[SmartcardServices-Users] Storing Keychain data

SB Tech sirgadabout1 at gmail.com
Wed Feb 29 09:09:54 PST 2012

If you don't mind, I'm going to quote from Apple's "Mac OS X Security
Configuration For Mac OS X Version 10.6 Snow Leopard" document:

"Snow Leopard integrates support for hardware-based smart cards as
dynamic keychains where any application using keychains can access
that smart card. A smart card can be thought of as a portable
protected keychain.
Smart cards are seen by the operating system as dynamic keychains and
are added to the top of the Keychain Access list. They are the first
searched in the list. They can be treated as other keychains on the
user’s computer, with the limitation that users can’t add other secure
When you attach a supported smart card to your computer, it appears in
Keychain Access. If multiple smart cards are attached to your
computer, they appear at the top of the keychain list alphabetically
as separate keychains." (p.136)

This encouraged me to believe that the behaviour I was seeing,
regarding my Smart Card displacing my Login keychain, was both normal
and expected behaviour.  So, how exactly does your Smart Card interact
with Keychain Access?  Does it appear at all in the list of Keychains?
 If not, perhaps there's a low-level setting I can toggle to prevent
it appearing.


On 29 February 2012 13:24, Miller, Timothy J. <tmiller at mitre.org> wrote:
> I'm thinking there must be something peculiar about the tokend or card you're using, because I've been using smart cards through CDSA for years without this particular problem arising.
> Unless you're using a stored-value card, you're not going to be able to update data on a smart card.  That's usually reserved for the token manager, since mucking with card data is inherently a security critical operation.  Stored-value cards aren't the best idea for the same reason.
> -- T
> On Feb 18, 2012, at 1:05 PM, SB Tech wrote:
>> Hi,
>> I looked into using a Smart Card for authentication purposes in my
>> SOHO, but came away disappointed by its interaction with Keychain
>> Access.  Specifically, because it took the top position in the
>> Keychain list, it assumed the Login keychain's duties; but because I
>> was unable to store passwords directly on the Smart Card (eg. wifi
>> passwords) I found myself having to authenticate a second time, to the
>> Login keychain.  In the meantime, there was no automatic
>> authentication of login services such as connecting to wifi or
>> mounting of secure disk images.
>> So, my question is: how does one go about using a Smart Card to store
>> Keychain Access-specific data, so that the Smart Card "dynamic
>> keychain" can more fully perform the functions required on login?
>> At the moment, I'm not concerned with any particular Smart Card or
>> software solution, I'm more interested in knowing whether it's
>> actually possible.
>> Regards.
>> _______________________________________________
>> SmartcardServices-Users mailing list
>> SmartcardServices-Users at lists.macosforge.org
>> http://lists.macosforge.org/mailman/listinfo.cgi/smartcardservices-users

More information about the SmartcardServices-Users mailing list