Apple announced yesterday that the company has opened up its cryptographic libraries so that third-party developers can build more „advanced security features“ into their apps (via VentureBeat). The cryptographic libraries being opened to developers are the same ones Apple uses to protect iOS and OS X, as Apple notes on its updated site.
Developers will have access to two of the company’s advanced security features, including Security Framework and Common Crypto. Security Framework gives developers tools for organizing certificates, public and private keys, and trust policies, ensuring that all sensitive information is stored privately in a „secure repository for sensitive user data.“ Common Crypto library provides additional support for symmetric encryption, hash-based message authentication codes, and digests.
Both Security Framework and Common Crypto rely on the corecrypto library to provide implementations of low level cryptographic primitives. This is also the library submitted for validation of compliance with U.S. Federal Information Processing Standards (FIPS) 140-2 Level 1. Although corecrypto does not directly provide programming interfaces for developers and should not be used by iOS or OS X apps, the source code is available to allow for verification of its security characteristics and correct functioning.