Effectively I tried using LocalAuthentication from a TKTokenAuthOperation and it runs fine.I can get an authentified context (at least for decrypt and key exchange operations - strangely it fails for signing).I cannot go further then because LocalAuthentication doesn't seems usable as a pre-authentification for SecKeyCreateSignature or SecKeyCreatedDecryptedData.

Yes effectively it occurs during operations that rely on private key, typically displaying authentification dialogs.Succeeds with both TouchID or user password.I had in mind that CKT plugins can do UI, should TKTokenAuthOperation be the only place where UI occurs ?Is UI limited to default dialogs (e.g TKTokenPasswordAuthOperation) ?Regards,Jerome T

Hi,With multiple tests I figured that :com.apple.ctk.token-type can include any identifier (e.g 'token')com.apple.ctk.aid can be avoided if the token isn't a smartcardMost of the CryptoTokenKit sample code is fine by using a generic Token (not inheriting from SmartCard variants). This includes loading the extention by invoking the Keychain from host App, using TKConfigurationData to fetch context from host or replying to TKTokenSession callbacks.However TKTokenKeychainContents seems to be missing if the TKToken doesn't inherit from TKSmartCardToken. token.keychainContents remains nil forbiding use of [keychainContents fillWithItems:]. This is a blocking point to perform crypto operations that usualy rely on [keychainContents keyForObjectID].Any idea on why keychainContents remains nil ?Regards,Jerome T