Wiki     Blog     Roadmap     Timeline     New Ticket     View Tickets     Project Search
Last modified 10 months ago Last modified on 10/29/15 10:59:50

Installer Releases

The following are the relevant installers for the larger Smart Card Services project as well as smaller specific installers for individual components. These installers can be used on various releases of Mac OS X as noted, but are not supported by Apple's customer support division Apple Care, so please do not call them if you are using anything from this site. If you experience any issues or have questions pertaining to their use, installation or problems, please post that to the relevant Smart Card Services Mailing Lists. If you absolutely must receive Apple Care support, it is highly suggested you do not utilize any of the installers or instructions posted to this project.

These are forward thinking (and sometimes unstable) services and enhancements that are outside the scope of Apple Care. Members of the Smart Card Services Mailing Lists will make every attempt to assist you, but that too is not a replacement for a support contract.


Starting with today's (1 Oct 2015) release of the installer for OS X El Capitan v10.11, we will be signing the Installers and Tokend bundles for integrity assurance. The installer will be recognized and install properly with Gatekeeper set to default or higher and are installed in a new location "/ Library / Security / tokend" to work with System Integrity Protection (SIP) enabled on El Capitan.

Older installers (ie. for v10.10, v10.9, ...) have been re-posted, incremented to v2.1.2, and digitally signed. The installation location remains as they were on those OS releases.

Smart Card Services Releases

Target OS Installer (.zip) SHA-256 Hash (of .zip file)
OS X El Capitan v10.11 Smart Card Services v2.1.2 [OSX 10.11] b32a5381c7465f225f88393d957e66109f11ddfe0c8106956d1ba39d9415558c
OS X Yosemite v10.10 Smart Card Services v2.1.2 [OSX 10.10] 0943f65bfed25ca1bc7f5890ac25e50775f0fe1793f3f1cae1b6659e5647207f
OS X Mavericks v10.9 Smart Card Services v2.1.2 [OSX 10.9] c8f1c42b0fabb67c0fdca24045f70773656742f6252d1add4248249138dd003c
OS X Mountain Lion v10.8 Smart Card Services v2.1.2 [OSX 10.8] 08a23baf5cff5f33100dbc85d6030d0ee9e80e5765f148b3348d8200da9055af
OS X Lion v10.7 Smart Card Services v2.1.2 [OSX 10.7] ccf24e88d2273698f55adb09005b444f616dbcd8a644e3289de5b112d6a93792
OS X Snow Leopard v10.6 Smart Card Services v2.1.2 [OSX 10.6] 4133a0a93bcd9d46371c33ed9089edbb1f997c0cc7607331e9b23b1feac44b7f

These installers provide the Tokend modules which no longer ship directly from Apple as part of OS X beginning with OS X Lion v10.7. Note that these installers will ONLY install onto the corresponding OS X version. The Tokend modules available for installation are: BELPIC, CAC, CACNG, JPKI and PIV which have all been updated to build 50000 and Bundle IDs of org.macosforge.smartcardservices.tokend.<Token Type>. Previous Bundle IDs were still configured as:<Token Type>

New to this release
• JPKI.tokend - Add support for JPKI.
• cacloginconfig.plist - Default configuration file for those using Attribute Matching or PKINIT configurations.
• SystemCACertificates.keychain - Automatically added to the Keychain Search List if not already present.
• Tokend modules and the Installer are now digitally signed with an Apple DeveloperID.
• Security Update SCSSU-201401

Addresses CVE-2013-1867
CVE-2013-1867 -
Full Disclosure -
Bug Traq ID: 58618 -

NOTE to JPKI.token Users
Installers updated to v2.0.1 to include an updated JPKI.tokend due to build configuration errors specific to this Tokend. Previous JPKI.token provided in Installer v2.0 will fail operational testing and use, so please replace immediately. If you experience any failure in replacing the previously installed JPKI.tokend, please execute the following command, requiring admin privileges, to remove the currently installed Tokend and re-run the installer:

# rm -R /System/Library/Security/tokend/JPKI.tokend

Smart Card CCID Releases

• None at this time

Other Tokend Releases

(1) CAC-NG 1.0 shipped in Mac OS X 10.6.7 and is no longer available as a beta (March 21, 2011)

OS Requirement: Mac OS X 10.6.0 - 10.6.6 Snow Leopard

This build supports the Gemalto TOPDLGX4 144 cards, but does not yet support the Oberthur ID One 128 v5.5 Dual card. Subsequent builds will provide support needed for the Oberthur card. If you attempt to access this newer Oberthur card, it will be picked up by the original CAC.tokend and will show no certs/keys within Keychain Access -indicating a lack of support.

(2) CAC-NG (BETA v0.96) Leo (Feb 2, 2010)

OS Requirement: Mac OS X 10.5.6 - 10.5.X (Leopard)
SHA-1 Hash: bfa96cccd380b54fbb81dada44897c5d0ff5fa39

All issues reported with the previous installers (v.90 & v.95) have now been fixed!

The Smart Card Services Project Team is pleased to provide access to the*BETA* for CAC Next Generation (a.k.a. CAC-NG) Tokend support for Mac OS X 10.5 "Leopard". Support for Snow Leopard is forth coming, but you can proceed to test with your Mac OS X 10.5.6+ machines with this installation.

Additional Helpful Tools

(1) (June 28, 2009)

OS Requirement: Mac OS X 10.4
SHA-1 Hash: 231e7c1999ab4fc9cc134b99d4227801eba14e07

This is an Apple Script Tool which allows you to set an Identity Preference for mapping a URI (e.g. URL or Email Address) to one of multiple valid certificates. Beginning with Mac OS X 10.5.0, this capability was built into the Keychain Access utility, so this tool is not necessary if you are running Mac OS X 10.5.0 or higher.