Corecrypto is Apple's low-level cryptography library, the code that sits underneath the security and encryption features you use on every Apple device. It provides the building blocks for things like encrypted messages, secure boot, and cryptographic verification. Apple's own Security framework, CryptoKit, and CommonCrypto all call into this library, but app developers never use corecrypto directly. Apple published the source code primarily so that security researchers and regulators can inspect it and verify that the implementations are correct. The goal on the engineering side is to provide fast, minimal math and cryptography routines that work in many contexts: the operating system kernel, the bootloader that runs before the OS starts, and regular user-space programs. The library is designed so that each module is self-contained and a user of the library only pulls in the routines they actually need. Building the library on macOS requires Xcode's command-line build tool. The repository includes a subdirectory for formal verification, which means the correctness of certain algorithms has been checked using a mathematical proof assistant rather than just testing. A technical overview document in that folder covers formal verification work done on two post-quantum cryptography standards in 2026. The license is restrictive: the code is available only for internal verification and security review, not for redistribution or use in other products. Apple is not accepting outside code contributions. Security vulnerabilities should be reported through Apple's security disclosure process rather than through GitHub issues.
← apple on gitmyhub — every repo by this author, as a profile.
Verify against the repo before relying on details.