Apple will provide unlocked iPhones for security research; rewards program is expanded

Encouraging security best practices, Apple opens cryptography APIs

At the end of last month, Apple decided to (silently) open the source code of its main encryption functions integrated with OS X and iOS. Now, it is possible to find all the information officially published on them on its development portal, within a resource area dedicated to the cryptography topics.

The source code released by the company includes the two main techniques for accessing the encryption resources existing on Macs andiGadgets. THE Security Framework, referenced for years in several areas of its reference documentation, the interface for handling trust policies and keys / certificates insideKeychain, the central repository of sensitive information present on both OS X and iOS.

Another component opened by Apple was the libraryCommon Crypto, responsible for supporting cryptographic functions for application development. It has all the necessary algorithms to handle sensitive information during development, including encryption tasks, hashingand authentication based onmessagedigest, currently very common in online services.

Both APIs were released for the purpose of “helping to develop advanced security features” for applications, at least what Apple engineers say; with the code open, it won't take long for experts to start raising different opinions about its real effectiveness. In order to foster discussions at this level, Apple also released the source code of the critical technologies that are accessed by the development APIs.

These technologies were grouped by Apple in a common library, calledcorecrypto. it where all the primitive processing of the Security Framework and theCommon Cryptohappens. As part of the initiative to allow verification of its characteristics and operation, the company asked for validation of compliance with the level 1 of the United States Federal Information Processing Standard (FIPS 140-2), defined by NIST to guarantee the basic protection of security in encryption mechanisms.

(via VentureBeat)