<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">On Oct 1, 2015, at 11:44 AM, Thomas Harning Jr. <<a href="mailto:harningt@gmail.com" class="">harningt@gmail.com</a>> wrote:</div><blockquote type="cite" class=""><br class="Apple-interchange-newline"><div class=""><div class="" style="font-family: ArialMT;">Thanks. Is there any documentation available that shows where the new tokend installations should go?<br class=""><br class=""></div><span class="" style="font-family: ArialMT; float: none; display: inline !important;">Does this installation location happen to work for older OSX versions, or is the location only scanned by OSX 10.11? If this location is only for newer versions of OSX, this complicates things for users that install an application on 10.10 or earlier and come to OSX 10.11 to discover their TokenD was obliterated.</span><br class="" style="font-family: ArialMT;"><br class="" style="font-family: ArialMT;"><span class="" style="font-family: ArialMT; float: none; display: inline !important;">Smart card development for OSX seems to be a particularly dark art. By chance are there any samples of TokenD modules written using Apple's new blessed token API - the asynchronous nature of the new API seems to be in conflict with TokenD API specifications.</span><br class="" style="font-family: ArialMT;"></div></blockquote><div class=""><div class="" style="font-family: ArialMT;"><br class="Apple-interchange-newline"></div></div><div class="" style="font-family: ArialMT;">Thomas,</div><div class="" style="font-family: ArialMT;"><br class=""></div><div class="" style="font-family: ArialMT;">• The Installer Download Page, the Installer and the man page for SmartCardServices notes the new tokend installation path for OS X El Capitan v10.11.</div><div class="" style="font-family: ArialMT;">• The Path [/Library/Security/tokend/ ] is new for OS X El Capitan v10.11 and higher and is not supported on older versions of OS X v10.x.</div><div class="" style="font-family: ArialMT;">• Location of Tokend bundles does not affect use by Applications, since this is completely abstracted away.</div><div class="" style="font-family: ArialMT;">• There currently is no code samples or reference implementations for CryptoTokenKit Clients from Apple nor yet from the project here.</div><div class="" style="font-family: ArialMT;">• TokenD API specifications ? There never was any API specification to Apple’s knowledge. What reference are you making ?</div><div class="" style="font-family: ArialMT;"><br class=""></div><div class="" style="font-family: ArialMT;"><br class=""></div><div class="" style="font-family: ArialMT;">See man page for SmartCardServices….</div><div class="" style="font-family: ArialMT;"><br class=""></div><div class="" style="font-family: ArialMT;">$ man SmartCardServices</div><div class="" style="font-family: ArialMT;"><br class=""></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;" class=""><div class="" style="font-family: ArialMT;"><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class="">SMARTCARDSERVICES(7) BSD Miscellaneous Information Manual SMARTCARDSERVICES(7)</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0); min-height: 14px;" class=""><br class=""></div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(0, 249, 0); background-color: rgb(0, 0, 0);" class="">NAME</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> <span style="font-variant-ligatures: no-common-ligatures; color: #00f900" class="">SmartCardServices</span> -- overview of smart card support</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0); min-height: 14px;" class=""><br class=""></div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(0, 249, 0); background-color: rgb(0, 0, 0);" class="">DESCRIPTION</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> <span style="font-variant-ligatures: no-common-ligatures; color: #00f900" class="">SmartCardServices</span> is a set of components which add native support for</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> smart cards to OS X.</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0); min-height: 14px;" class=""><br class=""></div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> Supported smart cards appear as separate keychains. A Tokend module for</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> each smart card you wish to use must be installed in</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> <span style="text-decoration: underline ; font-variant-ligatures: no-common-ligatures" class="">/Library/Security/tokend</span></div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0); min-height: 14px;" class=""><br class=""></div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(0, 249, 0); background-color: rgb(0, 0, 0);" class="">USB<span style="font-variant-ligatures: no-common-ligatures; color: #29f914" class=""> </span>SMART<span style="font-variant-ligatures: no-common-ligatures; color: #29f914" class=""> </span>CARD<span style="font-variant-ligatures: no-common-ligatures; color: #29f914" class=""> </span>READER<span style="font-variant-ligatures: no-common-ligatures; color: #29f914" class=""> </span>DRIVERS</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> OS X has built-in support for USB CCID class-compliant smart card read-</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> ers. For other readers, install the reader driver in</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> <span style="text-decoration: underline ; font-variant-ligatures: no-common-ligatures" class="">/usr/local/libexec/SmartCardServices/drivers</span>. Each driver is a bundle.</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> The bundle contains an XML file Info.plist which contains the device's</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> USB vendor ID and product ID. For detailed description of the plist for-</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> mat and how to write a reader driver, see</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> <a href="http://pcsclite.alioth.debian.org/api/group__IFDHandler.html" class="">http://pcsclite.alioth.debian.org/api/group__IFDHandler.html</a></div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0); min-height: 14px;" class=""><br class=""></div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(0, 249, 0); background-color: rgb(0, 0, 0);" class="">SMART<span style="font-variant-ligatures: no-common-ligatures; color: #29f914" class=""> </span>CARD<span style="font-variant-ligatures: no-common-ligatures; color: #29f914" class=""> </span>APDU<span style="font-variant-ligatures: no-common-ligatures; color: #29f914" class=""> </span>LOGGING</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> It is possible to turn on logging for smart cards. Logging is turned on</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> by setting the global preference:</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0); min-height: 14px;" class=""><br class=""></div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> sudo defaults write /Library/Preferences/com.apple.security.smartcard</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> Logging -bool yes</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0); min-height: 14px;" class=""><br class=""></div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> After a smart card reader is connected (or after reboot) all operations</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> including contents of sent and received APDU messages are then logged</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> into the system log. Logging uses the facility com.apple.security.smart-</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> card.log so it is possible to set up filtering of these logs into custom</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> targets (see asl.conf(5))</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0); min-height: 14px;" class=""><br class=""></div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> To avoid security risks that could occur if logging is turned on indefi-</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> nitely, the logging setting is one-shot - it must be turned on by the</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> command above to start logging again with a new reader. This includes</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> unplugging and replugging the same reader.</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0); min-height: 14px;" class=""><br class=""></div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(0, 249, 0); background-color: rgb(0, 0, 0);" class="">SEE<span style="font-variant-ligatures: no-common-ligatures; color: #29f914" class=""> </span>ALSO</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class=""> sc_auth(8), defaults(1), asl.conf(5), ssh-keychain(8)</div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0); min-height: 14px;" class=""><br class=""></div><div style="margin: 0px; font-size: 12px; line-height: normal; font-family: 'Andale Mono'; color: rgb(41, 249, 20); background-color: rgb(0, 0, 0);" class="">Mac OS X August 5, 2014 Mac OS X</div><div class=""><br class=""></div></div></blockquote><br class=""><br class=""><div apple-content-edited="true" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><span class="Apple-style-span" style="border-collapse: separate; line-height: normal; border-spacing: 0px;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><font face="Helvetica" style="color: rgb(0, 0, 0);" class=""><span style="font-size: 12px;" class="">- Shawn<br class="">_____________________________________________________________________<br class="">Shawn Geddis<span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span> </span></font><font face="Helvetica" class=""><span style="font-size: 12px;" class="">geddis@{Mac | Me | iCloud}.com</span></font><font face="Helvetica" style="color: rgb(0, 0, 0);" class=""><span style="font-size: 12px;" class=""><br class=""></span></font><span style="orphans: auto; widows: auto;" class="">Security and Certifications Engineer</span><font face="Helvetica" style="color: rgb(0, 0, 0);" class=""><span style="font-size: 12px;" class="">, Apple <a href="mailto:geddis@apple.com" class="">geddis@apple.com</a><br class=""><br class="">Smart Card Services<span class="Apple-converted-space"> </span> Project/Dev Lead: <br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>Project Wiki:<span class="Apple-tab-span" style="white-space: pre;"> </span> [<a href="http://SmartCardServices.MacOSFforge.Org" class="">SmartCardServices.MacOSFforge.Org</a>]<br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>Mailing Lists:<span class="Apple-tab-span" style="white-space: pre;"> </span> [<a href="http://lists.macosforge.org/mailman/listinfo" class="">Lists.MacOSForge.Org/mailman/listinfo</a>]</span></font></div><div style="color: rgb(0, 0, 0); word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><font face="Helvetica" class=""><span style="font-size: 12px;" class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>SCS Contact:<span class="Apple-tab-span" style="white-space: pre;"> </span> [<a href="mailto:scs-cotact@macosforge.org" class="">scs-cotact@macosforge.org</a>]</span></font></div><div style="color: rgb(0, 0, 0); word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><font face="Helvetica" class=""><span style="font-size: 12px;" class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>SCS Admin:<span class="Apple-tab-span" style="white-space: pre;"> </span> [<a href="mailto:scs-admin@macosforge.org" class="">scs-admin@macosforge.org</a>]</span></font></div><div style="color: rgb(0, 0, 0); word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><font face="Helvetica" class=""><span style="font-size: 12px;" class="">_____________________________________________________________________</span></font><br class=""></div></span></div></div></div></div></div></div></div></div></div>
</div>
<br class=""></body></html>