Also, now that you mention the CTK appex, Please share with me the docs you have. What is the difference between using the extension versus just using the built-in methods for storing credentials?

Hi, Quinn. Thanks for replying. I have tested fetching credentials from a YubiKey already. In this case I am trying to understand the use case of "fetching a hardware token" from the network.

Oh, and about Cryptotokenkit. You are right. I confusedly added it here. Sorry. We always talk about Cryptotokenkit in my team, but because we also plan to add support for reading tokens from smart cards or usb keys. This question in particular is not really about Cryptotokenkit. I will try to edit the question and remove the tag.

Hi, Quinn. Thank you very much for your answer. This is for iOS, and for other apps created by anyone. So, the requirement of my app is that the user can be able to use their certificates they have already added from another app into the keychain. Currently we support adding certificates into our app, but those certificates are installed through a configuration profile. We want to make it easier by using the keychain. Some users have their proprietary app that fetches the certificate from the network or from the disk, and could have that stored into the keychain. Then, they would go to our app, and find that the certificates shows up in the keychain and they could start using it in out app. We thought using the security group com.apple.token would achieve that. Right? We are working on a POC, and verifying this capability. I was not aware there are different kind of tokens, as in hardware tokens. Thank you.