Using KeyChain items from CryptoTokenKit

errSecInteractionNotAllowed

usually means that the system is trying to present UI and can’t because of the context in which the code is running. Do your crypto operations present UI? For example, biometrics?

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Yes effectively it occurs during operations that rely on private key, typically displaying authentification dialogs.

Succeeds with both TouchID or user password.

I had in mind that CKT plugins can do UI, should TKTokenAuthOperation be the only place where UI occurs ?

Is UI limited to default dialogs (e.g TKTokenPasswordAuthOperation) ?

Regards,

Jerome T

Effectively I tried using LocalAuthentication from a TKTokenAuthOperation and it runs fine.

I can get an authentified context (at least for decrypt and key exchange operations - strangely it fails for signing).

I cannot go further then because LocalAuthentication doesn't seems usable as a pre-authentification for SecKeyCreateSignature or SecKeyCreatedDecryptedData.

Hello Jerome T:
I noticed that you are doing some research about CryptoTokenKit plugin(smart card extension). And you mentioned about " using a generic Token" to implement the extension and " loading the extention by invoking the Keychain from host App". What I want to do is to implement an extention (inheriting form TKToken) with software(maybe based on openssl+p12 ), but I can not find more information or samples about that. I try to remove the "com.apple.ctk.aid" and customize the "com.apple.ctk.token-type", but I don't know how to load the extension by invoking the keychain. Can you give me some help or tell me where can find some samples code?Thank you very much!

Best Regards

Code Block 
cd

I have hit the same problem, apparantly when TokenExtension is trying to read values from Keychain it is failing with CSSMERR_CSP_NO_USER_INTERACTION .

logs -
2021-03-11 23:06:50.865217+0530 0x96754 Activity 0x750db 10567 0 TokenExtension: (Security) SecItemCopyMatching
2021-03-11 23:06:50.865297+0530 0x96754 Activity 0x750dc 10567 0 TokenExtension: (Security) SecItemCopyMatching_ios
2021-03-11 23:06:50.871820+0530 0x96754 Default 0x750db 10567 0 TokenExtension: (Security) [com.apple.securityd:security_exception] CSSM Exception: -2147415840 CSSMERR_CSP_NO_USER_INTERACTION
2021-03-11 23:06:50.871872+0530 0x96754 Default 0x750db 10567 0 TokenExtension: (Security) [com.apple.securityd:security_exception] CSSM Exception: -2147415840 CSSMERR_CSP_NO_USER_INTERACTION
2021-03-11 23:06:50.871908+0530 0x96754 Default 0x750db 10567 0 TokenExtension: (Security) [com.apple.securityd:integrity] caught CssmError: -2147415840 CSSMERR_CSP_NO_USER_INTERACTION
2021-03-11 23:06:50.872014+0530 0x96754 Default 0x750db 10567 0 TokenExtension: (Security) [com.apple.securityd:integrity] error while checking integrity, denying access: CSSM Exception: -2147415840 CSSMERR_CSP_NO_USER_INTERACTION

Can you help me here?

Hi Eskimo, Can you please help me with the issue I am facing with CryptoTokenKit? I have also raised TSI case but no reply as of now.

Regards,
Anshuman

I have also raised TSI case but no reply as of now.

Cool. That will have been routed to my colleague who supports CryptoTokenKit. I expect he’ll be in touch soon. If you don’t hear back within three business days — which is our expected response time per the DTS page on the developer web site — feel free to drop me a line via email (my address is in my signature).

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"