Introduction
CryptoSwift is a pure-Swift implementation of standard cryptographic primitives. It provides hash functions, ciphers, MACs, key derivation, and authenticated encryption without relying on CommonCrypto or any C libraries, making it portable across all Apple platforms and Linux.
What CryptoSwift Does
- Implements hash functions: MD5, SHA-1, SHA-2 (224/256/384/512), SHA-3
- Provides symmetric ciphers: AES (128/192/256), ChaCha20, Blowfish, Rabbit
- Supports block cipher modes: ECB, CBC, CTR, GCM, CCM, CFB, OFB
- Includes HMAC, CMAC, Poly1305 message authentication codes
- Offers PBKDF2, HKDF, and Scrypt key derivation functions
Architecture Overview
Each algorithm is implemented as a standalone Swift type conforming to shared protocols (Cipher, Authenticator, Digest). Data flows through a consistent bytes-in, bytes-out interface using Array. The library avoids Foundation dependencies where possible, operating on raw byte arrays for maximum portability. Extensions on String and Data provide convenience wrappers.
Self-Hosting & Configuration
- Add via SPM from krzyzanowskim/CryptoSwift
- Or via CocoaPods:
pod 'CryptoSwift', '~> 1.8' - No system-level C dependencies; compiles on all Swift platforms including Linux
- Supports iOS 13+, macOS 10.15+, tvOS 13+, watchOS 6+
- Thread-safe for concurrent encryption/decryption operations
Key Features
- Pure Swift with no bridging to C libraries
- Incremental processing support for large data via update/finalize pattern
- AES-GCM authenticated encryption for modern security requirements
- Padding options: PKCS7, zero padding, NoPadding, ISO10126, ISO78164
- Extensions on Data and String for one-liner hashing and encryption
Comparison with Similar Tools
- Apple CryptoKit — hardware-accelerated, Apple-only; CryptoSwift supports Linux and offers more algorithm variety
- CommonCrypto — C-based system library; CryptoSwift provides a friendlier Swift-native API
- OpenSSL (via SwiftNIO) — full TLS stack; far heavier for simple encrypt/hash operations
- Sodium (libsodium) — opinionated high-level crypto; CryptoSwift gives lower-level algorithm choice
- RNCryptor — simplified encrypt/decrypt wrapper; CryptoSwift offers more granular control
FAQ
Q: Is CryptoSwift suitable for production security applications? A: It implements standard algorithms correctly, but for high-security applications consider Apple CryptoKit which uses hardware acceleration and has undergone formal audit.
Q: Does CryptoSwift support AES-GCM authenticated encryption? A: Yes. Use AES with GCM block mode for combined encryption and authentication.
Q: Can I use CryptoSwift on Linux? A: Yes. It is pure Swift with no Apple framework dependencies, making it fully compatible with Swift on Linux.
Q: How does performance compare to CommonCrypto? A: CommonCrypto uses hardware AES-NI instructions and is faster for bulk operations. CryptoSwift is adequate for typical app-level encryption workloads.