Based on the documention provided in the below link I was trying to access the PIV token smart card using Keychain services.
Currently trying to use the built-in smart card driver com.apple.CryptoTokenKit.pivtoken:1.0 for PIV smart card.
I am able to access the identity using below code as mentioned in above link.
NSDictionary *getquery = @{ (id)kSecClass: (id)kSecClassIdentity,
(id)kSecAttrTokenID : @"
<PIV token ID>
",(id)kSecReturnRef: @YES,
};
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)getquery,
(CFTypeRef *)&identityRef);
I am also able obtain successfully the Certificate and Private key handle from the identity using SecIdentityCopyCertificate and SecIdentityCopyPrivateKey without errors.
However while trying to use the Private key handle for signing operation using SecSignTransformCreate the following error is observed:
The operation couldn’t be completed. (Internal CSSM error error -25304 - Internal error #ffff9d28 at SignTransform_block_invoke /BuildRoot/Library/Caches/com.apple.xbs/Sources/Security/Security-58286.70.7/OSX/libsecurity_transform/lib/SecSignVerifyTransform.c:411
This error occurs on invoking SecSignTransformCreate with private key handle obtained from previous step.
Any solution as to why this error is observed for the PIV token?
Is this the right way to access PIV token using built in pluginkit com.apple.CryptoTokenKit.pivtoken:1.0 or should we use any other APIs?