Wiki     Blog     Roadmap     Timeline     New Ticket     View Tickets     Project Search
"Current" Static URLs to pull installers

For ensuring access to the most current installers as updates are posted, we are now providing static reference URLs to SmartCardServices Installer downloads corresponding to each major OS X release. These symbolic links will always point to the most recent versions of the installers.


SmartCard Services "Current" - Most recent Installer (i.e v2.0.2 for OS X Yosemite v10.10)

http://smartcardservices.macosforge.org/files/installers/SCS-Current.zip


The static URL for the most recent installer versions corresponding to each major release of OS X follows the format:

http://smartcardservices.macosforge.org/files/installers/SCS-XX.YY-Current.zip

          XX - 10

          YY - Major Release (i.e '09' for OS X Mavericks v10.9)

 

Installer Posted for OS X Yosemite v10.10

Installer posted for OS X Yosemite v10.10.  This SmartCardServices Installer provides the Tokend modules and cacloginconfig.plist for installation on your OS X Yosemite systems.  Note that the installer and Tokend modules are not digitally signed again yet, but will be in the future.  To ensure you have the original installer posted here and not one that has been modified, please verify the SHA-1 hash of the .zip you download against the hash posted for the corresponding installer from the installers download page:

http://smartcardservices.macosforge.org/trac/wiki/installers/

Installers Updated to v2.0.1 - Only JPKI.tokend affected

NOTE to JPKI Users
Installers updated to v2.0.1 to include an updated JPKI.tokend due to build configuration errors specific to this Tokend. Previous JPKI.tokend provided in Installer v2.0 will fail operational testing and use, so please replace immediately. If you experience any failure in replacing the previously installed JPKI.tokend, please execute the following command, requiring admin privileges, to remove the currently installed Tokend and re-run the installer:

 

# rm -R /System/Library/Security/tokend/JPKI.tokend 

 

Security Updates

We added a new project section, Security Updates, to the left side navigation bar for explanation of security updates.  SmartCardServices Security Update IDs will use the following naming convention:

SCSSU-YYYYNN

  SCSSU - SmartCardServices Security Update

  YYYY - The calendar year the update was included

  NN - The sequental update for the calendar year

 

First SCSSSU has been included in the SmartCardServices v2.0 release and was identified as:  SCSSU-201401.

SmartCardServices Installers for OS X 10.6 - 10.9 Posted!

SmartCardServices Installers v2.0 for OS X v10.6 - v10.9 have been posted providing the signed Tokend modules for Smart Cards previously support by Apple.

Smart Cards Supported

 • BELPIC
 • CAC
 • CACNG* (Gemalto TOPDLGX4 144 & G&D FIPS 201 SCE 3.2 - ONLY at this time)
 • JPKI*     (NEW - First time release)
 • PIV


The installers allow you to selectively choose which modules to load. Only installing the modules needed reduces the card probe times, but reduces the card types supported.

Installing CAC, CACNG or PIV will also automatlically enable the SystemCACertificates keychain. This keychain ships with OS X and is pre-populated with critical Intermediate CA Certificates, but is not included in the default keychain search list.

The SystemCACertificates keychain file is located at following path

/System/Library/Keychains/SystemCACertificates.keychain

Signed Tokend Modules

The Installers have not been digitally signed, but the indivdual Tokend modules have been signed using an identity which is unfortunately not a Developer ID Identity.  If this causes any issues, be sure to submit a ticket noting the problem.

OS X Lion & Mountain Lion SmartCardServices Installers v2.0.b2 (beta)

SmartCardServices Installers v2.0.b2 (beta) for both OS X Mountain Lion v10.8 and OS X Lion v10.7 have been posted here providing the signed Tokend modules for Smart Cards previously supported by Apple.

Smart Cards Supported

 • BELPIC
 • CAC
 • CACNG* (Gemalto TOPDLGX4 144 - ONLY at this time)
 • JPKI*     (NEW - First time release)
 • PIV


The installers allow you to selectively choose which modules to load. Only installing the modules needed reduces the card probe times, but reduces the card types supported.

Installing CAC, CACNG or PIV will also automatlically enable the SystemCACertificates keychain. This keychain ships with OS X and is pre-populated with critical Intermediate CA Certificates, but is not included in the default keychain search list.

The SystemCACertificates keychain file is located at following path

/System/Library/Keychains/SystemCACertificates.keychain

Installers

The Installers have been digitally signed, but it is possible you may not have the intermediate CA certificate on your system yet.  If you do not have it, you can pull it down from Apple's Root Certification Authority site with the specific Intermediate CA certificate you need found --> HERE <--.

The installers are located on the Project's Installers page which you can get to --> HERE <-- as well as clicking on the Installers link on the left side of this page.

 

Remembering Steve Jobs

 

 

 

 

Being the richest man in the cemetery doesn't matter to me.... Going to bed at night saying we've done something wonderful... that's what matters to me.

Steve Jobs (1955-2011)

http://www.apple.com/stevejobs/

 

 

 

 

 

OS X Lion SmartCardServices Installer v2.0b1 (beta)

The SmartCardServices Installer 2.0b1 (beta) has been posted here and provides the signed Tokend modules for Smart Cards previously supported by Apple in Mac OS X 10.6.  This installer does not contain any new support or features other than supporting OS X Lion.  

Smart Cards Support

  • BELPIC
  • CAC
  • CACNG   (Gemalto TOPDLGX4 144 - ONLY at this time)
  • PIV

The installer allows you to selectively choose which modules to load.  Only installing the modules needed reduces the card probe times.

 

Installer

The installer is located on the Project's Installers page which you can get to --> HERE as well as clicking on the "Installers" link on the left side of this page.

 

Verifying Installation 

  • You can verify the installation of these signed Tokend modules by checking their existence at the following path.
/System/Library/Security/tokend/
  • The first letters of the Keychain Name that appear in Keychain Access always reflects what Tokend is publishing that particular Smart Card.  For example, if the name begins with "PIV-...." then the PIV Tokend is currently handling communication with the inserted card.

 

Testing Procedures

  • Install on OS X Lion (10.7) 
  • Launch Keychain Access
  • Insert Reader
  • Insert Card
  • The Smart Card "Keychain" should appear in Keychain Access' 
  • Make sure that ALL objects appear for the Card.
  • Attempt to manually unlock the Smart Card Keychain.
  • Proceed to test your various usage scenarios across the system.

 

Known Issues

  • Oberthur ID One 128 v5.5 cards are not yet supported.
  • OS X Lion Smart Card Login

 

Reporting Bugs 

Report any and all anomalies to the SmartCardServices Ticket System.

 

Submit New Tickets:

     http://smartcardservices.macosforge.org/trac/newticket

 

View existing tickets:

     http://smartcardservices.macosforge.org/trac/report

 

 

Apple deprecates Smart Card Services in OS X Lion (v10.7)

The following was an announcement Shawn Geddis sent out on July 20, 2011 to customers using Smart Cards on Mac OS X.  We share it here for completeness and clarity to our continuing open source development and user community. 

Our SmartCardServices Project here definitely contines, but Apple has had to make changes with respect to what it ships in OS X.


Smart Card Services and the ability to develop support for a multitude of Smart Card devices and profiles based on CDSA/Tokend has been available in OS X since version 10.4.  January 2009, Apple officially moved the already open sourced components to an organized open source project at SmartCardServices.MacOSForge.org which has been lead by Shawn Geddis, Enterprise Security Consulting Engineer with involvement from key leads within the open source community.  This project has driven the ongoing development and support for additional readers and smart card profiles which were then incorporated into OS X 10.5 through 10.6.

As Apple continues to drive innovation in the mobility space, it is necessary to continually reevaluate how OS services can be enhanced to better serve Apple's customer base.  Apple has had to make some tough decisions relating to the current Smart Card Services architecture.  

OS X Lion Support ?
With the release of OS X Lion, Smart Card Services are deprecated and will not ship as a customer functioning service.  That does not mean that customers will be unable to continue to use their Smart Cards with OS X Lion.  It does mean that all of the necessary components will not come pre-shipped in OS X Lion along with related support.  Customers needing to continue to use their Smart Cards with OS X Lion will need to pursue one of the options mentioned here later according to their needs and requirements.

Why the change ?
The foundational components for Smart Card Services in OS X have been based on an architecture (CDSA) that has been deprecated in the released version of OS X Lion.  This indicates CDSA's use and support has stopped and will be removed completely in a future release of OS X.  Any solution for OS X still leveraging the deprecated CDSA can continue to function for now, but the CDSA infrastructure would no longer receive enhancements or bug fixes.  CDSA will no longer ship in future releases of OS X. 

Apple clarified the migration from CDSA for developers during the WWDC 2011 Conference in San Francisco (June 6-10) during the "Next Generation Cryptographic Services" Session 212.  [Those with developer access can view the Conference Videos via ADC on iTunes.]

What was changed ?
The Smart Card Services deprecation was limited to the following components no longer shipping in OS X.

  • No Tokend modules ship with OS X Lion (10.7)
  • Modules: /System/Library/Security/tokend/*.tokend
  • Authorization Mechanism reference missing
  • Database: /etc/authorization
    Right: system.login.console
    Mechanism: builtin:smartcard-sniffer,privileged

    Options Going Forward
    Apple's need to deprecate what was there and focus on innovative approaches to solving the digital identity challenges on both OS X and iOS moving forward does not preclude customers from using Smart Cards on OS X 10.6 and even on 10.7.  Any developer / user is expected to be able to continue to use their Smart Cards on OS X 10.6 & 10.7 as long as they have a supported Tokend for the Smart Card profile installed.  This would require a non-Apple provided Installer.

    Open Source Options
    The MacOSForge.Org - SmartCardServices Project has provided the actual supported versions for 10.5 & 10.6 and plans to continue to provide that capability for 10.7.  The Project participants plan to post additional installers for customers to have the continued capabilities as were there in OS X 10.6 for as long as is technically feasible - with no guarantee of compatibility with future releases of OS X.  If the Tokend was previously shipped as part of OS X, then updates would need to be obtained here from the SmartCardServices Project (BELPIC, CAC, CACNG, PIV).

    Commercial Options
    If the Tokend was independently developed, installation on 10.7 is expected to continue working given any additional configuration that may need to be done such as authorization database update, but again with no guarantee or support from Apple.  There have been a handful of commercially available products with more complete implementations and purchasable support contracts which many Federal/Commercial customers prefer.  Each of the commercial products available has a particular target market and list of supported Smart Cards and Tokens.

    What option is for me ?
    Apple encourages all customers to pursue the option above that best suites their technical and support needs.  Both options have their own pros and cons, so you will need to weigh them against your organizational and personal needs.

    ALL Smart Card related questions, comments, bug submissions should be targeted here to this project.  Smart Card Services on OS X based on CDSA is no longer supported by Apple starting with OS X Lion 10.7.

    -Shawn Geddis
    Project/Development Team Lead

     

    **UPDATE** CAC-NG Tokend (BETA v0.95) for Mac OS X 10.6

    An updated Tokend & Installer have been posted for your testing.

    Tokend Update Fixes

     

    • CACNG Tokend previously picked up a standard CAC as well, but failed to handle.  You only saw one identity (Cert & Private key).

     


     

    Installer

    This Installer for the CAC Next Generation (a.k.a. CAC-NG) Tokend for Mac OS X 10.6 - Snow Leopard  has been posted which supports the Gemalto TOPDLGX4 144 issued cards.  

    Note: Oberthur ID One 128 v5.5 cards are not yet supported.

     http://smartcardservices.macosforge.org/trac/wiki/installers

     

    Verifying Installation 

    • You can verify the installation of this new tokens "CAC-NG" by checking its existence at the following path. 
    /System/Library/Security/tokend/CACNG.tokend
    • The first letters of the Keychain Name that appear in Keychain Access always reflects what Tokend is publishing that particular the Smart Card.  For example, for this tokens, the name begins with "CACNG-....". 

    Testing Procedures
    • Install CAC-NG Tokend
    • Launch Keychain Access
    • Insert Reader
    • Insert Card
    • The Smart Card "Keychain" should appear in Keychain Access' Keychain List having a name starting with "CACNG-...".  The first characters of the Keychain Name reflect which Tokend has picked up the card for handling.  If the Name begins with "CAC-...", but you have a CAC-NG card then there is an issue with the CAC-NG installation and operation will not work properly.
    • Make sure that ALL objects appear for the Card.  Recently issued CAC-NG cards all appear to have 4 identities (Cert / Key pairs), but that is neither a requirement nor a restriction of the CAC-NG specification.  3 Identities are CAC related and the final identity is PIV related.  Keep in mind that the CAC-NG specification is a dual-applet environment (CAC & PIV).
    •  If they do not, the CAC-NG Tokend is not installed or you are using the even newer 128K Oberthur "ID One 128 v5.5 Dual" Card which is not yet supported.
    • Attempt to manually unlock the Smart Card Keychain.  Select the Smart Card Keychain, Click on the lock icon, enter your PIN and click OK.  The lock icon should now appear "un-locked" to reflect the actual state of the card.  Keep in mind that if you fail to unlock the card three consecutive times, the card will be blocked and you will need to take it to the appropriate Card Management location and have it unblocked.  If things fail using this beta Tokend, take your card to another system known to work with the CAC-NG card and unlock the card - resets the cards counter. 
    • Proceed to test your various usage scenarios across the system.

    Known Issues
    • Oberthur ID One 128 v5.5 cards are not yet supported.

    Reporting Bugs 
    Report any and all anomalies to the SmartCardServices Ticket System.

    Submit New Tickets:

    View existing tickets:

     

    **UPDATE** CAC-NG Tokend (BETA v0.91) for Mac OS X 10.6

    An updated Tokend & Installer have been posted for your testing.

    Tokend Updates

    Updates to the PIN1/PIN2 usage within the Tokend were required due to changes in the AclAuthorizationSet parameters.

    From:

    AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, 0));

     

    To:

     

    AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN,CSSM_ACL_AUTHORIZATION_DECRYPT0), tmptag);

     

    Installer Updates

    The previous installer was digitally signed with an Identity issued from a CA that most do not already have the certificate chain for.  Until further notice, the installers will be posted without a digital signature. Please ensure that the SHA-1 hash of any ZIP file you download indeed matches what is posted.

     


     

    Installer

    This Installer for the CAC Next Generation (a.k.a. CAC-NG) Tokend for Mac OS X 10.6 - Snow Leopard  has been posted which supports the Gemalto TOPDLGX4 144 issued cards.  

    Note: that the Oberthur ID One 128 v5.5 cards are not yet supported.

     http://smartcardservices.macosforge.org/trac/wiki/installers

     

    Verifying Installation 

    • You can verify the installation of this new tokens "CAC-NG" by checking its existence at the following path. 
    /System/Library/Security/tokend/CACNG.tokend
    • The first letters of the Keychain Name that appear in Keychain Access always reflects what Tokend is publishing that particular the Smart Card.  For example, for this tokens, the name begins with "CACNG-....". 

    Testing Procedures
    • Install CAC-NG Tokend
    • Launch Keychain Access
    • Insert Reader
    • Insert Card
    • The Smart Card "Keychain" should appear in Keychain Access' Keychain List having a name starting with "CACNG-...".  The first characters of the Keychain Name reflect which Tokend has picked up the card for handling.  If the Name begins with "CAC-...", but you have a CAC-NG card then there is an issue with the CAC-NG installation and operation will not work properly.
    • Make sure that ALL objects appear for the Card.  Recently issued CAC-NG cards all appear to have 4 identities (Cert / Key pairs), but that is neither a requirement nor a restriction of the CAC-NG specification.  3 Identities are CAC related and the final identity is PIV related.  Keep in mind that the CAC-NG specification is a dual-applet environment (CAC & PIV).
    •  If they do not, the CAC-NG Tokend is not installed or you are using the even newer 128K Oberthur "ID One 128 v5.5 Dual" Card which is not yet supported.
    • Attempt to manually unlock the Smart Card Keychain.  Select the Smart Card Keychain, Click on the lock icon, enter your PIN and click OK.  The lock icon should now appear "un-locked" to reflect the actual state of the card.  Keep in mind that if you fail to unlock the card three consecutive times, the card will be blocked and you will need to take it to the appropriate Card Management location and have it unblocked.  If things fail using this beta Tokend, take your card to another system known to work with the CAC-NG card and unlock the card - resets the cards counter. 
    • Proceed to test your various usage scenarios across the system.

    Known Issues
    • CACNG Tokend will incorrectly pickup a standard CAC as well.  You will then only see one identity (Cert & Private key).  If you only have a CAC for normal use, you might want to consider not installing this beta until an update is available to address this.

    Reporting Bugs 
    Report any and all anomalies to the SmartCardServices Ticket System.

    Submit New Tickets:

    View existing tickets:

    CAC-NG Tokend (BETA v0.9) for Mac OS X 10.6

    The Installer for the CAC Next Generation (a.k.a. CAC-NG) Tokend support for Mac OS X 10.6 - Snow Leopard  has been posted which support the Gemalto TOPDLGX4 144 issued cards.  Note that the Oberthur ID One 128 v5.5 Dual cards are not yet supported.

     

    Installer

     http://smartcardservices.macosforge.org/trac/wiki/installers

     

    Installation 

    • You can verify the installation of this new tokens "CAC-NG" by checking its existence at the following path. 
    /System/Library/Security/tokend/CACNG.tokend

    Testing Procedures
    • Install CAC-NG Tokend
    • Launch Keychain Access
    • Insert Reader
    • Insert Card
    • The Smart Card "Keychain" should appear in Keychain Access' Keychain List having a name starting with "CACNG-...".  The first characters of the Keychain Name reflect which Tokend has picked up the card for handling.  If the Name begins with "CAC-...", but you have a CAC-NG card then there is an issue with the CAC-NG installation and operation will not work properly.
    • Make sure that ALL objects appear for the Card.  Recently issued CAC-NG cards all appear to have 4 identities (Cert / Key pairs), but that is neither a requirement nor a restriction of the CAC-NG specification.  3 Identities are CAC related and the final identity is PIV related.  Keep in mind that the CAC-NG specification is a dual-applet environment (CAC & PIV).
    •  If they do not, the CAC-NG Tokend is not installed or you are using the even newer 128K Oberthur "ID One 128 v5.5 Dual" Card which is not yet supported.
    • Attempt to manually unlock the Smart Card Keychain.  Select the Smart Card Keychain, Click on the lock icon, enter your PIN and click OK.  The lock icon should now appear "un-locked" to reflect the actual state of the card.  Keep in mind that if you fail to unlock the card three consecutive times, the card will be blocked and you will need to take it to the appropriate Card Management location and have it unblocked.  If things fail using this beta Tokend, take your card to another system known to work with the CAC-NG card and unlock the card - resets the cards counter. 
    • Proceed to test your various usage scenarios across the system.


    Reporting Bugs 
    Report any and all anomalies to the SmartCardServices Ticket System.

    Submit New Tickets:

    View existing tickets:


     

    **UPDATED** CAC-NG Tokend Installer Fixed

    The Installer for the CAC Next Generation (a.k.a. CAC-NG) Tokend support for Mac OS X 10.5 "Leopard" was fixed and re-posted.  The previous installers have been replaced with this new version - v0.96.

    Support for Snow Leopard is forth coming, but you can proceed to test with your Mac OS X 10.5.6+ machines with this installation.

    Installer

     http://smartcardservices.macosforge.org/trac/wiki/installers

     

    Installation 

    • You can verify the installation of this new tokens "CAC-NG" by checking its existence at the following path. 
    /System/Library/Security/tokend/CACNG.tokend

     

    BETA Tokend available: CAC-NG (Leopard Mac OS X 10.5.6+)

    SmartCardServices - "CAC-NG" Tokend 

     

    The SmartCardServices Project Team is pleased to provide access to the*BETA*  for CAC Next Generation (a.k.a. CAC-NG) Tokend support for Mac OS X 10.5 "Leopard".   Support for Snow Leopard is forth coming, but you can proceed to test with your Mac OS X 10.5.6+ machines with this installation.


    Background

    CAC-NG Smart Cards

    The following is an excerpt taken directly from the "DoD Implementation Guide for CAC Next Generation (NG), v2.5, November 2006".

     

    The DoD CAC Environment

    The PIV transitional, as defined in SP 800-73, is added to the existing CAC v2 card as an additional data model in conjunction with other evolutions such as the purse and access control. This CAC with PIV is called the CAC Next Generation (NG). The CAC NG is the first and most significant step towards the PIV end point solution.

     

    The PIV solution is implemented on the DoD CAC NG, but is largely separate and distinct from the DoD multi-application CAC. It will evolve at its own pace but in the same environment.

    The purpose and function of the CAC NG is much broader than the focused interoperability function of the PIV. In 1999, Congress directed the Secretary of Defense to implement smart card technology within the DoD with the objective of increasing efficiency, security, and readiness. The result has been the creation of the CAC. The baseline functionality of the CAC is to (1) provide for logical access to computer systems, (2) provide personnel identification, (3) enable physical access to buildings, and (4) PKI for signing, encryption, and non-repudiation. The CAC is the standard identification card for active duty military personnel, Selected Reservists, DoD civilian employees, and eligible contractor personnel.

     

    The CAC NG is a multi-application smart card. It serves as a token for PK identity, email, and encryption certificates. Additionally, it contains a linear barcode, two-dimensional barcode, magnetic stripe, color digital photograph, and printed text.

    Installer

     http://smartcardservices.macosforge.org/trac/wiki/installers

     

    Installation

     

    Smart Card Tokend Installation

     

    • CAC-NG 
    /System/Library/Security/tokend/CACNG.tokend

     


    Source Code Posting

    Source Code corresponding to this tokend beta has not yet been posted, but will be in the near future at:

    /releases
     /Apple
      /OSX-10.5.6
      /OSX-10.6.0

     

    Mac OS 10.6 Source Posted!

    Source Code for the SmartCard Services that shipped in Mac OS X 10.6.0 have been posted!

    Now that Mac OS X 10.6.0 has been released by Apple on August 28, 2009, we were able to post the corresponding source code to our project for immediate access and development.

    64-Bit Development

    Keep in mind that Mac OS X 10.6 "Snow Leopard" requires many of you to shift to full 64-bit development environments depending on what layer of the OS your solution targets.  If you have been leveraging the darwinbuild process, be sure to acquire an updated copy before proceeding with development here.

    Source Code Postings

    Source Code releases have now been posted under a new directory of "/releases".  From this point forward, we will always post new source from Apple under the appropriate Mac OS X release name as in:

    /releases
     /Apple
      /OSX-10.5.6
      /OSX-10.6.0

    All releases coming directly from the work here will be posted under this new directory as well.  SmartCardServices will be posted with their own release sequence name.

    /releases
     /SCS

     

     

     

    New Component: "TokendPKCS11" Posted

    On August 17, 2009, we had a new component added to our project...

    Component: TokendPKCS11 

    Short Description: PKCS-11 Shim on top of Tokend

    This new component allows use of any installed tokend from a PKCS-11 based Application (i.e. Firefox, Thunderbird, etc.).  This P11overTokend approach eliminates the need for users to have multiple SmartCard abstraction layers.  Having more Smart Card Architectures (other than the built-in Tokend) active at the same time can be extremely problematic, since there is no inherent arbitration between them.  Apple's Smart Card Services assumes exclusive ownership of any recognized and supported Smart Card that has been attached to the hardware.  If the Smart Card inserted was not supported by any installed Tokend then there was no conflict with the PKCS-11 based application.

    The intent of this TokendPKCS11 was not to provide a complete PKCS-11 library replacement, but rather to provide a bridging technology for access to smart cards already supported by an installed Tokend.  There is no support for writing back to the cards (i.e. personalization).  Any application or service needing to modify the card contents in any manner other than the PIN, would still need to rely on a separate fully capable PKCS-11 library.  Note that Apple no longer provides a fully capable PKCS-11 library on Mac OS X, that you can use, as of 10.5.0.

    This component has been under development against the Mac OS X 10.5.x source code and is available currently as separate source code <here>.  Now that Mac OS X 10.6 is out (released on August 28, 2009) and the corresponding source code is posted as well, you will find this component has already been integrated into the Tokend Component as of Mac OS X 10.6.0 - no separate component will be maintained going forward.


    Project Launch!

    Welcome

    Welcome to the SmartCardServices project for Mac OS X. This MacOSForge project is intended as a central clearing house for activity and development related to the seamless integration of smart cards, readers, relevant third-party software, and Mac OS X's identity system and credential stores (i.e., keychains).

    The goal of this project is to provide early access to community-driven development of novel capabilities and enhancements. Over time, as these innovations mature, they will be evaluated for inclusion in future releases of Mac OS X.

    The Smart Way to do Smart Cards

    Smart Card Services are the abstraction layer for integrating smart cards into Apple's Common Data Security Architecture (CDSA).  Once a smart card is recognized by these services, it is represented as a dynamic keychain and is made available to all services and applications using Mac OS X's credential environment. Applications use credentials from smart cards just as they have for years with file-based keychains, without needing any knowledge of smart card technology.

    This project will serve as a working environment for experimenting with new and enhanced versions of the various components which make up Smart Card Services. The components initially included in this project are:

    • pcscd (PCSC Daemon)
    • ifd-ccid.bundle  (USB CCID Class Driver)
    • *.Tokend  (Tokend modules for utilizing smart cards)

     

    Come Together, Right Now

    Since its debut in Mac OS X version 10.4, an incredible number of developers, administrators and users have wanted to do more and actively contribute to the success of Smart Card Services -- knowing that the better the integration, the better their experience would be.  Many card, reader, and application partners have been anxious to join this active community and extend the services to capabilities not yet available.

    To that end, the SmartCardServices project provides a central forum, repository, and build environment to enable collaborative development and testing. This will enable our security-conscious developers and customers to take this rich environment to the next level of seamless integration. 

    Start Your Engines

    Now that you are here, we encourage you to engage in this project through:

    - discussions on the various mailing lists

    - source code review

    - code submission (note licensing terms!)

    and of course ingesting the ongoing documentation, tips & tricks, and reference material that will be developed and posted here on a regular basis.

    Visit us weekly -- or better yet, click the RSS subscription link to the right to ensure you do not miss a single tidbit of development, news or activity coming out of this exciting new project.

    Sincerely,

    The SmartCardServices Dev Team

    news feed