Testing

To test Smart Card Utility with the FEITIAN Reader, please follow the instructions below:

  1. On an iOS device, install Smart Card Utility from TestFlight to make sure you have the most recent build:
    https://testflight.apple.com/join/eMO0PY8T.
  2. On first launch of Smart Card Utility, allow Notifications. Local Notifications are used in other apps during authentication to notify you of statuses like PIN failure or success.
  3. When Smart Card Utility is open, tap “Scan” and select the FEITIAN Reader.
  4. If you are using the Bluetooth reader, turn it on by pressing the power button on the bottom of the reader. A blue LED should turn on. If you are using the USB-C or Lightning version, plug it in now or just before tapping “Scan”.
  5. Insert your smart card in the reader. An amber light should turn on when the card is inserted.
  6. Select the reader in Smart Card Utility from the list shown. If it does not appear in the list, pull down to Refresh. If the reader does not appear, verify Bluetooth is enabled.
  7. If the reader and card are detected, the certificates on the smart card are shown. Tap “Insert” next to the certificates to use for authentication (typically the PIV Authentication slot).
  8. Once inserted, open Safari and navigate to a PIV enabled website. A PIN prompt should be shown (as the inserted certificate is not yet communicating with the reader).
  9. Note: the Bluetooth reader turns off to fully disconnect from the Smart Card Utility app. Turn the reader back on. The USB-C or Lightning reader should automatically turn on. If it does not turn on, unplug and plug in the reader.
  10. Enter in your PIN and tap “OK”. You will receive a Push Notification with a status message for the authentication.

The website should now be shown.

Troubleshooting

If the authentication is not successful, try the following steps:

  1. Toggle Bluetooth on and off on the iOS device. Note: pairing in Settings is not required and is unavailable. Do so in Control Center, the Settings app, or with Siri if enabled.
  2. Verify the reader is on when the PIN prompt is showing.
  3. If the certificates are not shown, enable logging in Smart Card Utility settings, then tap the “Log” button after use to see what the issue may be. Share the log with support@twocanoes.com to help resolve the issue.
  4. Open Console on a Mac and click on the iOS device to show the logs. Filter on “subsystem:com.twocanoes.logger” as shown in the screenshot below:

APDU Tracing

if you receive a “PIV applet not found. Please verify that this is a PIV card”, it may be helpful to provide a trace of the commands being sent to identity the issue. Follow the steps below to get a trace using the br301 reader:

  1. Plug in a Micro USB to USB-A cable between the FEITIAN reader and a Mac (both bluetooth and lightning readers have a Micro USB port). The Mac doesn’t support these operations over bluetooth so it must be connected with a cable.
  2. Turn on debug logging by opening terminal and running the following command:
sudo defaults write /Library/Preferences/com.apple.security.smartcard Logging -bool yes

Provide your password when prompted.

  1. Run the following command in Terminal to show the commands:
log stream --predicate '(subsystem == "com.apple.CryptoTokenKit") && (category == "APDULog")'
  1. Open a browser and authenticate using your smart card to a website.
  2. Copy the output from the Terminal and send to support@twocanoes.com

Note that logging will stop when the reader is unplugged and plugged back in, so you will need to rerun the commands if you unplug the reader.