Smart Card Utility: More Information

Created OnDecember 1, 2018

Last Updated OnDecember 17, 2020

byTimothy Perfitt

Configuring Smart Card Authentication

https://developer.apple.com/documentation/cryptotokenkit/configuring_smart_card_authentication

Configure macOS for smart card-only authentication

https://support.apple.com/en-us/HT208372

macOS Slot Requirements

Usage	Slot	PIN Required	Required for macOS
PIN Authentication	9A	Once	Yes
Digital Signature	9C	Always	Recommended
Key Manageement (KMK)	9D	Once	Yes
Card Authentication	9E	Never	No
Retired Key Management	82-95	Once	No
Retired Key Management	8A-8F	Once	No
PIV Secure Messaging	4	Always	No

Man pages

man SmartCardServices

man sc_auth

man fdesetup

Presentations

Working with Smart Cards: macOS and Security

Slack

Logging

Turn on debug logging

sudo defaults write /Library/Preferences/com.apple.security.smartcard Logging -bool yes

View log as events happen:

log stream --predicate '(subsystem == "com.apple.CryptoTokenKit") && (category == "APDULog")'

Product security certifications, validations, and guidance

Compliance

NIAP
https://www.niap-ccevs.org/CCEVS_Products/in_eval.cfm
https://www.niap-ccevs.org/Product/PCL.cfm?par303=Apple%20Inc%2E

CSFC
https://www.nsa.gov/ia/programs/csfc_program/component_list.shtml

DSC
https://www.commoncriteriaportal.org/communities/CCDB_DSC_ESR_v1.2.pdf

Configuration Profile Reference

Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors

HSPD-12: https://www.dhs.gov/homeland-security-presidential-directive-12

NASA SmartCard Services Deployment Whitepaper (requires US Government email/PIV to access)

Developer Info

CryptoTokenKit

Example Interfaces for CryptoTokenKit

Smart Card Utility: More Information

Configuring Smart Card Authentication

Configure macOS for smart card-only authentication

macOS Slot Requirements

Man pages

Presentations

Slack

Logging

Turn on debug logging

View log as events happen:

Product security certifications, validations, and guidance

Compliance

NIAP
https://www.niap-ccevs.org/CCEVS_Products/in_eval.cfm
https://www.niap-ccevs.org/Product/PCL.cfm?par303=Apple%20Inc%2E

CSFC
https://www.nsa.gov/ia/programs/csfc_program/component_list.shtml

DSC
https://www.commoncriteriaportal.org/communities/CCDB_DSC_ESR_v1.2.pdf

Configuration Profile Reference

Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors

NASA SmartCard Services Deployment Whitepaper (requires US Government email/PIV to access)

Developer Info

Smart Card Utility: More Information

Configuring Smart Card Authentication

Configure macOS for smart card-only authentication

macOS Slot Requirements

Man pages

Presentations

Slack

Logging

Turn on debug logging

View log as events happen:

Product security certifications, validations, and guidance

Compliance

NIAP https://www.niap-ccevs.org/CCEVS_Products/in_eval.cfm https://www.niap-ccevs.org/Product/PCL.cfm?par303=Apple%20Inc%2E

CSFC https://www.nsa.gov/ia/programs/csfc_program/component_list.shtml

DSC https://www.commoncriteriaportal.org/communities/CCDB_DSC_ESR_v1.2.pdf

Configuration Profile Reference

Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors

NASA SmartCard Services Deployment Whitepaper (requires US Government email/PIV to access)

Developer Info

NIAP
https://www.niap-ccevs.org/CCEVS_Products/in_eval.cfm
https://www.niap-ccevs.org/Product/PCL.cfm?par303=Apple%20Inc%2E

CSFC
https://www.nsa.gov/ia/programs/csfc_program/component_list.shtml

DSC
https://www.commoncriteriaportal.org/communities/CCDB_DSC_ESR_v1.2.pdf