As per this documentation - https://developer.apple.com/documentation/security/ksecattraccessgrouptoken?language=objc kSecAttrAccessGroupToken - Access to this group is granted by default and does not require an explicit entry in your app's Keychain Access Groups Entitlement. If I try to fetch an item from the keychain by specifying this group, OSStatus is coming as -34018 - errSecMissingEntitlements. However, everything works fine if we have this com.apple.token entry in the entitlements file. Can someone please provide a snippet to fetch tokens from keychain by just specifying the kSecAttrAccessGroupToken in the search query. Please refer the attached screenshot - I have tried to debug the issue using **codesign -d --entitlements :- ** command but 'com.apple.token' is not listed in the keychain access groups keys -

Thanks @Macho Man ***** Savage for the reply. I have tried this option as well - NSArray *unarchivedArray = [unArchiver decodeArrayOfObjectsOfClass:[TypeA class] forKey:NSKeyedArchiveRootObjectKey]; I got the same error. "UserInfo={NSDebugDescription=value for key 'root' was of unexpected class 'Class B'. Allowed classes are '{NSMutable Array}" ** Which doesn't match. Why are you specifying all those classes (NSString, NSNumber, etc.) if the array only contains TypeA? **- As the above solution didn't work, thought of specifying all the Class properties types in the the classes set to check if it works.

Please read my post here - https://developer.apple.com/forums/thread/734157.

Thanks. **If the smart card supports PIV, the system’s PIV support kicks in. This comes in the form of a CTK appex, which gets you to the same end state. ** Does this mean through CTK we can detect PIV smart card through any reader(lighting/USB/NFC) without the need of any vendor intervention?

Thanks for the details. They might actively support third-party access — by publish an interface spec, say — and that would allow you to create your own CTK appex. So CTK extension app can't be implemented independently by any app who needs to detect any smart card readers and fetch certificates from the smart card? This needs a collaboration with smart card reader vendors who can provide an additional interface which allows app to talk to the token?

Thanks for the details. **The built-in infrastructure can work the SE and with PIV hardware token. If your hardware token needs custom support, or you want to create a virtual token that’s not backed by directly connected hardware, you create a CTK appex. ** If we want to fetch the certificates from smart cards connected via Bluetooth/lighting port, Do we have to write an CryptoTokenKitExtension app? I see very limited documentation on how exactly CryptoTokenKit can detect the readers and fetch certificates from smart card. Can you please assist here? @eskimo

Hi, I am trying to implement an app which performs cert based authentication through smart card. I have few queries related to the same I have included com.apple.token in the key chain accessory group. I am able to fetch the certificates from the keychain using Yubi key Type c. But this is not working for Yubi key lighting port. Does Apple support lighting port readers? What is the need of crypto token kit extension if we are able to list the certificates from key chain just by adding com.apple.token in the entitlements file.