Framework

CryptoTokenKit

Access security tokens and the cryptographic assets they store.

Overview

You use the CryptoTokenKit framework to easily access cryptographic tokens. Tokens are physical devices that can be built in to the system, located on attached hardware (like a smart card), or accessible through a network connection. Tokens store cryptographic objects like keys and certificates. They also may perform operations—for example, encryption or digital signature verification—using these objects. You use the framework to work with a token’s assets as if they were part of your system, even though they remain secured by the token.

You can also use the framework to enable a token for two-factor authentication in macOS. Authentication services manage associations between users and identities stored on a token, granting users access when the appropriate token is present and unlocked. You supply a token driver in the form of an app extension that bridges the gap between authentication services and the underlying token hardware.

Topics

First Steps

Using Cryptographic Assets Stored on a Smart Card

Access certificates, keys, and identities stored on a smart card as if they were part of the keychain.

TKTokenWatcher

An object that tracks the tokens available in the system.

Two-Factor Authentication

Authenticating Users with a Cryptographic Token

Grant access to user accounts and the keychain by creating a token driver app extension.

TKTokenDriver

The abstract base class for building token drivers.

TKToken

A representation of a hardware-based cryptographic token.

TKTokenSession

A token session that manages the authentication state of a token.

Smart Card App Extensions

Configuring Smart Card Authentication

Set preferences for smart card authentication operations, including those on managed devices.

Managing User-to-Smart Card Bindings

Query and modify associations between users and tokens.

TKSmartCardTokenDriver

The driver that acts as an entry point for smart card app extensions.

TKSmartCardToken

A representation of a smart card based cryptographic token.

TKSmartCardTokenSession

A token session that is based on a smart card token.

Smart Cards

TKSmartCard

A representation of a smart card.

TKSmartCardSlot

A single smart card reader slot in the system.

TKSmartCardSlotManager

An interface to all available smart card reader slots.

Errors

TKErrorDomain

The domain for all CryptoTokenKit framework errors.

TKErrorCode

Error codes that may be returned when calling CryptoTokenKit methods.