PrismSecurity
PrismSecurity provides a comprehensive security layer for Apple platforms — from system permissions and biometric auth to encrypted transport channels, tamper detection, and PII redaction. Built on CryptoKit, Security framework, and LocalAuthentication with Swift 6.3 strict concurrency.Permissions & Biometrics
Unified API for 16 system permissions plus Face ID / Touch ID / Optic ID authentication.
Encryption & Keychain
AES-GCM, ChaChaPoly, HMAC, HKDF, Secure Enclave, and typed keychain storage.
Certificate Pinning
SHA-256 public key pinning with strict, report-only, and trust-on-first-use policies.
Secure Transport
P256 ECDH key exchange, encrypted channels, and signed envelopes with forward secrecy.
Audit & Tokens
Hash-chain audit log, JWT decode, actor-based token refresh, and Bearer injection.
Privacy Guard
PII redaction, screen protection on background, auto-clearing clipboard, field classification.
Architecture
Quick Start
One Import, Full Security
Key Concepts
| Concept | Type | Description |
|---|---|---|
| Permission | PrismPermissionClient | Unified request/check for 16 system permissions |
| Biometric | PrismBiometricAuth | One-line Face ID / Touch ID / Optic ID |
| Keychain | PrismKeychain | Typed CRUD with access control |
| Encryptor | PrismEncryptor | AES-GCM + ChaChaPoly via CryptoKit |
| Secure Store | PrismSecureStore | Encrypt + keychain in one call |
| Cert Pinning | PrismPinningValidator | Public key hash validation (actor) |
| Integrity | PrismIntegrityChecker | Jailbreak / debugger / tamper detection |
| Secure Channel | PrismSecureChannel | ECDH → symmetric encrypted pipe |
| Audit Log | PrismSecurityAuditLog | Hash-chain tamper-evident event log |
| Token Manager | PrismTokenManager | Actor-based JWT lifecycle + refresh |
| Privacy Guard | PrismPrivacyGuard | PII redact, classify, screen protect |
Next Steps
Permissions & Biometrics
Request permissions and authenticate with Face ID.
Encryption & Keychain
Encrypt data and store secrets in the keychain.
Cert Pinning & Integrity
Pin certificates and detect tampering.
Secure Transport
Encrypted channels with ECDH and forward secrecy.
Audit, Tokens & Privacy
Audit logging, JWT management, and PII protection.