[Tokend-Dev] Differences between & fixes for the BelPic, Beid, CAC Tokend's

Maccampus maccampus at gmail.com
Mon Mar 28 01:48:37 PDT 2016

Hello Mr Shawn Geddis & Readers of the Tokend & SmartcardServices Mailing Lists,

A little more then a year or so ago, starting right after i had to get a new identity Card, i started having trouble using the Tokend  that was required to use my identification & pincodes in Safari & Keychain Access.

Since my identity Card is from Belgium (Belpic Tokend from MacOSForge.org & Beid Tokend from eid.belgium.be) i have had contact with both these Mailing Lists & Fedict.be with a fix which is workable but not really a solution which is tight.

The facts:

• The Belgian developers have worked with Apple in the past, this delivered the Belpic Tokend which Apple has outsourced to MacOSForge & is still being updated by MacOSForge.
• The Belgian Developers found Apple/MacOSForge to be to slow/unresponsive when they added patches & decided to work on their own, the new tokend is called Beid Tokend.
• My old identity card used the 2nd version of encryption, my new one uses the 3th version. This made the Belpic tokend defunct & i had to change to the Belpic Tokend.
• For unknown reasons on my Mac when using the Beid tokend i have to connect the reader with ID card at boot time to make sure it is recognized by the tokend & usable in Safari & Keychain. When i don’t do this i have a 1/10 chance it could still work, otherwise i need to reboot my Mac. This problem was not there when used the Belpic Tokend.
• Notting is wrong with my reader (ACS ACR38) running with Apple’s own driver or the latest driver from ACS (i can uninstall the ACS driver if needed but this don’t change a thing)  because if i use the JAVA application from Fedict or the Firefox plugin the card is accessed  & working as supposed to. Only when it should use the tokend it fails as explained.

So seeing these facts , i can presume & partly this is confirmed by the Fedict.be, that Apple only has the 1st & 2nd version of encryption while the Fedict also has the 3th & 4th version, The Identity Cards that are now issued use the 3th version & the 4th version will be used in future.

Also but unconfirmed, i think  Belpic because it is being developed & updated for new OS X versions by MacOSforge has kept full compatibility with OS X versions while Beid because it’s being developed by a 3th party with not enough intrest in OS X & unwillingly to work with MacOSForge is not 100 % bugler anymore & in my case a bug causes the behavior as explained above.

To add to the pain, i also see in a recent post in SMC Users that the US CAC card has far more functionality then the the Belgian Identity Card, i suppose this functionality is being delivered by the tokend, the CAC tokend i suppose is being developed in a team effort by the US military & MacOSforge.

The functionality i have in my mind here is the login in & switching on & off the screensaver or locking the computer by inserting the CAC card in the Card Reader connected to the Mac.

I wonder if al this could be fixed somehow, even if the Fedict.be will not be cooperative ?

You have both the Tokend’s & source code from CAC & Belpic & you can download the Beid tokend from above mentioned website, it’s inside an installer .pkg but i’m sure you can extract it without installing or even install it in a test environement. I hope you can use the beid tokend to get the 3th & 4th version of encryption without having the source code of it. But ofcource you could also ast the Fedict for the source or develepment kit & if this doesn’t work out, there is a Linux version which can be downloaded as source.

I really hope you are willing to fix these issue’s because the Fedict seems not to. (i have a long contact with their support & in each new version they have asked me to test if the bug still exists but it has never been fixed)

Yours sincerely


Belgian Mac OS X User

More information about the Tokend-Dev mailing list