Libcrypto is deprecated on Mac OS X 10.7 (Lion)

Ok, answering my own question.

10.7 introduced Transforms to Security.framework, which is closely related to SecKey. Conversions allow you to do many things, including encoding (e.g. base64), digests, signature / verification, and encryption.

Here is an example of how to sign some data. All conversions follow the same basic pattern; if you look in Headers for Security.framework, you will see a header for each type of conversion. This is from SecTransformReadTransform.h and SecSignVerifyTransform.h. I just omit the error code or the cleanup code for simplicity.

  NSData *dataToBeSigned = ;// Get this from somewhere. We set sha1 attributes down below, so this should be a sha1 digest SecKeyRef *key = ;// Get this from somewhere; keychain or SecItemImport SecGroupTransformRef group = SecTransformCreateGroupTransform(); CFReadStreamRef readStream = NULL; SecTransformRef readTransform = NULL; SecTransformRef signingTransform = NULL; // Setup our input stream as well as an input transform readStream = CFReadStreamCreateWithBytesNoCopy(kCFAllocatorDefault, [dataToBeSigned bytes], [dataToBeSigned length], kCFAllocatorNull); // Pass Null allocator so it doesn't free NSData bytes readTransform = SecTransformCreateReadTransformWithReadStream(readStream); // Setup a signing transform signingTransform = SecSignTransformCreate(key, NULL); SecTransformSetAttribute(signingTransform, kSecInputIsDigest, kCFBooleanTrue, NULL); SecTransformSetAttribute(signingTransform, kSecDigestTypeAttribute, kSecDigestSHA1, NULL); // Connect read and signing transform; Have read pass its data to the signer SecTransformConnectTransforms(readTransform, kSecTransformOutputAttributeName, self.signingTransformRef, kSecTransformInputAttributeName, group, NULL); // Execute the sequence of transforms (group) // The last one in the connected sequence is the return value NSData *signature = SecTransformExecute(group, NULL);