SmartCardServices... BSD Miscellaneous Information Manual SmartCardServices...
NAME
SmartCardServices-legacy -- overview of legacy SmartCard support
DESCRIPTION
SmartCardServices-legacy is a set of components which add native support for SmartCards to OS X based on Tokend modules. Since OS X 10.12, there is SmartCard support which is described in SmartCardServices(7) Supported SmartCards appear as separate keychains. A Tokend module for each SmartCard you wish to use must be installed in /Library/Security/tokend
USB SMART CARD READER DRIVERS
OS X has built-in support for USB CCID class-compliant SmartCard readers. For other readers, install the reader driver in /usr/local/libexec/SmartCardServices/drivers. Each driver is a bundle. The bundle contains an XML file Info.plist which contains the device's USB vendor ID and product ID. For detailed description of the plist for- mat and how to write a reader driver, see http://pcsclite.alioth.debian.org/api/group__IFDHandler.html
SMART CARD APDU LOGGING
It is possible to turn on logging for SmartCards by setting the global preference: sudo defaults write /Library/Preferences/com.apple.security.smartcard Logging -bool yes After a SmartCard reader is connected (or after reboot) all operations including contents of sent and received APDU messages are then logged into the system log. Logging uses the facility com.apple.security.smart- card.log so it is possible to set up filtering of these logs into custom targets (see asl.conf(5)) To avoid security risks that could occur if logging is turned on indefi- nitely, the logging setting is one-shot - it must be turned on by the command above to start logging again with a new reader. This includes unplugging and replugging the same reader.
DISABLING NEW SMART CARD SUPPORT
It is possible to turn of the new tokens by setting the global prefer- ence: sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array com.apple.CryptoTokenKit.pivtoken
DISABLING SHEET AUTHORIZATION IN PREFERENCES
When using tokend-based SmartCards, according to your configuration you may not be able to use SmartCards for authorization in System Preferences sheets. In such case, you can disable sheets using following command: defaults write com.apple.Preferences UseSheets -bool FALSE System Preferences will then use the original dialog-based authorization.
ENTITLEMENT
Sandboxed PCSC clients require 'com.apple.security.smartcard=YES' enti- tlement. Non-sandboxed PCSC clients do not require such entitlement (in order to keep backward compatibility with macOS < 10.10).
SEE ALSO
SmartCardServices(7), sc_auth(8), defaults(1), asl.conf(5), ssh-keychain(8) Mac OS X August 5, 2014 Mac OS X
Mac OS X 10.13.1 - Generated Thu Nov 9 15:53:24 CST 2017