I am working on an iOS application that deals with scanning SmartCards at entry points to see who is entering a facility. We are currently using proprietary smartcard readers from a company and their SDK to directly access the reader and issue APDU commands to get the smartcard information, such as certificate, expiration date, etc. The plan is to be able to have a person insert a smartcard, the system recognize it, validate the expiration date and cert chain, record who it is and then tell the user to pull the card and move on. This process needs to be fast. PIN entries are not required.
We are trying to move away from the 3rd party SDK and proprietary card reader to be able to use any CCID compliant reader and CryptoTokenKit from Apple. Information on this seems to be very limited from what searching.
I've started with some simple code (not complete):
var card : TKSmartCard? = nil
let card = slot?.makeSmartCard()
if (card != nil && card?.isValid != nil)
{
card?.beginSession(reply: { something, error in
let nistEndpoint : [UInt8] = [0x00, 0xA4, 0x04, 0x00, 0x0B, 0xA0, 0x00, 0x00, 0x03, 0x08, 0x00, 0x00, 0x10, 0x00, 0x01, 0x00, 0x00]
let nistRequest = Data.init(bytes: nistEndpoint)
card?.transmit(nistRequest, reply: { data, error in
if error == nil {
// Do stuff
}else {
// log the error
}
})
}
When I run this on an iPad with a USB connected card reader, I am seeing the card reader, getting its name, seeing that a card is in the reader and the 'card?.isValid' is coming back. The card?.transmit is throwing an error however and returns TKError.Code.tokenNotFound (-7).
Questions:
- I see that the CryptoTokenKit API requires the entitlement of com.apple.security.smartcard, but no where during the creation of a provisioning profile process in my dev account give me the option to add that specific entitlement. Is this something that has be specially assigned by Apple?
- Is what I'm trying to accomplish possible using CryptoTokenKit on an iOS device?
- Does anyone know of any tutorials or examples of this?
Thank you in advance.