<!--
{
  "availability" : [
    "iOS: 2.0.0 -",
    "iPadOS: 2.0.0 -",
    "macCatalyst: 13.0.0 -",
    "macOS: 10.0.0 -",
    "tvOS: 9.0.0 -",
    "visionOS: 1.0.0 -",
    "watchOS: 2.0.0 -"
  ],
  "documentType" : "symbol",
  "framework" : "Foundation",
  "identifier" : "/documentation/Foundation/NSSecureCoding",
  "metadataVersion" : "0.1.0",
  "role" : "Protocol",
  "symbol" : {
    "kind" : "Protocol",
    "modules" : [
      "Foundation"
    ],
    "preciseIdentifier" : "c:objc(pl)NSSecureCoding"
  },
  "title" : "NSSecureCoding"
}
-->

# NSSecureCoding

A protocol that enables encoding and decoding in a manner that is robust against object substitution attacks.

```
protocol NSSecureCoding : NSCoding
```

## Overview

Historically, many classes decoded instances of themselves like this:

```swift
if let object = decoder.decodeObjectForKey("myKey") as MyClass {
    // ...succeeds...
} else {
    // ...fail...
}
```

This technique is potentially unsafe because by the time you can verify the class type, the object has already been constructed, and if this is part of a collection class, potentially inserted into an object graph.

In order to conform to [`NSSecureCoding`](/documentation/Foundation/NSSecureCoding):

- An object that does not override ``doc://com.apple.foundation/documentation/Foundation/NSCoding/init(coder:)`` can conform to `NSSecureCoding` without any changes (assuming that it is a subclass of another class that conforms).
- An object that does override ``doc://com.apple.foundation/documentation/Foundation/NSCoding/init(coder:)`` must decode any enclosed objects using the ``doc://com.apple.foundation/documentation/Foundation/NSCoder/decodeObjectOfClass:forKey:`` method. For example:

```swift
  let obj = decoder.decodeObject(of:MyClass.self, forKey: "myKey")
```

In addition, the class must override the getter for its [`supportsSecureCoding`](/documentation/Foundation/NSSecureCoding/supportsSecureCoding) property to return <doc://com.apple.documentation/documentation/Swift/true>.

For more information about how this relates to the NSXPC API, see [Creating XPC Services](https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html#//apple_ref/doc/uid/10000172i-SW6) in [Daemons and Services Programming Guide](https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/Introduction.html#//apple_ref/doc/uid/10000172i).

## Topics

### Checking for Secure Coding

[`supportsSecureCoding`](/documentation/Foundation/NSSecureCoding/supportsSecureCoding)

A Boolean value that indicates whether or not the class supports secure coding.


---

Copyright &copy; 2026 Apple Inc. All rights reserved. | [Terms of Use](https://www.apple.com/legal/internet-services/terms/site.html) | [Privacy Policy](https://www.apple.com/privacy/privacy-policy)