Access security tokens and the cryptographic assets they store.


You use the CryptoTokenKit framework to easily access cryptographic tokens. Tokens are physical devices that can be built in to the system, located on attached hardware (like a smart card), or accessible through a network connection. Tokens store cryptographic objects like keys and certificates. They also may perform operations—for example, encryption or digital signature verification—using these objects. You use the framework to work with a token’s assets as if they were part of your system, even though they remain secured by the token.

You can also use the framework to enable a token for two-factor authentication in macOS. Authentication services manage associations between users and identities stored on a token, granting users access when the appropriate token is present and unlocked. You supply a token driver in the form of an app extension that bridges the gap between authentication services and the underlying token hardware.


First Steps

Using Cryptographic Assets Stored on a Smart Card

Access certificates, keys, and identities stored on a smart card as if they were part of the keychain.

class TKTokenWatcher

An object that tracks the tokens available in the system.

Two-Factor Authentication

Authenticating Users with a Cryptographic Token

Grant access to user accounts and the keychain by creating a token driver app extension.

class TKTokenDriver

The abstract base class for building token drivers.

class TKToken

A representation of a hardware-based cryptographic token.

class TKTokenSession

A token session that manages the authentication state of a token.

Smart Card App Extensions

Configuring Smart Card Authentication

Set preferences for smart card authentication operations, including those on managed devices.

class TKSmartCardTokenDriver

The driver that acts as an entry point for smart card app extensions.

class TKSmartCardToken

A representation of a smart card based cryptographic token.

class TKSmartCardTokenSession

A token session that is based on a smart card token.

Smart Cards

class TKSmartCard

A representation of a smart card.

class TKSmartCardSlot

A single smart card reader slot in the system.

class TKSmartCardSlotManager

An interface to all available smart card reader slots.


struct TKError

An error specific to the CryptoTokenKit framework.

let TKErrorDomain: String

The domain for all CryptoTokenKit framework errors.