Connect with us


CryptoSwift – Standard and secure cryptographic algorithms in Swift

Crypto related functions and helpers for Swift implemented in Swift.

CryptoSwift Features

  • Easy to use
  • Convenient extensions for String and Data
  • Support for incremental updates (stream, …)
  • iOS, Android, macOS, AppleTV, watchOS, Linux support

Hash (Digest)

MD5 | SHA1 | SHA2-224 | SHA2-256 | SHA2-384 | SHA2-512 | SHA3

Cyclic Redundancy Check (CRC)

CRC32 | CRC32C | CRC16


AES-128, AES-192, AES-256 | ChaCha20 | Rabbit | Blowfish

Message authenticators

Poly1305 | HMAC (MD5, SHA1, SHA256) | CMAC | CBC-MAC

Cipher mode of operation

  • Electronic codebook (ECB)
  • Cipher-block chaining (CBC)
  • Propagating Cipher Block Chaining (PCBC)
  • Cipher feedback (CFB)
  • Output Feedback (OFB)
  • Counter Mode (CTR)
  • Galois/Counter Mode (GCM)
  • Counter with Cipher Block Chaining-Message Authentication Code (CCM)
  • OCB Authenticated-Encryption Algorithm (OCB)

Password-Based Key Derivation Function

  • PBKDF1 (Password-Based Key Derivation Function 1)
  • PBKDF2 (Password-Based Key Derivation Function 2)
  • HKDF (HMAC-based Extract-and-Expand Key Derivation Function)
  • Scrypt (The scrypt Password-Based Key Derivation Function)

Data padding

PKCS#5 | PKCS#7 | Zero padding | ISO78164 | ISO10126 | No padding

Authenticated Encryption with Associated Data (AEAD)


Why? Because I can.

How do I get involved?

You want to help, great! Go ahead and fork our repo, make your changes and send us a pull request.


Check out for more information on how to help with CryptoSwift.


Hardened Runtime (macOS) and Xcode

Binary CryptoSwift.xcframework (Used by Swift Package Manager package integration) won’t load properly in your app if the app uses Sign to Run Locally Signing Certificate with Hardened Runtime enabled. It is possible to setup Xcode like this. To solve the problem you have two options:

  • Use proper Signing Certificate, eg. Development <- this is the proper action
  • Use Disable Library Validation aka entitlement

Xcode Project

To install CryptoSwift, add it as a submodule to your project (on the top level project directory):

git submodule add

It is recommended to enable Whole-Module Optimization to gain better performance. Non-optimized build results in significantly worse performance.

Swift Package Manager

You can use Swift Package Manager and specify dependency in Package.swift by adding this:

.package(url: "", .upToNextMajor(from: "1.5.1"))

See: Package.swift – manual

Notice: Swift Package Manager uses debug configuration for debug Xcode build, that may result in significant (up to x10000) worse performance. Performance characteristic is different in Release build. To overcome this prolem, consider embed CryptoSwift.xcframework described below.


You can use CocoaPods.

pod 'CryptoSwift', '~> 1.4.1'

Bear in mind that CocoaPods will build CryptoSwift without Whole-Module Optimization that may impact performance. You can change it manually after installation, or use cocoapods-wholemodule plugin.


You can use Carthage. Specify in Cartfile:

github "krzyzanowskim/CryptoSwift"

Run carthage to build the framework and drag the built CryptoSwift.framework into your Xcode project. Follow build instructionsCommon issues.


XCFrameworks require Xcode 11 or later and they can be integrated similarly to how we’re used to integrating the .framework format. Please use script scripts/ to generate binary CryptoSwift.xcframework archive that you can use as a dependency in Xcode.

CryptoSwift.xcframework is a Release (Optimized) binary that offer best available Swift code performance.

Screen Shot 2020-10-27 at 00 06 32

Embedded Framework

Embedded frameworks require a minimum deployment target of iOS 9 or macOS Sierra (10.12). Drag the CryptoSwift.xcodeproj file into your Xcode project, and add appropriate framework as a dependency to your target. Now select your App and choose the General tab for the app target. Find Embedded Binaries and press “+”, then select CryptoSwift.framework (iOS, macOS, watchOS or tvOS)

Sometimes “embedded framework” option is not available. In that case, you have to add new build phase for the target.

iOS, macOS, watchOS, tvOS

In the project, you’ll find single scheme for all platforms:

  • CryptoSwift

Swift versions support

  • Swift 1.2: branch swift12 version <= 0.0.13
  • Swift 2.1: branch swift21 version <= 0.2.3
  • Swift 2.2, 2.3: branch swift2 version <= 0.5.2
  • Swift 3.1, branch swift3 version <= 0.6.9
  • Swift 3.2, branch swift32 version = 0.7.0
  • Swift 4.0, branch swift4 version <= 0.12.0
  • Swift 4.2, branch swift42 version <= 0.15.0
  • Swift 5.0, branch swift5 version <= 1.2.0
  • Swift 5.1, branch swift5 version <= 1.3.3
  • Swift 5.3 and newer, branch main


import CryptoSwift

CryptoSwift uses array of bytes aka Array<UInt8> as a base type for all operations. Every data may be converted to a stream of bytes. You will find convenience functions that accept String or Data, and it will be internally converted to the array of bytes.

Data types conversion

For your convenience, CryptoSwift provides two functions to easily convert an array of bytes to Data or Data to an array of bytes:

Data from bytes:

let data = Data( [0x01, 0x02, 0x03])

Data to Array<UInt8>

let bytes = data.bytes                     // [1,2,3]

Hexadecimal encoding:

let bytes = Array<UInt8>(hex: "0x010203")  // [1,2,3]
let hex   = bytes.toHexString()            // "010203"

Build bytes out of String

let bytes: Array<UInt8> = "cipherkey".bytes  // Array("cipherkey".utf8)

Also… check out helpers that work with Base64 encoded data:

Calculate Digest

Hashing a data or array of bytes (aka Array<UInt8>)

/* Hash struct usage */
let bytes: Array<UInt8> = [0x01, 0x02, 0x03]
let digest = input.md5()
let digest = Digest.md5(bytes)
let data = Data([0x01, 0x02, 0x03])

let hash = data.md5()
let hash = data.sha1()
let hash = data.sha224()
let hash = data.sha256()
let hash = data.sha384()
let hash = data.sha512()
do {
    var digest = MD5()
    let partial1 = try digest.update(withBytes: [0x31, 0x32])
    let partial2 = try digest.update(withBytes: [0x33])
    let result = try digest.finish()
} catch { }

Hashing a String and printing result

let hash = "123".md5() // "123".bytes.md5()
Calculate CRC

Message authenticators
// Calculate Message Authentication Code (MAC) for message
let key: Array<UInt8> = [1,2,3,4,5,6,7,8,9,10,...]

try Poly1305(key: key).authenticate(bytes)
try HMAC(key: key, variant: .sha256).authenticate(bytes)
try CMAC(key: key).authenticate(bytes)
Password-Based Key Derivation Functions
let password: Array<UInt8> = Array("s33krit".utf8)
let salt: Array<UInt8> = Array("nacllcan".utf8)

let key = try PKCS5.PBKDF2(password: password, salt: salt, iterations: 4096, keyLength: 32, variant: .sha256).calculate()
let password: Array<UInt8> = Array("s33krit".utf8)
let salt: Array<UInt8> = Array("nacllcan".utf8)
// Scrypt implementation does not implement work parallelization, so `p` parameter will
// increase the work time even in multicore systems
let key = try Scrypt(password: password, salt: salt, dkLen: 64, N: 16384, r: 8, p: 1).calculate()
HMAC-based Key Derivation Function
let password: Array<UInt8> = Array("s33krit".utf8)
let salt: Array<UInt8> = Array("nacllcan".utf8)

let key = try HKDF(password: password, salt: salt, variant: .sha256).calculate()
Data Padding

Some content-encryption algorithms assume the input length is a multiple of k octets, where k is greater than one. For such algorithms, the input shall be padded.

Padding.pkcs7.add(to: bytes, blockSize: AES.blockSize)

Working with Ciphers

let encrypted = try ChaCha20(key: key, iv: iv).encrypt(message)
let decrypted = try ChaCha20(key: key, iv: iv).decrypt(encrypted)
let encrypted = try Rabbit(key: key, iv: iv).encrypt(message)
let decrypted = try Rabbit(key: key, iv: iv).decrypt(encrypted)
let encrypted = try Blowfish(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).encrypt(message)
let decrypted = try Blowfish(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).decrypt(encrypted)

Notice regarding padding: Manual padding of data is optional, and CryptoSwift is using PKCS7 padding by default. If you need to manually disable/enable padding, you can do this by setting parameter for AES class

Variant of AES encryption (AES-128, AES-192, AES-256) depends on given key length:

  • AES-128 = 16 bytes
  • AES-192 = 24 bytes
  • AES-256 = 32 bytes

AES-256 example

let encryptedBytes = try AES(key: [1,2,3,...,32], blockMode: CBC(iv: [1,2,3,...,16]), padding: .pkcs7)

Full example:

let password: [UInt8] = Array("s33krit".utf8)
let salt: [UInt8] = Array("nacllcan".utf8)

/* Generate a key from a `password`. Optional if you already have a key */
let key = try PKCS5.PBKDF2(
    password: password,
    salt: salt,
    iterations: 4096,
    keyLength: 32, /* AES-256 */
    variant: .sha256

/* Generate random IV value. IV is public value. Either need to generate, or get it from elsewhere */
let iv = AES.randomIV(AES.blockSize)

/* AES cryptor instance */
let aes = try AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7)

/* Encrypt Data */
let inputData = Data()
let encryptedBytes = try aes.encrypt(inputData.bytes)
let encryptedData = Data(encryptedBytes)

/* Decrypt Data */
let decryptedBytes = try aes.decrypt(encryptedData.bytes)
let decryptedData = Data(decryptedBytes)
All at once
do {
    let aes = try AES(key: "keykeykeykeykeyk", iv: "drowssapdrowssap") // aes128
    let ciphertext = try aes.encrypt(Array("Nullam quis risus eget urna mollis ornare vel eu leo.".utf8))
} catch { }
Incremental updates

Incremental operations use instance of Cryptor and encrypt/decrypt one part at a time, this way you can save on memory for large files.

do {
    var encryptor = try AES(key: "keykeykeykeykeyk", iv: "drowssapdrowssap").makeEncryptor()

    var ciphertext = Array<UInt8>()
    // aggregate partial results
    ciphertext += try encryptor.update(withBytes: Array("Nullam quis risus ".utf8))
    ciphertext += try encryptor.update(withBytes: Array("eget urna mollis ".utf8))
    ciphertext += try encryptor.update(withBytes: Array("ornare vel eu leo.".utf8))
    // finish at the end
    ciphertext += try encryptor.finish()

} catch {
AES Advanced usage
let input: Array<UInt8> = [0,1,2,3,4,5,6,7,8,9]

let key: Array<UInt8> = [0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00]
let iv: Array<UInt8> = // Random bytes of `AES.blockSize` length

do {
    let encrypted = try AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).encrypt(input)
    let decrypted = try AES(key: key, blockMode: CBC(iv: iv), padding: .pkcs7).decrypt(encrypted)
} catch {

AES without data padding

let input: Array<UInt8> = [0,1,2,3,4,5,6,7,8,9]
let encrypted: Array<UInt8> = try! AES(key: Array("secret0key000000".utf8), blockMode: CBC(iv: Array("0123456789012345".utf8)), padding: .noPadding).encrypt(input)

Using convenience extensions

let plain = Data([0x01, 0x02, 0x03])
let encrypted = try! plain.encrypt(ChaCha20(key: key, iv: iv))
let decrypted = try! encrypted.decrypt(ChaCha20(key: key, iv: iv))

The result of Galois/Counter Mode (GCM) encryption is ciphertext and authentication tag, that is later used to decryption.


do {
    // In combined mode, the authentication tag is directly appended to the encrypted message. This is usually what you want.
    let gcm = GCM(iv: iv, mode: .combined)
    let aes = try AES(key: key, blockMode: gcm, padding: .noPadding)
    let encrypted = try aes.encrypt(plaintext)
    let tag = gcm.authenticationTag
} catch {
    // failed


do {
    // In combined mode, the authentication tag is appended to the encrypted message. This is usually what you want.
    let gcm = GCM(iv: iv, mode: .combined)
    let aes = try AES(key: key, blockMode: gcm, padding: .noPadding)
    return try aes.decrypt(encrypted)
} catch {
    // failed

Note: GCM instance is not intended to be reused. So you can’t use the same GCM instance from encoding to also perform decoding.


The result of Counter with Cipher Block Chaining-Message Authentication Code encryption is ciphertext and authentication tag, that is later used to decryption.

do {
    // The authentication tag is appended to the encrypted message.
	let tagLength = 8
	let ccm = CCM(iv: iv, tagLength: tagLength, messageLength: ciphertext.count - tagLength, additionalAuthenticatedData: data)
    let aes = try AES(key: key, blockMode: ccm, padding: .noPadding)
    return try aes.decrypt(encrypted)
} catch {
    // failed

Check documentation or CCM specification for valid parameters for CCM.

let encrypt = try AEADChaCha20Poly1305.encrypt(plaintext, key: key, iv: nonce, authenticationHeader: header)
let decrypt = try AEADChaCha20Poly1305.decrypt(ciphertext, key: key, iv: nonce, authenticationHeader: header, authenticationTag: tagArr: tag)

RSA initialization from parameters

let input: Array<UInt8> = [0,1,2,3,4,5,6,7,8,9]

let n: Array<UInt8> = // RSA modulus
let e: Array<UInt8> = // RSA public exponent
let d: Array<UInt8> = // RSA private exponent

let rsa = RSA(n: n, e: e, d: d)

do {
    let encrypted = try rsa.encrypt(input)
    let decrypted = try rsa.decrypt(encrypted)
} catch {

RSA key generation

let rsa = try RSA(keySize: 2048) // This generates a modulus, public exponent and private exponent with the given size


CryptoSwift is owned and maintained by Marcin Krzyżanowski

CryptoSwift on GitHub:
Platform: iOS
⭐️: 9.2K