User Profile

Based on the documention provided in the below link I was trying to access the PIV token smart card using Keychain services.https://developer.apple.com/documentation/cryptotokenkit/using_cryptographic_assets_stored_on_a_smart_card?language=objc Currently trying to use the built-in smart card driver com.apple.CryptoTokenKit.pivtoken:1.0 for PIV smart card.I am able to access the identity using below code as mentioned in above link. NSDictionary *getquery = @{ (id)kSecClass: (id)kSecClassIdentity, (id)kSecAttrTokenID : @"<PIV token ID>", (id)kSecReturnRef: @YES, }; OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)getquery, (CFTypeRef *)&identityRef);I am also able obtain successfully the Certificate and Private key handle from the identity using SecIdentityCopyCertificate and SecIdentityCopyPrivateKey without errors.However while trying to use the Private key handle for signing operation using SecSignTransformCreate the following error is observed:The operation couldn’t be completed. (Internal CSSM error error -25304 - Internal error #ffff9d28 at SignTransform_block_invoke /BuildRoot/Library/Caches/com.apple.xbs/Sources/Security/Security-58286.70.7/OSX/libsecurity_transform/lib/SecSignVerifyTransform.c:411This error occurs on invoking SecSignTransformCreate with private key handle obtained from previous step.Any solution as to why this error is observed for the PIV token?Is this the right way to access PIV token using built in pluginkit com.apple.CryptoTokenKit.pivtoken:1.0 or should we use any other APIs?

I had a query regarding stapling the ticket to the notarised binary.Is it mandatory to staple the ticket to the binary/pkg? I understand network connection would be required for Gatekeeper to validate. But can we still continue to notarize the binaries successfully and not staple the ticket?