What’s new in CryptoKit – Discover
People expect applications to be secure and their data to be protected. You may need to perform cryptographic operations to implement features such as authentication, message encryption, or to comply with regulatory requirements. CryptoKit is a Swift framework that makes it easier and more secure to perform common cryptographic operations, whether you just need to calculate a hash or are implementing a more advanced authentication protocol. This year, CryptoKit adds new APIs for HMAC-based key extraction and extension (HKDF) features, support for PEM and DER formats, and with Swift Crypto, your code can now run anywhere ‘Run Swift.
Key derivation features allow you to obtain one or more secrets of the size you choose from a master key or password. As of iOS 14, you can now use standalone APIs for HKDF. Integrate the easy-to-use variant for quick tasks, such as deriving multiple keys from a master secret, or two-step extraction and extension of the API with detailed control over the key derivation process. In previous versions of iOS, HKDF was only supported when deriving a symmetric key from an elliptic curve key agreement protocol.
PEM and DER formats for encoding elliptic curve keys
PEM and DER formats are now directly supported by CryptoKit. You can now pass a PEM string or DER-encrypted data directly to initialize CryptoKit’s public and private keys, without using another library to perform the conversion.
With Swift Crypto you can create cross-platform solutions using the CryptoKit APIs on all platforms supported by Swift, including Linux and servers. Portability is important when you need to run the same code on your client and server, such as supporting two-factor authentication using a one-time password.
Introducing Swift Crypto
See dotSwift 2020’s “Cryptography in Swift”