Apple FIPS Cryptographic Module

Discussion in 'Mac Programming' started by Filini, Jun 25, 2011.

  1. Filini, Jun 25, 2011
    Last edited: Jun 26, 2011

    macrumors newbie

    Filini

    Joined:
    Jan 17, 2009
    #1
  2. macrumors regular

    Joined:
    Jun 15, 2010
    Location:
    Kyiv
    #2
    This module is certified for use in environments (governments, for instance), where FIPS-140 compliant cryptography is required by security policy.
    It just library, which will perform all cryptographic operations (signing/encryption), like other ones, except that it will make it in the way described in FIPS-140
     
  3. thread starter macrumors newbie

    Filini

    Joined:
    Jan 17, 2009
    #3
    Where i can see examples, how to use this library?
     
  4. macrumors member

    Joined:
    May 8, 2012
    #4
    I have tried to understand this FIPS-140 compliant cryptography but not sure if my understanding is right.

    I have listed my understanding of this link below.

    This cryptography module is used to enforce security in the Apple OS using standard defined by FIPS 140-2. Does this happen by encrypting all the user info related files in the OS? Or is it only for third party application.

    And for third party application, how does it achieve the security by consuming this cryptography module? Does an app use this crypto module to encrypt all it's config files/user related info thereby complying with this standard? Or is there something else to it?

    Please do help me understand this.

    Thanks & Regards.
     
  5. macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #5
    Nothing like that at all. There are functions for cryptography built into MacOS X. Software can use these functions. But you don't really know if all these functions work as intended, and whether the cryptography is really safe. That's what this is for: This cryptography module has been independently tested and verified by people who know what they are doing, so you know as a software developer that anything encrypted with this cannot be cracked. And the administrator tools let you verify that on a particular Mac, the right cryptography software is installed, and hasn't been replaced with something that is less safe.

    So basically this just guarantees that cryptography on MacOS X isn't written by some clueless numpty and can be cracked, but is as safe as it can be. You still need software that uses it.
     
  6. macrumors member

    Joined:
    May 8, 2012
    #6
    Hi gnasher729,

    Now I kinda get it. Basically cryptography module is an build-in framework provided by Mac OSX (following FIPS-140 encryption standard) for applications to encrypt/decrypt the data that they want to secure.

    Is this encryption/decryption module available in Security.framework framework?
     
  7. macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #7
    To get started, go to developer.apple.com, get the free developer account, then check out the WWDC 2012 videos. There is one 1 hour video about everything related to security, including Security.framework.
     
  8. macrumors member

    Joined:
    May 8, 2012
    #8
    I already have an account. Will try the same.
    Thanks for the lead. :D
     

Share This Page