whatisgithub

What is corecrypto?

apple/corecrypto — explained in plain English

Analysis updated 2026-05-18

138C++Audience · researcherComplexity · 5/5LicenseSetup · hard

In one sentence

Apple's low-level cryptography library that underlies iOS and macOS security features, published for research and verification, not for reuse in other products.

Mindmap

mindmap
  root((corecrypto))
    What it does
      Core crypto primitives
      Powers Security framework
      Powers CryptoKit
      Secure boot support
    Tech stack
      C++
      Xcode build
      Kernel and user space
    Use cases
      Security research
      Formal verification
      Regulatory review
    Audience
      Security researchers
      Auditors

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Inspect how Apple implements core cryptographic primitives used across its operating systems.

USE CASE 2

Study the formal verification work done on post-quantum cryptography algorithms.

USE CASE 3

Verify security claims for compliance or regulatory review.

What is it built with?

C++Xcode

How does it compare?

apple/corecryptodanking6/veltocfaldyrd/auto-2026
Stars138152157
LanguageC++C++C++
Setup difficultyhardmoderateeasy
Complexity5/53/51/5
Audienceresearchergeneralgeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Requires Xcode command-line tools on macOS and is intended for inspection rather than integration into other software.

Source is provided only for internal verification and security review, not licensed for redistribution or use in other products.

So what is it?

Corecrypto is Apple's low-level cryptography library, the code that sits underneath the security and encryption features you use on every Apple device. It provides the building blocks for things like encrypted messages, secure boot, and cryptographic verification. Apple's own Security framework, CryptoKit, and CommonCrypto all call into this library, but app developers never use corecrypto directly. Apple published the source code primarily so that security researchers and regulators can inspect it and verify that the implementations are correct. The goal on the engineering side is to provide fast, minimal math and cryptography routines that work in many contexts: the operating system kernel, the bootloader that runs before the OS starts, and regular user-space programs. The library is designed so that each module is self-contained and a user of the library only pulls in the routines they actually need. Building the library on macOS requires Xcode's command-line build tool. The repository includes a subdirectory for formal verification, which means the correctness of certain algorithms has been checked using a mathematical proof assistant rather than just testing. A technical overview document in that folder covers formal verification work done on two post-quantum cryptography standards in 2026. The license is restrictive: the code is available only for internal verification and security review, not for redistribution or use in other products. Apple is not accepting outside code contributions. Security vulnerabilities should be reported through Apple's security disclosure process rather than through GitHub issues.

Copy-paste prompts

Prompt 1
Explain what corecrypto does and where it sits in Apple's security stack.
Prompt 2
What does the formal verification subdirectory in corecrypto cover?
Prompt 3
How do I build corecrypto on macOS with Xcode's command-line tools?
Prompt 4
What are the license restrictions on using code from corecrypto?

Frequently asked questions

What is corecrypto?

Apple's low-level cryptography library that underlies iOS and macOS security features, published for research and verification, not for reuse in other products.

What language is corecrypto written in?

Mainly C++. The stack also includes C++, Xcode.

What license does corecrypto use?

Source is provided only for internal verification and security review, not licensed for redistribution or use in other products.

How hard is corecrypto to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is corecrypto for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.