Framework

Security

Secure the data your app manages, and control access to your app.

Overview

Use the Security framework to protect information, establish trust, and control access to software. Broadly, security services support these goals:

Establish a user’s identity (authentication) and then selectively grant access to resources (authorization).
Secure data, both on disk and in motion across a network connection.
Ensure the validity of code to be executed for a particular purpose.

As shown in Figure 1, you can also use lower level cryptographic resources to create new secure services. Cryptography is difficult and the cost of bugs typically so high that it's rarely a good idea to implement your own cryptography solution. Rely on the Security framework when you need cryptography in your app.

Diagram showing your app sitting above the Security framework. — **Figure 1**
Tools to enable secure interaction with users, data, and code

Topics

Authorization and Authentication

Password AutoFill

Streamline your app’s login and onboarding procedures.

Shared Web Credentials

Share credentials between iOS apps and their website counterparts.

Authorization Services

Access restricted areas of the operating system, and control access to particular features of your macOS app.

Authorization Plug-ins

Extend the authorization services API by creating plug-ins that can participate in authorization decisions.

Sessions

Manage login, authorization, and security sessions in macOS.

Secure Data

Keychain Services

Securely store small chunks of data on behalf of the user.

Preventing Insecure Network Connections

Enforce secure network links in your app by relying on App Transport Security.

Secure Code

Code Signing Services

Examine and validate signed code running on the system.

Notarizing Your App Before Distribution

Give users even more confidence in your software by submitting it to Apple for notarization.

Preparing Your App to Work with Pointer Authentication

Test your app against the arm64e architecture to ensure that it works seamlessly with enhanced security features.

App Sandbox Entitlements

Manage access to system resources and user data in macOS apps to contain damage if an app becomes compromised.

Hardened Runtime Entitlements

Manage security protections and resource access for your macOS apps.

Cryptography

Complying with Encryption Export Regulations

Declare the use of encryption in your app to streamline the app submission process.

Certificate, Key, and Trust Services

Establish trust using certificates and cryptographic keys.

Cryptographic Message Syntax Services

Cryptographically sign and encrypt S/MIME messages.

Randomization Services

Generate cryptographically secure random numbers.

Security Transforms

Perform cryptographic functions like encoding, encryption, signing, and signature verification.

ASN.1

Encode and decode Distinguished Encoding Rules (DER) and Basic Encoding Rules (BER) data streams.

Result Codes

Security Framework Result Codes

Evaluate result codes common to many Security framework functions.

Legacy Interfaces

Common Security Services Manager

A set of open source modules underpinning the legacy implementation of the Security framework.

Secure Transport

Secure network communication using standardized transport layer security mechanisms.

Protocols

protocol OS_sec_certificate

protocol OS_sec_identity

protocol OS_sec_object

protocol OS_sec_protocol_metadata

protocol OS_sec_protocol_options

protocol OS_sec_trust

Reference

Security Structures

Security Enumerations

Security Constants

Security Functions

Security Data Types

Beta Software

This documentation contains preliminary information about an API or technology in development. This information is subject to change, and software implemented according to this documentation should be tested with final operating system software.

Learn more about using Apple's beta software

May	JUN	Jul
	15
2018	2019	2020