What is corecrypto?
Apple's corecrypto is the foundational cryptographic library powering iOS, macOS, and the rest of Apple's platforms. It's a C++ library providing low-level cryptographic primitives for AES encryption, hashing, RSA, elliptic curve operations, and modern post-quantum algorithms like ML-KEM and ML-DSA. The Security framework, CryptoKit, and CommonCrypto all sit on top of this code. What makes it interesting is the cross-platform targeting -- the same codebase runs in kernel space, bootloaders, and userland across x86_64, ARM64, and ARMv7.
The library includes hardware acceleration via AES-NI, ARM CRYPTO instructions, and NEON, with runtime CPU feature detection. There's FIPS 140-2/140-3 post-processing validation and formal verification for the post-quantum algorithms using Isabelle.
Why is it gaining traction?
Post-quantum cryptography is no longer theoretical. This codebase has functional implementations of ML-KEM and ML-DSA -- the NIST-standardized lattice-based algorithms -- available for review now. Researchers and security engineers want to examine how Apple implemented these algorithms. The library also has a formal verification component, which is rare in production cryptographic code and tends to show up in academic papers.
Who should use this?
Security researchers auditing Apple's platform security will find this invaluable -- the source is published so you can verify the crypto actually matches the specs. Embedded systems developers working on Apple-adjacent products might gain insights into hardware crypto capabilities. Everyone else: use CryptoKit or CommonCrypto instead. Apple explicitly warns against using this directly in apps.
Verdict
Don't use this -- use CryptoKit instead. The 1.0% credibility score reflects that this is Apple-internal code made public for verification purposes, not an open project seeking contributors. The restrictive license prohibits redistribution, and Apple is not accepting external patches. However, for security researchers wanting to audit post-quantum implementations or understand Apple's hardware crypto integration, it's worth reading -- just don't build a product on top of it.
