WWDC Notes

Cryptography and Your Apps

Show Apple's description.
System frameworks encrypt both data at rest and data in transit in a transparent way for you. This functionality is available by simply setting an attribute. However you may want to do more to protect your users’ data. CryptoKit is a new Swift framework that makes it easier and safer than ever to perform cryptographic operations, whether you simply need to compute a hash or are implementing a more advanced authentication protocol.

Common Cases Covered by the System

  • Protect data on device
  • Protect credentials and keys
  • Share data across devices and users Secure network connections
  • Verify remote parties

iOS Security White Paper

Best practices

Make files available only when device is unlocked:

// Write file, available only when device is unlocked 
do { 
  try data.write(to: fileURL, options: .completeFileProtection) 
} 
catch { 
  // Handle errors 
} 

Store credentials and keys in the Keychain (SecItem).

Use LocalAuthentication: LocalAuthentication allows you to put restrictions as to when an operation can be executed. For example, you could define that it is required for the user to authenticate with biometrics with Face ID.

Use a Private CloudKit Database to share data across devices and users:

  • No need for application user sign in
  • Apple as a trusted party
  • iCloud identities and access control

Use Network framework with default TLS URLSession with App Transport Security.

Verify Remote Parties with SecTrust (SecTrustEvaluateAsyncWithError).

...in short: use system Frameworks.

Apple CryptoKit

Use this framework to perform cryptographic operations securely and efficiently.

Secure Enclave

The Secure Enclave is s hardware-based key manager that's isolated from the main processor to provide an extra layer of security.

It is used as part of critical system features, such as Touch ID or Face ID.

In short, this is the T2 we have in the latest MacBooks.

We can use the Secure Enclave for extra safety, this requires extra steps in when de/encrypting things.

Missing anything? Corrections? Contributions are welcome 😃

Written by

zntfdr

Federico Zanetello

Federico Zanetello is an iOS Engineer with strong passion for Swift, minimalism, and design. When he’s not busy automating things, he can be found writing at fivestars.blog and/or playing with the latest shiny toys.