The following are the relevant installers for the larger Smart Card Services project as well as smaller specific installers for individual components. These installers can be used on various releases of Mac OS X as noted, but are not supported by Apple's customer support division Apple Care, so please do not call them if you are using anything from this site. If you experience any issues or have questions pertaining to their use, installation or problems, please post that to the relevant Smart Card Services Mailing Lists. If you absolutely must receive Apple Care support, it is highly suggested you do not utilize any of the installers or instructions posted to this project.
These are forward thinking (and sometimes unstable) services and enhancements that are outside the scope of Apple Care. Members of the Smart Card Services Mailing Lists will make every attempt to assist you, but that too is not a replacement for a support contract.
Smart Card Services Releases v2.0.1
Target OS Installer (.zip) SHA-1 Hash (of .zip file) OS X Mavericks v10.9 Smart Card Services v2.0.1 [OSX 10.9] 3a2af6d30628d141decf228f61608f8bf260b7b3 OS X Mountain Lion v10.8 Smart Card Services v2.0.1 [OSX 10.8] b3c72f0e4b6563c22f82b8f57a620c16ac33868f OS X Lion v10.7 Smart Card Services v2.0.1 [OSX 10.7] 0f7da76dd1b6db369c4b013ff9adce1fdd5f5a43 OS X Snow Leopard v10.6 Smart Card Services v2.0.1 [OSX 10.6] c5af9762661ee201f9d47f516a17b45fa27a4f6d
These installers provide the Tokend modules which no longer ship directly from Apple as part of OS X beginning with OS X Lion v10.7. Note that these installers will ONLY install onto the corresponding OS X version. The Tokend modules available for installation are: BELPIC, CAC, CACNG, JPKI and PIV which have all been updated to build 50000 and Bundle IDs of org.macosforge.smartcardservices.tokend.<Token Type>. Previous Bundle IDs were still configured as: com.apple.tokend.<Token Type>
New to this release
• JPKI.tokend - Add support for JPKI.
• cacloginconfig.plist - Default configuration file for those using Attribute Matching or PKINIT configurations.
• SystemCACertificates.keychain - Automatically added to the Keychain Search List if not already present.
• Tokend modules are not digitally signed to avoid Gatekeeper complications.
• Security Update SCSSU-201401
CVE-2013-1867 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1867
Full Disclosure - http://seclists.org/fulldisclosure/2013/Mar/189
Bug Traq ID: 58618 - http://www.securityfocus.com/bid/58618
NOTE to JPKI.token Users
Installers updated to v2.0.1 to include an updated JPKI.tokend due to build configuration errors specific to this Tokend. Previous JPKI.token provided in Installer v2.0 will fail operational testing and use, so please replace immediately. If you experience any failure in replacing the previously installed JPKI.tokend, please execute the following command, requiring admin privileges, to remove the currently installed Tokend and re-run the installer:
# rm -R /System/Library/Security/tokend/JPKI.tokend
Smart Card CCID Releases
• None at this time
Other Tokend Releases
(1) CAC-NG 1.0 shipped in Mac OS X 10.6.7 and is no longer available as a beta (March 21, 2011)
OS Requirement: Mac OS X 10.6.0 - 10.6.6 Snow Leopard
This build supports the Gemalto TOPDLGX4 144 cards, but does not yet support the Oberthur ID One 128 v5.5 Dual card. Subsequent builds will provide support needed for the Oberthur card. If you attempt to access this newer Oberthur card, it will be picked up by the original CAC.tokend and will show no certs/keys within Keychain Access -indicating a lack of support.
(2) CAC-NG (BETA v0.96) Leo (Feb 2, 2010)
OS Requirement: Mac OS X 10.5.6 - 10.5.X (Leopard)
SHA-1 Hash: bfa96cccd380b54fbb81dada44897c5d0ff5fa39
All issues reported with the previous installers (v.90 & v.95) have now been fixed!
The Smart Card Services Project Team is pleased to provide access to the*BETA* for CAC Next Generation (a.k.a. CAC-NG) Tokend support for Mac OS X 10.5 "Leopard". Support for Snow Leopard is forth coming, but you can proceed to test with your Mac OS X 10.5.6+ machines with this installation.
Additional Helpful Tools
(1) SetIdentityPreference.zip (June 28, 2009)
OS Requirement: Mac OS X 10.4
SHA-1 Hash: 231e7c1999ab4fc9cc134b99d4227801eba14e07
This is an Apple Script Tool which allows you to set an Identity Preference for mapping a URI (e.g. URL or Email Address) to one of multiple valid certificates. Beginning with Mac OS X 10.5.0, this capability was built into the Keychain Access utility, so this tool is not necessary if you are running Mac OS X 10.5.0 or higher.