Posts

Post not yet marked as solved
3 Replies
307 Views
Hello, I am developing a smartcard CTK extension for macOS. I have trouble to smartcard logon the first time after a reboot or a logout (e.g. when there is the text "Your password is required to enable touch id"). Trouble = I'm not asked for the PIN. But time to time after a logout (from whatever account), I can login with the smartcard. After a lockscreen I can always login with the smartcard. Is there an easy way to debug the logon process ? Regards, ++dom
Posted
by dom_.
Last updated
.
Post not yet marked as solved
0 Replies
965 Views
Hello, I'm an iOS and macOS developer. It is unclear to me if the "Smart Card Token Extension" on iOS can address Smart Card using NFC or CCID or both. Please tell us what is the current status. When creating the extension, you can provision an AID, what this information is used for ? Can't I use multiple application (hence multiple AIDs, let say one normal and one for qualified signature) on the SmartCard with the same scext ? It is worth asking the questions before diving into useless coding. Regards, ++dom
Posted
by dom_.
Last updated
.
Post not yet marked as solved
1 Replies
1.1k Views
Hello, I'm investigating the use of persistent extension to expose certificates and keys to applications. I am investigating on macOS and iOS but I am currently testing on macOS. I'm able to list the exposed certificate. I thought I could restrict the search to my particular token with kSecAttrTokenID (and the ID I provided to addTokenConfiguration(for: ), e.g. the string "COMPANY-macOS-pext"), but it doesn't work. So I tried to list all the tokens available from my app, using the following code adapted from SecurityTool: static func listAllKeychains() {     listKeychains (ofType: SecPreferencesDomain.user)     listKeychains (ofType: SecPreferencesDomain.system)     listKeychains (ofType: SecPreferencesDomain.common)     listKeychains (ofType: SecPreferencesDomain.dynamic)   }     static func listKeychains (ofType type: SecPreferencesDomain) {     var searchList: CFArray?           let status = SecKeychainCopyDomainSearchList(type, &searchList)     if ( status != errSecSuccess) {       logger.debug("error getting Keychains list : \(status).")       return     }     guard let keychains = searchList as? [SecKeychain] else {       logger.debug("Error on retrieved keychains")       return     }           for keychain in keychains {       var pName = Array(repeating: 0 as Int8, count: 1024)       var pLength = UInt32(pName.count)       let oStatus = SecKeychainGetPath(keychain, &pLength, &pName)       if oStatus == errSecSuccess {         let buffer = [UInt8](unsafeBitCast(pName, to: [UInt8].self))         let name: String = String(bytes: buffer, encoding: .ascii) ?? "Unable to get string"         logger.debug("Keychain \(keychain.hashValue) : \(name)")       } else {         logger.debug("Error getting pathname of keychain \(keychain.hashValue)")       }     }   } I just get the user keychain and the system keychain. Am I missing something here ? How can I list the keychain provided by the extension ? Is it possible to restrict a search for the items provided by my extension ? Regards, ++dom
Posted
by dom_.
Last updated
.
Post not yet marked as solved
0 Replies
681 Views
Hello, From this information: https://support.apple.com/fr-fr/guide/deployment-reference-ios/apd05d8c6344/web, I thought that I could use the CoreNFC framework in a persistent extension. Unfortunately, it seems that this is not the case. Any chance to have this framework available for persistent extension ? I opened a request on the feedback assistant (FB9382909) is this the right path to ask for that kind of stuff ? Regards, ++dom
Posted
by dom_.
Last updated
.
Post not yet marked as solved
0 Replies
705 Views
Hello, We are developing/testing extensible enterprise single sign on (https://developer.apple.com/videos/play/tech-talks/301/). For development/test purpose, is it enough to setup a macos server (https://support.apple.com/macos/server, https://apps.apple.com/us/app/macos-server/id883878097?mt=12) and its mdm features ? Will I be able to use the payload com.apple.sso ( https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf) ? Will I be able to "setup/enrol" any iPhone with the mdm ? Do I need a Developer Enterprise Program ? Or Is a Developer Program enough ? Do I need to apply to Apple Business ? Regards,
Posted
by dom_.
Last updated
.
Post not yet marked as solved
0 Replies
830 Views
Hello, Is it possible to build such an extension on iOS to share common crypto objects between applications ? The documentation tells that it is available on iOS 8+ for the com.apple.ctk-tokens extensions and on iOS 13.0+ for the CryptoTokenKit framework. If yes, is there any documentation / samples available to start playing with it ? Regards, Dominique
Posted
by dom_.
Last updated
.
Post not yet marked as solved
0 Replies
733 Views
Dear All,I'm working on an application to address NFCISO7816Tag with success until now. Here are the limitations that I found and my questions:1) When starting to scan with a begin reader session, it seems that the scanning has a timeout of 60s ?Is this statement true ?Is there any way to customize this timeout ?2) When starting to communicate with a NFCISO7816Tag, it seems that the communication windows is bound to 20s ?Is this statement true ?Is there any way to customize/increase this timeout ?3) After the beginning the reader session, the NFC UIAlertMessage pops up in foreground. We can update the text with the alertMessage function. This UIAlertMessage exists until the session is invalidated. This behavior prevents having interactions with the user while NFC communications are in place.Is this right ?Is there any way to allow user interaction while a reader session is started ? Let say to enter a PIN code for example or to click on a button in some UI ?If of any interset, I'm currently using Xcode 11.4.1, iPhone Xr iOS 13.4.1 and swift.Regards,++dom
Posted
by dom_.
Last updated
.