Hi!
I want to get a reference (SecKey object) to external private key, that is stored in a smart card, and it isn't exportable.
I need this to make the private key visible on Keychain Access and then, when a signature operation is requested by selecting this key,
it's sent to smart card.
How can I obtain the SecKey object?
Thanks in advance
Reading your question it wasn’t clear to me whether you’re trying to get and use such a key, or integrate a smart card with the system, or both. So:
If you want to integrate a smart card with the system, check out the CryptoTokenKit framework. This isn’t really my speciality, but my understanding is that the PIVToken sample code would be a good place to start.
Once your smart card is integrated, the keys in the smart card are exposed via the usual keychain APIs. Check out Using Cryptographic Assets Stored on a Smart Card for the details.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Reading your question it wasn’t clear to me whether you’re trying to get and use such a key, or integrate a smart card with the system, or both. So:
If you want to integrate a smart card with the system, check out the CryptoTokenKit framework. This isn’t really my speciality, but my understanding is that the PIVToken sample code would be a good place to start.
Once your smart card is integrated, the keys in the smart card are exposed via the usual keychain APIs. Check out Using Cryptographic Assets Stored on a Smart Card for the details.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Thanks, eskimo!
Can you tall me if "another cryptographic token" (in "About" of PIVToken sample code) includes Hardware Security Modules (HSMs)?
The point of CryptoTokenKit is that third-party developers can integrate arbitrary cryptographic tokens in to the Security framework.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Hi, unfortunatly the suggested documents do not say anything about storing the private key reference into the keychain. According to the description, the only way to connect a smartcard is via USB. What about if it is a mobile device or HSM.
I miss a description about keychain usage, about storing a private key reference (and identity) which is connected to a token driver.
The PIVToken sample shows only the working of a driver as an app extension.
The documents state:
1) „Tokens are physical devices that can be built in to the system, located on attached hardware (like a smart card), or accessible through a network connection.”
2) “When a token is present in the system—such as when the user physically inserts a smart card into a USB slot—the CryptoTokenKit framework exposes the token’s items to your app as standard keychain items. It does this by copying the items to the keychain when the token is inserted, and deleting them from the keychain when the token is removed.”
My question is what about devices mentioned above? (They can have nework connection)
Regards, Gabor