"security find-certificates -a" does not find certificate with TokenId

This won’t work because:

• The various find-*** subcommands of the security tool only work with the Mac’s file-based keychain.

• Modern hardware tokens (as supported by CryptoTokenKit) only appear in the iOS-style keychain.

What’s your higher-level goal here?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I have a TokenDriver on MacOs, which creates an identity in default keychain. I can check the keychains with a testprogram, and the certificate, the key and the identity can be found by SecItemCopyMatching.
My problem is, if I want to digitaly sign a PDF document, I have to find the identity to sign.
I know, that my created identity is in the default keychain, an I see it as smartcard with the commands
„security list-smartcards” or „system_profiler SPSmartCardsDataType”, but I don't see it in "Keychain Access".
The identity was created in TKTokenDriver by means of  [self.keychainContents fillWithItems:configuration.keychainItems];
The only speciality of the identity is, that it has the attribute kSecAttrTokenID.
I have to say, that I don't see even the certificate in the keychain by "Keychan Access".

I see now, that "KeychainAccess" and "security find-certificate" do not show the items created by a smartcard tokendriver. The identities and certificates can be seen only by direct keychain access like SecItemCopyMatching.
Fortunately the new applications like Adobe Acrobat Reader recognize these identities too.

To check such iems the utilities "security list-smartcards" and "system_profiler SPSmartCardsDataType" can be used.

Also, be aware that modern versions of the security tool have subcommands specifically related to tokens (smartcards, list-smartcards, and export-smartcard). See the security man page for details.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"