Google Chrome Smart Card Support on iOS

You are here:

Current, the only browser on iOS that is enables Smart Card authentication with Smart Card Utility is Safari. In order for apps to access the certificates provided by Smart Card Utility, an app must opt-in to discover certificates inserted by a CryptoTokenKit extension (which is how Smart Card Utility works). We have escalated the issue with the Google Chrome project:

Issue 1321384: Support mTLS using CryptoTokenKit extensions

iOS supports an app inserted a configuration into the iOS that makes X.509 identities discoverable for any app that opts in. Once the certificate is selected, it can be used for PKI operations such as mTLS. Chrome on iOS should allow certificates to be discovered via CTK extensions to allowed mTLS authentication be provided by a external authenticator (like a smart card or secure enclave-backed credentials). 

More info here:

Discovering the certificates and signing uses the same API as using identities in the keychain so it is possible it would require very little coding change. The entitlement must be added to the app in order for the certificates to be returned from a CTK extension.

If you want to help, please “star” the issue to add impact and let the Chrome folks know you would like support for Chrome.