Smart Card Utility: Testing and Troubleshooting Hardware

Testing

To test Smart Card Utility with the FEITIAN Reader, please follow the instructions below:

  1. On an iOS device, install Smart Card Utility from TestFlight to make sure you have the most recent build:
    https://testflight.apple.com/join/eMO0PY8T.
  2. On first launch of Smart Card Utility, allow Notifications. Local Notifications are used while authenticating in other apps like Safari to notify you of device status.
  3. When Smart Card Utility is open:
    • Tap “Scan” and
    • Select the FEITIAN Reader
  4. Turn on your reader:
    • If using the Bluetooth reader, turn it on by pressing the power button on the bottom of the reader. A blue LED should turn on
    • If using a USB-C or Lightning Reader, plug it in now or just before tapping “Scan”
  5. Insert your smart card in the reader. An amber light should turn on when the card is inserted.
  6. Select the reader in Smart Card Utility from the list shown.
    1. If your reader does not appear in the list, pull down to Refresh
    2. If the reader continues to not appear, verify Bluetooth is enabled
  7. You will be redirected to the Certificates Screen:
    • If the reader and card are detected, the certificates on the smart card are shown
    • Tap “Insert” next to the certificates to use for authentication (typically the PIV Authentication slot)
  8. Once your certificates are inserted, open Safari and navigate to any PIV enabled website
    • A PIN prompt should be shown (as the inserted certificate is not yet communicating with the reader)
  9. Ensure your reader is on before attempting to authenticate
    • If using Bluetooth:
      • Your device is automatically turned off when switching apps to fully disconnect from Smart Card Utility.
      • Turn on your Bluetooth reader as detailed in step 4
    • If using USB-C or Lightning:
      • The USB-C or Lightning reader should automatically turn when connected to your device
      • If it does not turn on, unplug and plug in the reader
  10. Enter in your PIN and tap “OK”. You will receive a Push Notification with a status message for the authentication.

The website should now be shown.

Troubleshooting

To troubleshoot Twocanoes third-party smart card readers, please see our User Guide’s Troubleshooting section.

For troubleshooting hardware issues, see below. This page will be updated with troubleshooting guidance upon new releases of Smart Card Utility if necessary.

Bluetooth and Reader Connectivity

If running into issues with Bluetooth, especially when switching apps, it may be beneficial to reset your Bluetooth connection. Do so by:

  • Disabling and enabling Bluetooth in Control Center
  • Turning Bluetooth off and on in the Settings app, or
  • By asking Siri (if enabled) to first
    • Turn off Bluetooth, then,
    • To turn on Bluetooth (or doing so manually if enabled)

Note: You cannot pair your reader within your Settings app, as your reader will not be discovered in Settings

APDU Tracing

If you receive a “PIV applet not found. Please verify that this is a PIV card” message, it may be helpful to provide a trace of the commands being sent to identity the issue. Follow the steps below to get a trace using the BR-301 reader:

  1. Plug in a Micro-USB to USB A cable between the FEITIAN reader and a Mac (both Bluetooth and Lightning readers have a Micro-USB port).
    • Macs don’t support these operations over Bluetooth, so it must be connected with a cable.
  2. Turn on debug logging by opening Terminal and running the following command:
sudo defaults write /Library/Preferences/com.apple.security.smartcard Logging -bool yes

Provide your password when prompted.

  1. Run the following command in Terminal to show the commands:
log stream --predicate '(subsystem == "com.apple.CryptoTokenKit") && (category == "APDULog")'
  1. Open a browser and authenticate using your smart card to a website
  2. Copy the output from the Terminal and send to support@twocanoes.com

Note: logging will stop when the reader is unplugged and plugged back in. You will need to rerun the commands if you unplug the reader.