Smart Utility MacOS support for USB-C Readers

Created On
Last Updated On
byMaren
You are here:

We are currently tracking this issue with macOS not recognizing smart cards while using the Smart Card Utilty USB-C reader. This article outlines the issue. If you are affected by the issue, please send feedback to support@twocanoes.com and check back to this article for updates.

Overview of Issue

Starting with macOS 14 Sonoma there is an issue where the Apple driver does not recognize the CAC certificates inserted with the Smart Card Utilty USB-C reader for certain types of CAC Cards. Users need to download additional Smart Card drivers for the USB-C so that the Apple driver can talk to the reader.

Cause of Issue

The Smart Card Utility USB-C reader uses the Apple driver to show all available certificates on macOS. When the Apple driver sends the command to the reader to read the available certificates from the inserted CAC, the card appears unavailable. This is due to a timing issue between the macOS driver, the reader, and the smart card.

Workarounds

  1. Download and install the Feitain CCID Driver on your Mac.
  2. Restart your Mac.
  3. Unplug the USB-C Reader and then plug in the reader and insert the card.
  4. The USB-C Reader(Feitian iR301) and certificates should now appear in the Smart Card Utilty app.

Troubleshooting

If you are still experiencing issues, email support@twocanoes.com with your ADPU Trace output, card type, and Smart Card Utilty for iOS device log if available.

APDU Trace Log

  1. Plug in a USB-C reader to Mac.
  2. Turn on debug logging by opening Terminal and running the following command:
    sudo defaults write /Library/Preferences/com.apple.security.smartcard Logging -bool yes
  3. Provide your password when prompted.
  4. Run the following command in the Terminal to show the commands:
    log stream --predicate '(subsystem == "com.apple.CryptoTokenKit") && (category == "APDULog")'
  5. Open a browser and authenticate to a website using your smart card.
  6. Copy the output from the Terminal and send it to support@twocanoes.com along with your card type.
    Note: logging will stop when the reader is unplugged and plugged back in. You will need to rerun the commands if you unplug the reader.

iPhone or iPad Smart Card Utility Logs

  • Plug the USB-C reader into your device and insert your card.
  • Select Add Bluetooth or Other Reader… and Select your Reader.
  • Once the certificates are read, insert the 9a: PIV authentication certificate and go back to the main screen.
  • Verify that you can authenticate to the Twocanoes Test Site.
  • In Smart Card Utilty go to Settings (gear in the lower right corner) select Show Log and send it to support@twocanoes.com.
Tags: