt8> = // RSA modulus
let e: Array<UInt8> = // RSA public exponent
let d: Array<UInt8> = // RSA private exponent

let rsa = RSA(n: n, e: e, d: d)

do {
    let encrypted = try rsa.encrypt(input)
    let decrypted = try rsa.decrypt(encrypted)
} catch {
    print(error)
}

RSA key generation

let rsa = try RSA(keySize: 2048) // This generates a modulus, public exponent and private exponent with the given size

RSA Encryption & Decryption Example

// Alice Generates a Private Key
let alicesPrivateKey = try RSA(keySize: 1024)
    
// Alice shares her **public** key with Bob
let alicesPublicKeyData = try alicesPrivateKey.publicKeyExternalRepresentation()
    
// Bob receives the raw external representation of Alices public key and imports it
let bobsImportOfAlicesPublicKey = try RSA(rawRepresentation: alicesPublicKeyData)
    
// Bob can now encrypt a message for Alice using her public key
let message = "Hi Alice! This is Bob!"
let privateMessage = try bobsImportOfAlicesPublicKey.encrypt(message.bytes)
    
// This results in some encrypted output like this
// URcRwG6LfH63zOQf2w+HIllPri9Rb6hFlXbi/bh03zPl2MIIiSTjbAPqbVFmoF3RmDzFjIarIS7ZpT57a1F+OFOJjx50WYlng7dioKFS/rsuGHYnMn4csjCRF6TAqvRQcRnBueeINRRA8SLaLHX6sZuQkjIE5AoHJwgavmiv8PY=
      
// Bob can now send this encrypted message to Alice without worrying about people being able to read the original contents
    
// Alice receives the encrypted message and uses her private key to decrypt the data and recover the original message
let originalDecryptedMessage = try alicesPrivateKey.decrypt(privateMessage)
    
print(String(data: Data(originalDecryptedMessage), encoding: .utf8))
// "Hi Alice! This is Bob!"

RSA Signature & Verification Example

// Alice Generates a Private Key
let alicesPrivateKey = try RSA(keySize: 1024)
    
// Alice wants to sign a message that she agrees with
let messageAliceSupports = "Hi my name is Alice!"
let alicesSignature = try alicesPrivateKey.sign(messageAliceSupports.bytes)
    
// Alice shares her Public key and the signature with Bob
let alicesPublicKeyData = try alicesPrivateKey.publicKeyExternalRepresentation()
    
// Bob receives the raw external representation of Alices Public key and imports it!
let bobsImportOfAlicesPublicKey = try RSA(rawRepresentation: alicesPublicKeyData)
        
// Bob can now verify that Alice signed the message using the Private key associated with her shared Public key.
let verifiedSignature = try bobsImportOfAlicesPublicKey.verify(signature: alicesSignature, for: "Hi my name is Alice!".bytes)
    
if verifiedSignature == true {
  // Bob knows that the signature Alice provided is valid for the message and was signed using the Private key associated with Alices shared Public key.
} else {
  // The signature was invalid, so either
  // - the message Alice signed was different then what we expected.
  // - or Alice used a Private key that isn't associated with the shared Public key that Bob has.
}

CryptoSwift RSA Key -> Apple's Security Framework SecKey Example

/// Starting with a CryptoSwift RSA Key
let rsaKey = try RSA(keySize: 1024)

/// Define your Keys attributes
let attributes: [String:Any] = [
  kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
  kSecAttrKeyClass as String: kSecAttrKeyClassPrivate, // or kSecAttrKeyClassPublic
  kSecAttrKeySizeInBits as String: 1024, // The appropriate bits
  kSecAttrIsPermanent as String: false
]
var error:Unmanaged<CFError>? = nil
guard let rsaSecKey = try SecKeyCreateWithData(rsaKey.externalRepresentation() as CFData, attributes as CFDictionary, &error) else {
  /// Error constructing SecKey from raw key data
  return
}

/// You now have an RSA SecKey for use with Apple's Security framework

Apple's Security Framework SecKey -> CryptoSwift RSA Key Example

/// Starting with a SecKey RSA Key
let rsaSecKey:SecKey

/// Copy External Representation
var externalRepError:Unmanaged<CFError>?
guard let cfdata = SecKeyCopyExternalRepresentation(rsaSecKey, &externalRepError) else {
  /// Failed to copy external representation for RSA SecKey
  return
}

/// Instantiate the RSA Key from the raw external representation
let rsaKey = try RSA(rawRepresentation: cfdata as Data)

/// You now have a CryptoSwift RSA Key

Author

CryptoSwift is owned and maintained by Marcin Krzyżanowski

You can follow me on Twitter at @krzyzanowskim for project updates and releases.

Cryptography Notice

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See https://www.wassenaar.org/ for more information.

License

Copyright (C) 2014-2022 Marcin Krzyżanowski marcin@krzyzanowskim.com This software is provided 'as-is', without any express or implied warranty.

In no event will the authors be held liable for any damages arising from the use of this software.

Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:

  • The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation is required.
  • Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.
  • This notice may not be removed or altered from any source or binary distribution.
  • Redistributions of any form whatsoever must retain the following acknowledgment: 'This product includes software developed by the "Marcin Krzyzanowski" (https://krzyzanowskim.com/).'

Changelog

See CHANGELOG file.