User Profile

Basically it should be possible, when looking at the CryptoTokenKit framework included in xcode 11, they have implemented _TKClientTokenServerPortName, this should give you a hint where to go from this.One possible solution is to read the reference data from your certificate and keys from the server into the so called user keychain database, located in your ~Library/Keychains and once they are there they are automatically recognized by safari for doing web authentication or smartcard logon or just any other application.Below is a snippet where you can find the available functionalities inside ctk;--- !tapi-tbd-v3archs: [ x86_64 ]uuids: [ 'x86_64: 6F9BF731-FACA-3161-B1C7-22B11942FCFA', 'x86_64: 6F9BF731-FACA-3161-B1C7-22B11942FCFA' ]platform: zipperedinstall-name: '/System/Library/Frameworks/CryptoTokenKit.framework/Versions/A/CryptoTokenKit'exports: - archs: [ x86_64 ] symbols: [ _TKClientTokenServerPortName, _TKEntitlementSlotType, _TKErrorDomain, _TKNotifyNameFirstSlot, _TKProtocolSlotClientName, _TKProtocolSlotRegistryName, _TKProtocolTokenPairingNotificationName, _TKProtocolWatcherClientName, _TKRegisterOptionRemoveObjects, _TKSlotTypeSmartCard, _TKSmartCardSessionEndPolicyKey, _TKSmartCardSessionProtocol, _TKSmartCardSessionSensitive, _TKSmartCardSlotATR, _TKSmartCardSlotMaxInputLength, _TKSmartCardSlotMaxOutputLength, _TKSmartCardSlotPowerStateKey, _TKSmartCardSlotPreviousStateKey, _TKSmartCardSlotSecurePINChangeSupportedKey, _TKSmartCardSlotSecurePINVerificationSupportedKey, _TKSmartCardSlotShareStateKey, _TKSmartCardSlotStateKey, _TKTokenClassDriverApplicationIDKey, _TKTokenClassDriverClassIDKey, _TKTokenClassDriverClassNameKey, _TKTokenConfigurationProtocolName, _TKTokenTypeKey, _TKTokenWatcherServerStartedNotification, _TKTransportSlotName, _TKUnderlyingAKSErrorKey ] objc-classes: [ TKBERTLVRecord, TKClientToken, TKClientTokenAdvertisedItem, TKClientTokenObject, TKClientTokenSession, TKCompactTLVRecord, TKSharedResource, TKSharedResourceSlot, TKSimpleTLVRecord, TKSmartCard, TKSmartCardATR, TKSmartCardATRInterfaceGroup, TKSmartCardPINFormat, TKSmartCardSlot, TKSmartCardSlotEngine, TKSmartCardSlotManager, TKSmartCardSlotScreen, TKSmartCardToken, TKSmartCardTokenDriver, TKSmartCardTokenSession, TKSmartCardUserInteraction, TKSmartCardUserInteractionForConfirmation, TKSmartCardUserInteractionForPINOperation, TKSmartCardUserInteractionForSecurePINChange, TKSmartCardUserInteractionForSecurePINVerification, TKSmartCardUserInteractionForStringEntry, TKTLVRecord, TKToken, TKTokenAuthOperation, TKTokenBaseContext, TKTokenConfiguration, TKTokenConfigurationTransaction, TKTokenDriver, TKTokenDriverConfiguration, TKTokenID, TKTokenKeyAlgorithm, TKTokenKeyExchangeParameters, TKTokenKeychainCertificate, TKTokenKeychainContents, TKTokenKeychainItem, TKTokenKeychainKey, TKTokenPasswordAuthOperation, TKTokenSession, TKTokenSmartCardPINAuthOperation, TKTokenWatcher ]Good luckMichael Ang

NO, as it is not safe and only starting from 2048

It should work. After executing it, this is hwo to check,macdev:aetsce michael$ defaults read /Library/Preferences/com.apple.security.smartcard{ DisabledTokens = ( "com.apple.CryptoTokenKit.pivtoken" ); Logging = 0;}

NO