Apple has decided to open source the cryptographic libraries used in its OS X desktop and iOS mobile operating systems, allowing third-party developers to use them to build more robust security for their applications.
Among others it has released Security Framework, which manages and stores digital certificates, public/private encryption keys and trust policies.
The framework also generates pseudo-random numbers, used for cryptographic purposes.
Apple's Common Crypto library provides symmetric encryption, hashed message authentication codes and digests.
Both Common Crypto and Security Framework use the underlying corecrypto library, which should not be called directly by iOS or OS X apps.
Corecrypto is compliant with United States federal information processing standards (FIPS) 140-2 level 1, and Apple has provided the source code for the library to verify its security and that it works correctly.
Although the company said the corecrypto code is open source, it can only be used for verification purposes and must not be redistributed.
Developers wanting to access the corecrypto code have to agree to an "internal use license agreement" which contains a number of limitations on its use.
The corecrypto license gives users a "90-day limited, non-exclusive, non-sublicensable license under Apple's copyrights in the Apple Software to make a reasonable number of copies of, compile, and run the Apple software internally within your organisation only on devices that you own or control".