[SmartcardServices-Dev] SmartCardServices in OSX 10.8

Shawn Geddis geddis at apple.com
Fri Feb 17 09:11:36 PST 2012 

On Feb 17, 2012, at 11:52 AM, Thomas Harning Jr. wrote:
> I see that 10.7 has CDSA and SmartCardServices deprecated, meaning it
> is out the door for 10.8.
> 
> How would one build TokenD implementations since CDSA is an integral
> dependency (TokenD directly exposes/consumes CSSM* types)?
> 
> Is there a new pluggable-crypto system in the works? If so, hopefully
> it can support software-driven interfaces (ex: those that aren't
> PC/SC, perhaps direct USB tokens or network-based devices)...

Thomas,

Deprecation of CDSA is what prompted the removal of the Tokend modules from OS X Lion.  If you restore them on an OS X Lion system, you will have capabilities restored.  The Tokend modules have been based on CDSA in OS X 10.4, 10.5, 10.6 and still can in 10.7.  Deprecation of CDSA means that it is no longer THE  Crypto/PKI architecture to rely on and that it will be gone in some future version of the OS - not exactly a guarantee it will be gone, but you can’t count on it being there in a future release once it has been publicly announced as deprecated.

Apple has not made any announcements with respect to future frameworks to provide the same or similar functionality.  I can say that it is extremely high on the customer request list for Token/SmartCard support on iOS & OSX.  Since CDSA is deprecated and was never going to make it to iOS (size/age/functionality working against it), Apple was always faced with looking at something new.

As for the "software-driven interfaces”, Tokend has been used quite a bit with USB Tokens and Network HSMs.  The system-wide support for abstracting Identities (of various types) for iOS / OSX is quite important.

Stay tuned to this space for future information.

-Shawn
__________________________________________________
Shawn Geddis				  			   geddis at me.com
Security Consulting Engineer                              geddis at apple.com

MacOSForge Project Lead:                           Smart Card Services                                                      
	Web:	http://smartcardservices.macosforge.org/
	Lists:	http://lists.macosforge.org/mailman/listinfo
__________________________________________________

More information about the SmartcardServices-Dev mailing list