CryptoSwift alternatives and similar libraries
Based on the "Security" category
-
RNCryptor
CCCryptor (AES encryption) wrappers for iOS and Mac in Swift. -- For ObjC, see RNCryptor/RNCryptor-objc. -
Valet
Securely store data in the iOS or OS X Keychain without knowing a thing about how the Keychain works. -
SwiftKeychainWrapper
A simple wrapper for the iOS Keychain to allow you to use it in a similar fashion to User Defaults. Written in Swift. -
Themis
High-level crypto library, providing basic asymmetric encryption, secure messaging with forward secrecy and secure data storage, supports iOS/OS X, Android and different server side platforms. -
LTHPasscodeViewController
An iOS passcode lockscreen replica (from Settings), with TouchID and simple (variable length) / complex support. -
SwCrypt
RSA public/private key generation, RSA, AES encryption/decryption, SEM encryption in Swift with CommonCrypto in iOS and OS X -
BiometricAuthentication
Use Apple FaceID or TouchID authentication in your app using BiometricAuthentication -
TOPasscodeViewController
A modal passcode input and validation view controller for iOS -
SecureEnclaveCrypto
Demonstration library for using the Secure Enclave on iOS. -
Virgil Security Objective-C/Swift Crypto Library
A high-level cryptographic library that allows to perform all necessary operations for securely storing and transferring data. -
Virgil Security Objective-C/Swift SDK
An SDK which allows developers to add full end-to-end security to their existing digital solutions to become HIPAA and GDPR compliant and more using Virgil API. -
KKPinCodeTextField
A customizable verification code textField for phone verification codes, passwords etc. -
iOS-App-Security-Class
Simple class to check if iOS app has been cracked, being debugged or enriched with custom dylib and as well detect jailbroken environment. -
SAPinViewController
Simple and easy to use default iOS PIN screen. This simple library allows you to draw a fully customisable PIN screen same as the iOS default PIN view. My inspiration to create this library was form THPinViewController, however SAPinViewController is completely implemented in Swift. Also the main purpose of creating this library was to have simple, easy to use and fully customisable PIN screen. -
RSASwiftGenerator
Util for generation RSA keys on your client and save to keychain or cover into Data. -
Virgil SWIFT PFS SDK
An SDK that allows developers to add the Perfect Forward Secrecy (PFS) technologies to their digital solutions to protect previously intercepted traffic from being decrypted even if the main Private Key is compromised. -
VoiceItAPI1IosSDK
A super easy way to add Voice Authentication(Biometrics) to your iOS apps, conveniently usable via cocoapods -
SwiftyKeychainKit
Keychain wrapper with the benefits of static typing and convenient syntax, support for primitive types, Codable, NSCoding.
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest. Visit our partner's website for more details.
Do you think we are missing an alternative of CryptoSwift or a related project?
README
CryptoSwift
Crypto related functions and helpers for Swift implemented in Swift. (#PureSwift)
Note: The master branch follows the latest currently released version of Swift. If you need an earlier version for an older version of Swift, you can specify its version in your Podfile or use the code on the branch for that version. Older branches are unsupported. Check versions for details.
Requirements | Features | Contribution | Installation | Swift versions | How-to | Author | License | Changelog
Sponsorship
If you (or your Company) use this work, please consider Sponsorship. This is the only option to keep the project alive, that is in your own best interrest.
CryptoSwift isn't backed by a big company and is developer in my spare time that I also use to as a freelancer.
Requirements
Good mood
Features
- Easy to use
- Convenient extensions for String and Data
- Support for incremental updates (stream, ...)
- iOS, Android, macOS, AppleTV, watchOS, Linux support
Hash (Digest)
MD5 | SHA1 | SHA224 | SHA256 | SHA384 | SHA512 | SHA3
Cyclic Redundancy Check (CRC)
Cipher
AES-128, AES-192, AES-256 | ChaCha20 | Rabbit | Blowfish
Message authenticators
Poly1305 | HMAC (MD5, SHA1, SHA256) | CMAC | CBC-MAC
Cipher mode of operation
- Electronic codebook (ECB)
- Cipher-block chaining (CBC)
- Propagating Cipher Block Chaining (PCBC)
- Cipher feedback (CFB)
- Output Feedback (OFB)
- Counter Mode (CTR)
- Galois/Counter Mode (GCM)
- Counter with Cipher Block Chaining-Message Authentication Code (CCM)
Password-Based Key Derivation Function
- PBKDF1 (Password-Based Key Derivation Function 1)
- PBKDF2 (Password-Based Key Derivation Function 2)
- HKDF (HMAC-based Extract-and-Expand Key Derivation Function)
- Scrypt (The scrypt Password-Based Key Derivation Function)
Data padding
PKCS#5 | PKCS#7 | Zero padding | ISO78164 | No padding
Authenticated Encryption with Associated Data (AEAD)
Why
How do I get involved?
You want to help, great! Go ahead and fork our repo, make your changes and send us a pull request.
Contribution
Check out [CONTRIBUTING.md](CONTRIBUTING.md) for more information on how to help with CryptoSwift.
- If you found a bug, open an issue.
- If you have a feature request, open an issue.
Installation
To install CryptoSwift, add it as a submodule to your project (on the top level project directory):
git submodule add https://github.com/krzyzanowskim/CryptoSwift.git
It is recommended to enable Whole-Module Optimization to gain better performance. Non-optimized build results in significantly worse performance.
Embedded Framework
Embedded frameworks require a minimum deployment target of iOS 8 or OS X Mavericks (10.9). Drag the CryptoSwift.xcodeproj file into your Xcode project, and add appropriate framework as a dependency to your target. Now select your App and choose the General tab for the app target. Find Embedded Binaries and press "+", then select CryptoSwift.framework (iOS, OS X, watchOS or tvOS)
Sometimes "embedded framework" option is not available. In that case, you have to add new build phase for the target
iOS, macOS, watchOS, tvOS
In the project, you'll find single scheme for all platforms:
- CryptoSwift
Swift versions support
- Swift 1.2: branch swift12 version <= 0.0.13
- Swift 2.1: branch swift21 version <= 0.2.3
- Swift 2.2, 2.3: branch swift2 version <= 0.5.2
- Swift 3.1, branch swift3 version <= 0.6.9
- Swift 3.2, branch swift32 version = 0.7.0
- Swift 4.0, branch swift4 version <= 0.12.0
- Swift 4.2, branch swift42 version <= 0.15.0
- Swift 5.0, branch swift5 version <= 1.2.0
- Swift 5.1 and newer, branch master
CocoaPods
You can use CocoaPods.
pod 'CryptoSwift', '~> 1.0'
Bear in mind that CocoaPods will build CryptoSwift without Whole-Module Optimization that may impact performance. You can change it manually after installation, or use cocoapods-wholemodule plugin.
Carthage
You can use Carthage. Specify in Cartfile:
github "krzyzanowskim/CryptoSwift"
Run carthage to build the framework and drag the built CryptoSwift.framework into your Xcode project. Follow build instructions. Common issues.
Swift Package Manager
You can use Swift Package Manager and specify dependency in Package.swift by adding this:
.package(url: "https://github.com/krzyzanowskim/CryptoSwift.git", .upToNextMinor(from: "1.0"))
Accio
You can use Accio. Specify in Package.swift:
.package(url: "https://github.com/krzyzanowskim/CryptoSwift.git", .upToNextMajor(from: "1.0")),
Then run accio update.
How-to
- Basics (data types, conversion, ...)
- Digest (MD5, SHA...)
- Message authenticators (HMAC, CMAC...)
- Password-Based Key Derivation Function (PBKDF2, ...)
- HMAC-based Key Derivation Function (HKDF)
- Data Padding
- ChaCha20
- Rabbit
- Blowfish
- AES - Advanced Encryption Standard
- AES-GCM
- Authenticated Encryption with Associated Data (AEAD)
also check Playground
Basics
import CryptoSwift
CryptoSwift uses array of bytes aka Array<UInt8> as a base type for all operations. Every data may be converted to a stream of bytes. You will find convenience functions that accept String or Data, and it will be internally converted to the array of bytes.
Data types conversion
For your convenience, CryptoSwift provides two functions to easily convert an array of bytes to Data or Data to an array of bytes:
Data from bytes:
let data = Data( [0x01, 0x02, 0x03])
Data to Array<UInt8>
let bytes = data.bytes // [1,2,3]
Hexadecimal encoding:
let bytes = Array<UInt8>(hex: "0x010203") // [1,2,3]
let hex = bytes.toHexString() // "010203"
Build bytes out of String
let bytes: Array<UInt8> = "cipherkey".bytes // Array("cipherkey".utf8)
Also... check out helpers that work with Base64 encoded data:
"aPf/i9th9iX+vf49eR7PYk2q7S5xmm3jkRLejgzHNJs=".decryptBase64ToString(cipher)
"aPf/i9th9iX+vf49eR7PYk2q7S5xmm3jkRLejgzHNJs=".decryptBase64(cipher)
bytes.toBase64()
Calculate Digest
Hashing a data or array of bytes (aka Array<UInt8>)
/* Hash struct usage */
let bytes:Array<UInt8> = [0x01, 0x02, 0x03]
let digest = input.md5()
let digest = Digest.md5(bytes)
let data = Data( [0x01, 0x02, 0x03])
let hash = data.md5()
let hash = data.sha1()
let hash = data.sha224()
let hash = data.sha256()
let hash = data.sha384()
let hash = data.sha512()
do {
var digest = MD5()
let partial1 = try digest.update(withBytes: [0x31, 0x32])
let partial2 = try digest.update(withBytes: [0x33])
let result = try digest.finish()
} catch { }
Hashing a String and printing result
let hash = "123".md5() // "123".bytes.md5()
Calculate CRC
bytes.crc16()
data.crc16()
bytes.crc32()
data.crc32()
Message authenticators
// Calculate Message Authentication Code (MAC) for message
let key:Array<UInt8> = [1,2,3,4,5,6,7,8,9,10,...]
try Poly1305(key: key).authenticate(bytes)
try HMAC(key: key, variant: .sha256).authenticate(bytes)
try CMAC(key: key).authenticate(bytes)
Password-Based Key Derivation Functions
let password: Array<UInt8> = Array("s33krit".utf8)
let salt: Array<UInt8> = Array("nacllcan".utf8)
let key = try PKCS5.PBKDF2(password: password, salt: salt, iterations: 4096, keyLength: 32, variant: .sha256).calculate()
let password: Array<UInt8> = Array("s33krit".utf8)
let salt: Array<UInt8> = Array("nacllcan".utf8)
// Scrypt implementation does not implement work parallelization, so `p` parameter will
// increase the work time even in multicore systems
let key = try Scrypt(password: password, salt: salt, dkLen: 64, N: 16384, r: 8, p: 1).calculate()
HMAC-based Key Derivation Function
let password: Array<UInt8> = Array("s33krit".utf8)
let salt: Array<UInt8> = Array("nacllcan".utf8)
let key = try HKDF(password: password, salt: salt, variant: .sha256).calculate()
Data Padding
Some content-encryption algorithms assume the input length is a multiple of k octets, where k is greater than one. For such algorithms, the input shall be padded.
Padding.pkcs7.add(to: bytes, blockSize: AES.blockSize)
Working with Ciphers
ChaCha20
let encrypted = try ChaCha20(key: key, iv: iv).encrypt(message)
let decrypted = try ChaCha20(key: key, iv: iv).decrypt(encrypted)
Rabbit
let encrypted = try Rabbit(key: key, iv: iv).encrypt(message)
let decrypted = try Rabbit(key: key, iv: iv).decrypt(encrypted)
Blowfish
let encrypted = try Blowfish(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).encrypt(message)
let decrypted = try Blowfish(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).decrypt(encrypted)
AES
Notice regarding padding: Manual padding of data is optional, and CryptoSwift is using PKCS7 padding by default. If you need to manually disable/enable padding, you can do this by setting parameter for AES class
Variant of AES encryption (AES-128, AES-192, AES-256) depends on given key length:
- AES-128 = 16 bytes
- AES-192 = 24 bytes
- AES-256 = 32 bytes
AES-256 example
try AES(key: [1,2,3,...,32], blockMode: CBC(iv: [1,2,3,...,16]), padding: .pkcs7)
All at once
do {
let aes = try AES(key: "keykeykeykeykeyk", iv: "drowssapdrowssap") // aes128
let ciphertext = try aes.encrypt(Array("Nullam quis risus eget urna mollis ornare vel eu leo.".utf8))
} catch { }
Incremental updates
Incremental operations use instance of Cryptor and encrypt/decrypt one part at a time, this way you can save on memory for large files.
do {
var encryptor = try AES(key: "keykeykeykeykeyk", iv: "drowssapdrowssap").makeEncryptor()
var ciphertext = Array<UInt8>()
// aggregate partial results
ciphertext += try encryptor.update(withBytes: Array("Nullam quis risus ".utf8))
ciphertext += try encryptor.update(withBytes: Array("eget urna mollis ".utf8))
ciphertext += try encryptor.update(withBytes: Array("ornare vel eu leo.".utf8))
// finish at the end
ciphertext += try encryptor.finish()
print(ciphertext.toHexString())
} catch {
print(error)
}
See Playground for sample code that work with stream.
AES Advanced usage
let input: Array<UInt8> = [0,1,2,3,4,5,6,7,8,9]
let key: Array<UInt8> = [0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00]
let iv: Array<UInt8> = // Random bytes of `AES.blockSize` length
do {
let encrypted = try AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).encrypt(input)
let decrypted = try AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).decrypt(encrypted)
} catch {
print(error)
}
AES without data padding
let input: Array<UInt8> = [0,1,2,3,4,5,6,7,8,9]
let encrypted: Array<UInt8> = try! AES(key: Array("secret0key000000".utf8), blockMode: CBC(iv: Array("0123456789012345".utf8)), padding: .noPadding).encrypt(input)
Using convenience extensions
let plain = Data( [0x01, 0x02, 0x03])
let encrypted = try! plain.encrypt(ChaCha20(key: key, iv: iv))
let decrypted = try! encrypted.decrypt(ChaCha20(key: key, iv: iv))
AES-GCM
The result of Galois/Counter Mode (GCM) encryption is ciphertext and authentication tag, that is later used to decryption.
encryption
do {
// In combined mode, the authentication tag is directly appended to the encrypted message. This is usually what you want.
let gcm = GCM(iv: iv, mode: .combined)
let aes = try AES(key: key, blockMode: gcm, padding: .noPadding)
let encrypted = try aes.encrypt(plaintext)
let tag = gcm.authenticationTag
catch {
// failed
}
decryption
do {
// In combined mode, the authentication tag is appended to the encrypted message. This is usually what you want.
let gcm = GCM(iv: iv, mode: .combined)
let aes = try AES(key: key, blockMode: gcm, padding: .noPadding)
return try aes.decrypt(encrypted)
} catch {
// failed
}
Note: GCM instance is not intended to be reused. So you can't use the same GCM instance from encoding to also perform decoding.
AES-CCM
The result of Counter with Cipher Block Chaining-Message Authentication Code encryption is ciphertext and authentication tag, that is later used to decryption.
do {
// The authentication tag is appended to the encrypted message.
let tagLength = 8
let ccm = CCM(iv: iv, tagLength: tagLength, messageLength: ciphertext.count - tagLength, additionalAuthenticatedData: data)
let aes = try AES(key: key, blockMode: ccm, padding: .noPadding)
return try aes.decrypt(encrypted)
} catch {
// failed
}
Check documentation or CCM specification for valid parameters for CCM.
AEAD
let encrypt = try AEADChaCha20Poly1305.encrypt(plaintext, key: key, iv: nonce, authenticationHeader: header)
let decrypt = try AEADChaCha20Poly1305.decrypt(ciphertext, key: key, iv: nonce, authenticationHeader: header, authenticationTag: tagArr: tag)
Author
CryptoSwift is owned and maintained by Marcin Krzyżanowski
You can follow me on Twitter at @krzyzanowskim for project updates and releases.
Cryptography Notice
This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.
License
Copyright (C) 2014-2017 Marcin Krzyżanowski marcin@krzyzanowskim.com This software is provided 'as-is', without any express or implied warranty.
In no event will the authors be held liable for any damages arising from the use of this software.
Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:
- The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation is required.
- Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.
- This notice may not be removed or altered from any source or binary distribution.
- Redistributions of any form whatsoever must retain the following acknowledgment: 'This product includes software developed by the "Marcin Krzyzanowski" (http://krzyzanowskim.com/).'
Changelog
See [CHANGELOG](./CHANGELOG) file.
*Note that all licence references and agreements mentioned in the CryptoSwift README section above
are relevant to that project's source code only.