I have a TokenDriver on MacOs, which creates an identity in default keychain. I can check the keychains with a testprogram, and the certificate, the key and the identity can be found by SecItemCopyMatching. My problem is, if I want to digitaly sign a PDF document, I have to find the identity to sign. I know, that my created identity is in the default keychain, an I see it as smartcard with the commands „security list-smartcards” or „system_profiler SPSmartCardsDataType”, but I don't see it in "Keychain Access". The identity was created in TKTokenDriver by means of  [self.keychainContents fillWithItems:configuration.keychainItems]; The only speciality of the identity is, that it has the attribute kSecAttrTokenID. I have to say, that I don't see even the certificate in the keychain by "Keychan Access".

I see now, that "KeychainAccess" and "security find-certificate" do not show the items created by a smartcard tokendriver. The identities and certificates can be seen only by direct keychain access like SecItemCopyMatching. Fortunately the new applications like Adobe Acrobat Reader recognize these identities too. To check such iems the utilities "security list-smartcards" and "system_profiler SPSmartCardsDataType" can be used.