GithubHelp home page GithubHelp logo

frankmorgner / opensctoken Goto Github PK

View Code? Open in Web Editor NEW
76.0 10.0 14.0 85 KB

Use OpenSC in macOS CryptoTokenKit.

License: GNU General Public License v3.0

Objective-C 87.56% Shell 12.44%
smartcard opensc macos security

opensctoken's Introduction

OpenSCToken: Use OpenSC in CryptoTokenKit

CryptoTokenKit is Apple's take on programmatic access to smart cards and other tokens. It provides both low level access to tokens (comparable with PC/SC) and high level access for system wide integration of a token (comparable with Windows Smart Card Minidriver).

For further information about smart cards in macOS please read the following ressources:

OpenSCToken aims at providing the existing functionality of OpenSC through CryptoTokenKit.

Quickstart

  1. Download the latest release of OpenSCToken
  2. Open the image (.dmg file) and drag OpenSCTokenApp to your Applications
  3. Launching OpenSCTokenApp shows an empty application and registers the token driver.

Now your're ready to use the smart card even if the application is not running (as long as your card is supported by OpenSC).

Useful Commands

  • Show location of the registered OpenSCToken
pluginkit -v -m -D -i org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken
  • List available smart cards and paired/unpaired identities:
sc_auth identities
  • Pair a smart card with your account:
sc_auth pair ${HASH}
  • Remove paired smart card from your account:
sc_auth unpair ${HASH}
  • Disable dialog for pairing a smart card with the current account:
sc_auth pairing_ui -s disable
  • Disable macOS' built-in token driver for the PIV card (Yubikey) to use use OpenSC instead:
sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array com.apple.CryptoTokenKit.pivtoken
  • Enable macOS' built-in token driver for the PIV card (Yubikey):
sudo defaults delete /Library/Preferences/com.apple.security.smartcard DisabledTokens
  • Unregister OpenSCToken
pluginkit -r -i org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken

Comparison with OpenSC.tokend

  • OpenSCToken supports multiple certificates, keys and PINs
  • OpenSCToken has propper support for PIN pad on reader or token
  • OpenSCToken offers easy login with smart card and automatically unlocks the login keychain
  • Tokens are not visible in Keychain Access anymore (use sc_auth/security from command line instead)

Building OpenSCToken

Requirements:

  • Xcode 8.0 or later; macOS 10.12 SDK or later
  • help2man, gengetopt
  • Code signing credentials
# Install dependencies
brew install help2man
brew install gengetopt
brew install automake 

# Checkout OpenSCToken
git clone http://github.com/frankmorgner/OpenSCToken.git

# Checkout and build all dependencies (i.e. OpenSSL, OpenPACE and OpenSC)
cd OpenSCToken
./bootstrap

# Now build OpenSCTokenApp
xcodebuild -target OpenSCTokenApp -configuration Release -project OpenSCTokenApp.xcodeproj install DSTROOT=${PWD}/build

Once all dependencies are built, the project can be executed and debugged from Xcode. Running the application, adds OpenSCToken to the system's plug-in registry. After insterting a token, attach to the process OpenSCToken for debugging with Xcode.

Running OpenSCToken

OpenSCToken requires macOS 10.12 or later. For registering the token driver, you have two options:

  1. Run OpenSCTokenApp or execute pluginkit -a /Applications/Utilities/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex: Registers OpenSC in the PlugInKit subsystem for the current user. Your token will be available after login. Note that database clean-ups may eventually remove the plug-in.

  2. Run OpenSCTokenApp as SecurityAgent sudo -u _securityagent /Applications/Utilities/OpenSCTokenApp.app/Contents/MacOS/OpenSCTokenApp or execute sudo -u _securityagent pluginkit -a /Applications/Utilities/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex: Registers OpenSC globally. Your token will always be available.

Configuring OpenSCToken

OpenSCToken supports all configuration options from OpenSC. However, you need to make sure that files to be read or written are available from the token driver's sandbox.

For example, opensc.conf, which is read by OpenSC, is available in /Applications/Utilities/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources. When using configuration options that need to write a file (e.g. debug_file or file_cache_dir), you need to make sure this is done in the token driver's Documents directory (e.g. something like ~/Library/Containers/org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken/Data/Documents). For your convenience, these locations are written to the system log when OpenSCToken is started with a smart card. Use the following commands to view the log:

sudo log config --mode "private_data:on"
log stream --predicate 'senderImagePath contains[cd] "OpenSCToken"'

On macOS Catalina and later, the mode "private_data:on" is not available anymore and instead you to create and import a logging profile.

Test Results

Tested applications:

  • Login to macOS
  • Unlock screen saver
  • Unlock login keychain
  • Safari, Chrome, Firefox (TLS client authentication)
  • Unlock sudo

Tested Mechanisms:

  • kSecKeyAlgorithmRSASignatureRaw
  • kSecKeyAlgorithmRSAEncryptionRaw
  • kSecKeyAlgorithmECDSASignatureRFC4754
  • kSecKeyAlgorithmECDSASignatureDigestX962
  • kSecKeyAlgorithmECDSASignatureDigestX962SHA1
  • kSecKeyAlgorithmECDSASignatureDigestX962SHA224
  • kSecKeyAlgorithmECDSASignatureDigestX962SHA256
  • kSecKeyAlgorithmECDSASignatureDigestX962SHA384
  • kSecKeyAlgorithmECDSASignatureDigestX962SHA512

The unchecked mechanisms are implemented, but currently untested.

Copyright (C) 2017-2019 Frank Morgner [email protected]

opensctoken's People

Contributors

bottee avatar elmostafaidrassi avatar frankmorgner avatar hid-jcdhellemmes avatar jakuje avatar michaelweiser avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

ludovicrousseau rangow mouse07410 bottee hid-jcdhellemmes elmostafaidrassi twilb blockchainidentityvault ginmaster jakuje pinkdiamond1 5l1v3r1 sigmaris hiroaki-inomata

opensctoken's Issues

Issues compiling on ARM Macs

When trying to compile for release on an ARM mac, issues get thrown about architectures, as the xcode compiler tries to link ARM libraries to x86 binaries.

Ld /Users/anze/d/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/Binary/opensc-pkcs11.dylib normal x86_64 (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/anze/d/OpenSCToken
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -target x86_64-apple-macos10.13 -dynamiclib -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.1.sdk -L/Users/anze/d/OpenSCToken/build/EagerLinkingTBDs -L/Users/anze/d/OpenSCToken/build/Release -F/Users/anze/d/OpenSCToken/build/EagerLinkingTBDs -F/Users/anze/d/OpenSCToken/build/Release -filelist /Users/anze/d/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/opensc-pkcs11.dylib.LinkFileList -Xlinker -object_path_lto -Xlinker /Users/anze/d/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/opensc-pkcs11.dylib_lto.o /Users/anze/d/OpenSCToken/OpenSC/src/libopensc/.libs/libopensc.a /Users/anze/d/OpenSCToken/build/openpace/lib/libeac.a /Users/anze/d/OpenSCToken/build/openssl/lib/libcrypto.a -framework CryptoTokenKit -framework Cocoa -lz -Xlinker -no_adhoc_codesign -Xlinker -dependency_info -Xlinker /Users/anze/d/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/opensc-pkcs11.dylib_dependency_info.dat -o /Users/anze/d/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/Binary/opensc-pkcs11.dylib
ld: warning: ignoring file /Users/anze/d/OpenSCToken/OpenSC/src/libopensc/.libs/libopensc.a, building for macOS-x86_64 but attempting to link with file built for macOS-arm64
ld: warning: ignoring file /Users/anze/d/OpenSCToken/build/openpace/lib/libeac.a, building for macOS-x86_64 but attempting to link with file built for macOS-arm64
ld: warning: ignoring file /Users/anze/d/OpenSCToken/build/openssl/lib/libcrypto.a, building for macOS-x86_64 but attempting to link with file built for macOS-arm6

Problem with command sudo -u _serviceagent ...

Hi,I would like to use a smartcard always be available and that's why I used your command, and this is the output

airuzivilvester:~ User$ sudo -u _securityagent /Applications/Utilities/OpenSCTokenApp.app/Contents/MacOS/OpenSCTokenApp
Enter PIN for 'Certificate for PIV Authentication (User)':
2021-02-01 14:04:28.546 OpenSCTokenApp[1112:17536] NSXPCSharedListener should but cannot work around rdar://problem/35553241

airuzivilvester:~ User$ sudo -u _securityagent pluginkit -a /Applications/Utilities/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex
Password:
add: Connection interrupted

OpenSC v21
macOS Big Sur 11.1

Run OpenSCTokenApp as SecurityAgent sudo -u _securityagent /Applications/Utilities/OpenSCTokenApp.app/Contents/MacOS/OpenSCTokenApp or execute sudo -u _securityagent pluginkit -a /Applications/Utilities/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex: Registers OpenSC globally. Your token will always be available.

Thnx

Mojave: Fails to compile "--tag" error"

MacOS Mojave 10.14.6, Xcode-11.1. Current master of everything.

Same symptoms as in #7:

. . . . .
  CC       libopensc_la-aux-data.lo
  OBJC     libopensc_la-reader-cryptotokenkit.lo
libtool: compile: unable to infer tagged configuration
libtool:   error: specify a tag with '--tag'
make[3]: *** [libopensc_la-reader-cryptotokenkit.lo] Error 1

Possibly a pilot error - but I don't know what could cause it, or where to look.
Would appreciate help!

Query(Not an issue): OpenSCToken on Mac OS

On installing the same I can see the PIV tokens listed in command line using "security list-smartcards". The PIV token is read by both OpenSCToken and Apple built in PIV driver.

I am trying to write an application to access the certificates and key handle using the token ID which is possible using the KeyChain API SecItemCopyMatching. But it fails with error during signing operation with error errSecInvalidItemRef(-25304).
Any suggestions as to how to access the certificates and identities using token ID?

0.20.0-rc4: sc_pkcs15_compute_signature not called from OpenSCToken

@frankmorgner Thank you for uploading the dmg file for OpenSC-0.20.0-rc4! With the new release candidate I encounter a strange behaviour:

signData (which itself calls sc_pkcs15_compute_signature) from TokenSessions.m is not called, when I try to log in into a webpage via certificate.

On the same machine downgrading from OpenSC-0.20.0-rc4 to OpenSC-0.20.0-rc3 gives me the expected log output (but fails to sign the request due to another issue with TCOS, which was fixed in OpenSC-0.20.0-rc4).

Here is some logs. First OpenSC-0.20.0-rc3:

P:2170; T:0x123145461694464 17:03:39.894 [cryptotokenkit] pkcs15-pubkey.c:1339:sc_pkcs15_pubkey_from_spki_fields: sc_pkcs15_pubkey_from_spki_fields() called: 0x7f9d06802752:291
300D06092A864886F70D010101050003 820110003082010B02820101009B42E5 475FDAF6F71D5FF09D33DDEA33B03F13
B76A039612852BBFC34C3830D070B826 3BF90B17308ADB5A801ABA3F7A50D6C9 19F8D88B7D67069B71D330F31DB80EDB
FDA29616CE56CB4DF64301C3A6990E45 8BE81D6A96BB2FE4CCD0482E06265135 627EC349CCC25183967A45ADE8836269
0F5604F35EC62AC4C957410E4714950D 22C1D01B83BE43C2D828009C1DB1101E 01E7D0515DE7C40684C04977A04C9388
B8DFB4D499E65592105EF887B125E4FA 5CD0462AFA4A997229B700AB3F72E1F8 7B82257657FABA97EE7BB2A278F447CE
05B6EC1190F1C2450B0A24D93D64F45E E7D95FE027C2A7ED9670481AD020BE5C 4038BD326247707A66BB72262D020440
000081
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-algo.c:487:sc_asn1_decode_algorithm_id: called
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-algo.c:495:sc_asn1_decode_algorithm_id: decoded OID '1.2.840.113549.1.1.1'
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-algo.c:512:sc_asn1_decode_algorithm_id: returning with: 0 (Success)
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-pubkey.c:1376:sc_pkcs15_pubkey_from_spki_fields: DEE pk_alg.algorithm=0
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-pubkey.c:590:sc_pkcs15_decode_pubkey_rsa: called
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-pubkey.c:601:sc_pkcs15_decode_pubkey_rsa: returning with: 0 (Success)
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-pubkey.c:1423:sc_pkcs15_pubkey_from_spki_fields: returning with: 0 (Success)
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-algo.c:487:sc_asn1_decode_algorithm_id: called
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-algo.c:495:sc_asn1_decode_algorithm_id: decoded OID '1.2.840.113549.1.1.11'
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-algo.c:512:sc_asn1_decode_algorithm_id: returning with: 0 (Success)
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-cert.c:399:sc_pkcs15_read_certificate: returning with: 0 (Success)
P:2170; T:0x123145461694464 17:03:48.489 [cryptotokenkit] pkcs15-sec.c:565:sc_pkcs15_compute_signature: called
P:2170; T:0x123145461694464 17:03:48.489 [cryptotokenkit] pkcs15-sec.c:613:sc_pkcs15_compute_signature: supported algorithm flags 0x103, private key usage 0x7
...

Here from OpenSC-0.20.0-rc4, where is just hangs:

P:2606; T:0x123145499041792 13:18:23.106 [cryptotokenkit] pkcs15-pubkey.c:1343:sc_pkcs15_pubkey_from_spki_fields: sc_pkcs15_pubkey_from_spki_fields() called: 0x7f82f2802d52:291
300D06092A864886F70D010101050003 820110003082010B02820101009B42E5 475FDAF6F71D5FF09D33DDEA33B03F13
B76A039612852BBFC34C3830D070B826 3BF90B17308ADB5A801ABA3F7A50D6C9 19F8D88B7D67069B71D330F31DB80EDB
FDA29616CE56CB4DF64301C3A6990E45 8BE81D6A96BB2FE4CCD0482E06265135 627EC349CCC25183967A45ADE8836269
0F5604F35EC62AC4C957410E4714950D 22C1D01B83BE43C2D828009C1DB1101E 01E7D0515DE7C40684C04977A04C9388
B8DFB4D499E65592105EF887B125E4FA 5CD0462AFA4A997229B700AB3F72E1F8 7B82257657FABA97EE7BB2A278F447CE
05B6EC1190F1C2450B0A24D93D64F45E E7D95FE027C2A7ED9670481AD020BE5C 4038BD326247707A66BB72262D020440
000081
P:2606; T:0x123145499041792 13:18:23.106 [cryptotokenkit] pkcs15-algo.c:487:sc_asn1_decode_algorithm_id: called
P:2606; T:0x123145499041792 13:18:23.106 [cryptotokenkit] pkcs15-algo.c:495:sc_asn1_decode_algorithm_id: decoded OID '1.2.840.113549.1.1.1'
P:2606; T:0x123145499041792 13:18:23.106 [cryptotokenkit] pkcs15-algo.c:512:sc_asn1_decode_algorithm_id: returning with: 0 (Success)
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-pubkey.c:1380:sc_pkcs15_pubkey_from_spki_fields: DEE pk_alg.algorithm=0
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-pubkey.c:594:sc_pkcs15_decode_pubkey_rsa: called
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-pubkey.c:605:sc_pkcs15_decode_pubkey_rsa: returning with: 0 (Success)
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-pubkey.c:1427:sc_pkcs15_pubkey_from_spki_fields: returning with: 0 (Success)
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-algo.c:487:sc_asn1_decode_algorithm_id: called
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-algo.c:495:sc_asn1_decode_algorithm_id: decoded OID '1.2.840.113549.1.1.11'
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-algo.c:512:sc_asn1_decode_algorithm_id: returning with: 0 (Success)
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-cert.c:399:sc_pkcs15_read_certificate: returning with: 0 (Success)

The strange thing is, even building OpenSC-0.20.0-rc3 on my local machine and trying different commits from OpenSCToken yield to the same result. Have there been any updates to the build environment? How does signData get called?

Thank you for your help!

Cannot disable builtin tokens

As documented in https://support.apple.com/de-de/guide/deployment-reference-macos/apd2969ad2d7/web, we have the following command in README.md to disable the builtin CTK token for PIV:

sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array com.apple.CryptoTokenKit.pivtoken

However, this doesn't seem to work anymore (Big Sur, 11.5.2). /System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/pivtoken.appex/Contents/MacOS/pivtoken is loaded anyway when inserting an Yubikey...

TKAuthenticationHintsProvider error -11

Hallo,
I have a Nitrokey Pro 2 with cacert keys and certificate:

pkcs15-init --delete-objects privkey,pubkey --id 3 --store-private-key myprivate.p12 --format pkcs12 --auth-id 3 --verify-pin
openssl pkcs12 -in myprivate.p12 -nocerts -out mykey.pem
pkcs15-init --delete-objects privkey,pubkey --id 2 --store-private-key mykey.pem --auth-id 3 --verify-pin --id 2

sc_auth identities returns Unpaired identities: 49A94D744FC40BEB79A5438838990C1738B4742D Cardholder certificate (CAcert WoT User)
When I pair the identity sudo sc_auth pair -h 49A94D744FC40BEB79A5438838990C1738B4742D, I get following error:

Cannot pair user (public key hash: 49A94D744FC40BEB79A5438838990C1738B4742D). The operation couldn’t be completed. (TKAuthenticationHintsProvider error -11 - Initialisierungsfehler des SmartCard-Algorithmus.)

What am I doing wrong?

Private keys and smart card stuck in security after token removed

I'm having an unusual issue where after a token is removed or even OpenSC uninstalled and machine restarted the security command still lists private keys for a removed token and it still shows up as a smart card in list-smartcards. Any idea what could be causing this or how to solve?

IDPrime 840 card from latest OpenSC nightly won't request PIN for TLS authentication in Safari

IDPrime 840 for v3 was just added in the latest OpenSC Nightly. I've verified that the OpenSC library works by using it to sign files with the certificate that's on the card. The OpenSC pkcs11 module works fine with Firefox.

When I try to use it for TLS authentication in Safari the certificate on the card is presented for selection. I select it three times but PIN prompt never appears. It doesn't appear that this locks the card as the pin-try limit is set to 3 and I can login using pkcs11-tool --login --test without unblocking it beforehand.

I've tested on x86 mac running macOS 10.15.7 and on an M1 running macOS 11.1 - same result on both.

OpenScToken to support network based token

Hi team,

We have a requirement where-in we have HSM boxes which are globally apart from mac-signing machines. Our current client has modified tokend module to support signing by fetching tokens over the network .
Can you help me with configuring OpenSCToken to support the same?
Any clues/code fragment and pointers is will be highly appreciated.

Some cards aren't recognized..

If a card is recognized using the OpenSC tokend, should it also be readable using this CTK plugin? Do I need to be looking to add specific card information in order to have it readable?

MacOS: OpenSCToken fails to build from inside OpenSC directory

MacOS Mojave 1014.6, Xcode-11.3.1, everything fresh.

When OpenSCToken is being built by OpenSC as a part of the OpenSC "main" build, the process fails. First, there's a conflict between the pre-installed OpenSSL (via Brew, Macports, or manually) and the Xcode project that expects to find OpenSSL headers and libraries in a certain place (as opposed to following what pkg-config returned). Described in #25.

Then, the build fails for me with this:

. . . . .
openpace 1.1.0 has been configured with following options:

Libraries:               //lib
CVC directory:           /Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources
X.509 directory:         /Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources

Host:                    x86_64-apple-darwin18.7.0
Compiler:                clang
Preprocessor flags:      
Compiler flags:           -isysroot /Applications/Xcode-9.4.1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk -arch x86_64
Linker flags:            
Libraries:               
CRYPTO_CFLAGS:           -I/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openssl//include
CRYPTO_LIBS:             -L/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openssl//lib -lcrypto

HELP2MAN:                /opt/local/bin/help2man
GENGETOPT:               /opt/local/bin/gengetopt

Install patched OpenSSL: no
GIT:                     
OPENSSL_CONFIGURE_FLAGS: 

SWIG:                    
Python Bindings:         no
PYTHON:                  
Java Bindings:           no
JAVA_CFLAGS:             
JAVACFLAGS:              
Ruby Bindings:           no
RUBY:                    
Go Bindings:             no
gccgo:                   
GCCGOFLAGS:              
SWIGGOPARAMS:            

+ make DESTDIR=/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openpace install
Making install in src
/Applications/Xcode.app/Contents/Developer/usr/bin/make  install-recursive
Making install in docs
Making install in _static
make[5]: Nothing to be done for `install-exec-am'.
make[5]: Nothing to be done for `install-data-am'.
make[5]: Nothing to be done for `install-exec-am'.
make[5]: Nothing to be done for `install-data-am'.
Making install in certs
make[4]: Nothing to be done for `install-exec-am'.
/opt/local/bin/gmkdir -p "/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openpace/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources"
for cert in ff3d20d2; do /opt/local/bin/ginstall -c -m 644 ./${cert} "/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openpace/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources"; done
/opt/local/bin/gmkdir -p "/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openpace/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources"
for cert in DECVCAeID00102 DECVCAEPASS00102 DECVCAeSign00102;   do /opt/local/bin/ginstall -c -m 644 ./${cert} "/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openpace/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources";  done
  CC       cvc_print-cvc-print.o
  CC       cvc_print-cvc-print-cmdline.o
  CCLD     cvc-print
  CC       cvc_create-cvc-create.o
  CC       cvc_create-cvc-create-cmdline.o
  CCLD     cvc-create
make -C . cvc-create
make[4]: `cvc-create' is up to date.
/opt/local/bin/help2man \
		--output=cvc-create.1 \
		--no-info \
		--source='OpenPACE 1.1.0' \
		./cvc-create
sh: line 1: 29593 Abort trap: 6           ./cvc-create --help 2> /dev/null
help2man: can't get `--help' info from ./cvc-create
Try `--no-discard-stderr' if option outputs to stderr
make[3]: *** [cvc-create.1] Error 134
make[2]: *** [install-recursive] Error 1
make[1]: *** [install] Error 2
make: *** [install-recursive] Error 1

Interestingly, this only happens when I enable OpenSCToken build as a part of the OpenSC build, and it clones OpenSCToken into the OpenSC directory. If I clone OpenSCToken to a location where it cannot find an existing OpenSC source and is forced to clone it afresh (doesn't matter whether it clones OpenSC/OpenSC.git or my fork mouse07410/OpenSC.git), the build succeeds and produces a usable OpenSCToken.

How to reset a smart card in CTK?

I have verified a PIN in a smart card and I'd like to delete this internal state of the card. Unfortunately, the card doesn't support this with a dedicated command, which is why I'd like to reset the card (cold/warm reset as described in PC/SC, for example).
The CryptoTokenKit documentation doesn't seem to have an API for that.

Does anyone have an idea how to implement this?

Note, that if the smart card is not reset and does not support logout, then the card is permanently in an authenticated state so that related keys can be misused by any other CTK session or even via the PC/SC interface.

Please respect SC_PKCS15_PRKEY_USAGE_ENCRYPT in OpenSCToken

Currently the certificate from my smartcard report under Public Key Info -> Key Usage: Verify, Wrap, Derive, but I need it to be Encrypt, Verify, Wrap, Derive.

OpenSCToken/OpenSCToken/Token.m

Line 148 in 84e0052

struct sc_pkcs15_prkey_info *prkey_info = (struct sc_pkcs15_prkey_info *) prkey_obj->data;

prkey_info->usage is 0x07, which is according to: https://github.com/OpenSC/OpenSC/blob/ee78b0b80514460936c585c3ff5fc477338ae371/src/libopensc/pkcs15.h#L325-L327

SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_SIGN

I don't know, if this is even the right place to look. A private key cannot be used for encryption.

I briefly checked the docs and there is a variable called kSecAttrCanEncrypt used for Key Usage, but I was not able to apply it somewhere.

Enable logging on Big Sur

I've previously enabled logging by editing the opensc.conf file in [1], and pointing debug_file to a location under my user profile.

I cant seem to see any logging occurring now though. Has anything changed recently? How do I enable logging?

Thanks.

[1] /Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources/opensc.conf

MacOS High Sierra: fails to compile

Xcode-9.4.1

$ ./build-package 
++ pkg-config libcrypto --atleast-version=1.0.1
++ test -e /Users/ur20980/src/OpenSCToken/build/openpace///lib/pkgconfig
+++ env PKG_CONFIG_PATH=/Users/ur20980/src/OpenSCToken/build/openssl///lib/pkgconfig:/Users/ur20980/src/OpenSCToken/build/openpace///lib/pkgconfig PKG_CONFIG_SYSROOT_DIR=/Users/ur20980/src/OpenSCToken/build/openpace pkg-config --static --cflags libeac
++ export 'OPENPACE_CFLAGS=-I/Users/ur20980/src/OpenSCToken/build/openpace//include -I/Users/ur20980/src/OpenSCToken/build/openpace/opt/local/include -I/opt/local/include -maes -mpclmul -mrdrnd -mrdseed -msse2 -mssse3 -msse4.1 -msse4.2 -Os -Ofast -std=gnu11'
++ OPENPACE_CFLAGS='-I/Users/ur20980/src/OpenSCToken/build/openpace//include -I/Users/ur20980/src/OpenSCToken/build/openpace/opt/local/include -I/opt/local/include -maes -mpclmul -mrdrnd -mrdseed -msse2 -mssse3 -msse4.1 -msse4.2 -Os -Ofast -std=gnu11'
+++ env PKG_CONFIG_PATH=/Users/ur20980/src/OpenSCToken/build/openssl///lib/pkgconfig:/Users/ur20980/src/OpenSCToken/build/openpace///lib/pkgconfig PKG_CONFIG_SYSROOT_DIR=/Users/ur20980/src/OpenSCToken/build/openpace pkg-config --static --libs libeac
++ export 'OPENPACE_LIBS=-L/Users/ur20980/src/OpenSCToken/build/openpace//lib -L/Users/ur20980/src/OpenSCToken/build/openpace/opt/local/lib -leac -lcrypto -lz -L/opt/local/lib -lssl -lcrypto'
++ OPENPACE_LIBS='-L/Users/ur20980/src/OpenSCToken/build/openpace//lib -L/Users/ur20980/src/OpenSCToken/build/openpace/opt/local/lib -leac -lcrypto -lz -L/opt/local/lib -lssl -lcrypto'
++ test -e OpenSC
++ cd OpenSC
++ test -e Makefile
++ make
/Applications/Xcode-941.app/Contents/Developer/usr/bin/make  all-recursive
Making all in etc
Making all in src
Making all in common
make[3]: Nothing to be done for `all'.
Making all in scconf
make[3]: Nothing to be done for `all'.
Making all in ui
make[3]: Nothing to be done for `all'.
Making all in pkcs15init
make[3]: Nothing to be done for `all'.
Making all in sm
make[3]: Nothing to be done for `all'.
Making all in libopensc
  OBJC     libopensc_la-reader-cryptotokenkit.lo
libtool: compile: unable to infer tagged configuration
libtool:   error: specify a tag with '--tag'
make[3]: *** [libopensc_la-reader-cryptotokenkit.lo] Error 1
make[2]: *** [all-recursive] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

Install failed

Tried to follow the instructions, the step

==========

xcodebuild -target OpenSCTokenApp -configuration Release -project OpenSCToken/OpenSCTokenApp.xcodeproj install DSTROOT=${PWD}/target

==========

led to

==========

clang: error: no such file or directory: '/Users/johan/projecten/smartcard/opensc/OpenSC/OpenSCToken/../openssl_bin/Library/OpenSC/lib/libcrypto.a'

** INSTALL FAILED **

==========

Seems the first step

==========

./configure --disable-pcsc --enable-cryptotokenkit
--disable-openssl --disable-readline --disable-zlib --prefix=/Library/OpenSC

==========

prevents the third step to compile..

Syntax error in bootstrap script?

In order to make the bootstrap script work, I had to fix 2 lines that were missing "test" or square brackets.
Here is the diff:

10c10
< if [ -z "$OPENSSL_CFLAGS" -a -z "$OPENSSL_LIBS" ] ; then
---
> if -z "$OPENSSL_CFLAGS" -a -z "$OPENSSL_LIBS"; then
28c28
< if [ -z "$OPENPACE_CFLAGS" -a -z "$OPENPACE_LIBS" ] ; then
---
> if -z "$OPENPACE_CFLAGS" -a -z "$OPENPACE_LIBS"; then

Relevance of _this_ repository compared to OpenSC

Hi,

looking around makes the impression that the functionality of this repository (i.e. CryptoKit support) is present anyways also in OpenSC itself, at least since version 20. Is this correct and this repository is therefore kind of obsolete?
There are still commits tho… Anyways I would love to have an indication on the README.md because other people might wonder as well?

Thank a lot!

Login with AD

I'm having real trouble getting smart card login to work on Mojave. I've installed and registered your CTK extension. "sudo system_profiler SPSmartCardsDataType" properly returns the certificate, and I have copied the example /etc/SmartcardLogin.plist provided by Apple to where it should be. I've set allowSmartCard to 1 and temporarily set cert revocation checks to 0 in /Library/Preferences/com.apple.security.smartcard.plist. Still the login window doesn't acknowledge the card. Is there something I've missed? Cheers!

OpenSCToken does not build

I'm using MacOS 10.15.2 and Xcode 11.3. I did follow the instructions:

# Checkout OpenSCToken
git clone http://github.com/frankmorgner/OpenSCToken.git

# Checkout and build all dependencies (i.e. OpenSSL, OpenPACE and OpenSC)
cd OpenSCToken
./bootstrap

# Now build OpenSCTokenApp
xcodebuild -target OpenSCTokenApp -configuration Release -project OpenSCToken/OpenSCTokenApp.xcodeproj install DSTROOT=${PWD}/build

I removed the OpenSCToken/ already for the last step:

xcodebuild -target OpenSCTokenApp -configuration Release -project OpenSCTokenApp.xcodeproj install DSTROOT=${PWD}/build

During the last step I got following:

Air-2:OpenSCToken$ xcodebuild -target OpenSCTokenApp -configuration Release -project OpenSCTokenApp.xcodeproj install DSTROOT=${PWD}/build
Build settings from command line:
    DSTROOT = /Users/botte/Projects/OpenSCToken/build

note: Using new build system
note: Planning build
note: Constructing build description
CreateBuildDirectory /Users/botte/Projects/OpenSCToken/build (in target 'OpenSCTokenApp' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    builtin-create-build-directory /Users/botte/Projects/OpenSCToken/build

SymLink /Users/botte/Projects/OpenSCToken/build/Release/opensc-pkcs11.dylib.bundle /Users/botte/Projects/OpenSCToken/build/UninstalledProducts/macosx/opensc-pkcs11.dylib.bundle (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    /bin/ln -sfh /Users/botte/Projects/OpenSCToken/build/UninstalledProducts/macosx/opensc-pkcs11.dylib.bundle /Users/botte/Projects/OpenSCToken/build/Release/opensc-pkcs11.dylib.bundle

MkDir /Users/botte/Projects/OpenSCToken/build/UninstalledProducts/macosx/opensc-pkcs11.dylib.bundle (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    /bin/mkdir -p /Users/botte/Projects/OpenSCToken/build/UninstalledProducts/macosx/opensc-pkcs11.dylib.bundle

MkDir /Users/botte/Projects/OpenSCToken/build/UninstalledProducts/macosx/opensc-pkcs11.dylib.bundle/Contents (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    /bin/mkdir -p /Users/botte/Projects/OpenSCToken/build/UninstalledProducts/macosx/opensc-pkcs11.dylib.bundle/Contents

MkDir /Users/botte/Projects/OpenSCToken/build/UninstalledProducts/macosx/opensc-pkcs11.dylib.bundle/Contents/MacOS (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    /bin/mkdir -p /Users/botte/Projects/OpenSCToken/build/UninstalledProducts/macosx/opensc-pkcs11.dylib.bundle/Contents/MacOS

WriteAuxiliaryFile /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/DerivedSources/Entitlements.plist (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    write-file /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/DerivedSources/Entitlements.plist

ProcessProductPackaging "" /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib.bundle.xcent (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    

Entitlements:

{
    "com.apple.security.app-sandbox" = 1;
    "com.apple.security.smartcard" = 1;
}


    builtin-productPackagingUtility -entitlements -format xml -o /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib.bundle.xcent

WriteAuxiliaryFile /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-project-headers.hmap (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    write-file /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-project-headers.hmap

WriteAuxiliaryFile /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib.hmap (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    write-file /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib.hmap

WriteAuxiliaryFile /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-own-target-headers.hmap (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    write-file /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-own-target-headers.hmap

WriteAuxiliaryFile /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-generated-files.hmap (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    write-file /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-generated-files.hmap

WriteAuxiliaryFile /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-all-target-headers.hmap (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    write-file /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-all-target-headers.hmap

WriteAuxiliaryFile /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-all-non-framework-target-headers.hmap (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    write-file /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-all-non-framework-target-headers.hmap

WriteAuxiliaryFile /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/all-product-headers.yaml (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    write-file /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/all-product-headers.yaml

CompileC /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/pkcs11-object.o /Users/botte/Projects/OpenSCToken/OpenSC/src/pkcs11/pkcs11-object.c normal x86_64 c com.apple.compilers.llvm.clang.1_0.compiler (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    export LANG=en_US.US-ASCII
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -x c -target x86_64-apple-macos10.12 -fmessage-length=168 -fdiagnostics-show-note-include-stack -fmacro-backtrace-limit=0 -fcolor-diagnostics -std=gnu99 -fmodules -gmodules -fmodules-prune-interval=86400 -fmodules-prune-after=345600 -fbuild-session-file=/var/folders/s3/hl34ld5x19n_ywq_qfzcf6xc0000gn/C/org.llvm.clang/ModuleCache.noindex/Session.modulevalidation -fmodules-validate-once-per-build-session -Wnon-modular-include-in-framework-module -Werror=non-modular-include-in-framework-module -Wno-trigraphs -fpascal-strings -Os -fno-common -Werror -Wno-missing-field-initializers -Wno-missing-prototypes -Wno-return-type -Wno-missing-braces -Wparentheses -Wswitch -Wno-unused-function -Wno-unused-label -Wno-unused-parameter -Wno-unused-variable -Wunused-value -Wno-empty-body -Wno-uninitialized -Wno-unknown-pragmas -Wno-shadow -Wno-four-char-constants -Wno-conversion -Wno-constant-conversion -Wno-int-conversion -Wno-bool-conversion -Wno-enum-conversion -Wno-float-conversion -Wno-non-literal-null-conversion -Wno-objc-literal-conversion -Wno-shorten-64-to-32 -Wpointer-sign -Wno-newline-eof -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk -fasm-blocks -fstrict-aliasing -Wdeprecated-declarations -g -fvisibility=hidden -Wno-sign-conversion -Wno-infinite-recursion -Wno-comma -Wno-block-capture-autoreleasing -Wno-strict-prototypes -Wno-semicolon-before-method-body -iquote /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-generated-files.hmap -I/Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-own-target-headers.hmap -I/Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-all-target-headers.hmap -iquote /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-project-headers.hmap -I/Users/botte/Projects/OpenSCToken/build/Release/include -I/Users/botte/Projects/OpenSCToken/OpenSC -I/Users/botte/Projects/OpenSCToken/OpenSC/src -I/Users/botte/Projects/OpenSCToken/build/openpace/include -I/Users/botte/Projects/OpenSCToken/build/openssl/include -I/Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/DerivedSources-normal/x86_64 -I/Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/DerivedSources/x86_64 -I/Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/DerivedSources -F/Users/botte/Projects/OpenSCToken/build/Release -MMD -MT dependencies -MF /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/pkcs11-object.d --serialize-diagnostics /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/pkcs11-object.dia -c /Users/botte/Projects/OpenSCToken/OpenSC/src/pkcs11/pkcs11-object.c -o /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/pkcs11-object.o
error: Build input file cannot be found: '/Users/botte/Projects/OpenSCToken/OpenSC/src/pkcs11/pkcs11-object.c' (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')

CompileC /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/misc.o /Users/botte/Projects/OpenSCToken/OpenSC/src/pkcs11/misc.c normal x86_64 c com.apple.compilers.llvm.clang.1_0.compiler (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    export LANG=en_US.US-ASCII
    /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -x c -target x86_64-apple-macos10.12 -fmessage-length=168 -fdiagnostics-show-note-include-stack -fmacro-backtrace-limit=0 -fcolor-diagnostics -std=gnu99 -fmodules -gmodules -fmodules-prune-interval=86400 -fmodules-prune-after=345600 -fbuild-session-file=/var/folders/s3/hl34ld5x19n_ywq_qfzcf6xc0000gn/C/org.llvm.clang/ModuleCache.noindex/Session.modulevalidation -fmodules-validate-once-per-build-session -Wnon-modular-include-in-framework-module -Werror=non-modular-include-in-framework-module -Wno-trigraphs -fpascal-strings -Os -fno-common -Werror -Wno-missing-field-initializers -Wno-missing-prototypes -Wno-return-type -Wno-missing-braces -Wparentheses -Wswitch -Wno-unused-function -Wno-unused-label -Wno-unused-parameter -Wno-unused-variable -Wunused-value -Wno-empty-body -Wno-uninitialized -Wno-unknown-pragmas -Wno-shadow -Wno-four-char-constants -Wno-conversion -Wno-constant-conversion -Wno-int-conversion -Wno-bool-conversion -Wno-enum-conversion -Wno-float-conversion -Wno-non-literal-null-conversion -Wno-objc-literal-conversion -Wno-shorten-64-to-32 -Wpointer-sign -Wno-newline-eof -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk -fasm-blocks -fstrict-aliasing -Wdeprecated-declarations -g -fvisibility=hidden -Wno-sign-conversion -Wno-infinite-recursion -Wno-comma -Wno-block-capture-autoreleasing -Wno-strict-prototypes -Wno-semicolon-before-method-body -iquote /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-generated-files.hmap -I/Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-own-target-headers.hmap -I/Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-all-target-headers.hmap -iquote /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/opensc-pkcs11.dylib-project-headers.hmap -I/Users/botte/Projects/OpenSCToken/build/Release/include -I/Users/botte/Projects/OpenSCToken/OpenSC -I/Users/botte/Projects/OpenSCToken/OpenSC/src -I/Users/botte/Projects/OpenSCToken/build/openpace/include -I/Users/botte/Projects/OpenSCToken/build/openssl/include -I/Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/DerivedSources-normal/x86_64 -I/Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/DerivedSources/x86_64 -I/Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/DerivedSources -F/Users/botte/Projects/OpenSCToken/build/Release -MMD -MT dependencies -MF /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/misc.d --serialize-diagnostics /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/misc.dia -c /Users/botte/Projects/OpenSCToken/OpenSC/src/pkcs11/misc.c -o /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/misc.o
error: Build input file cannot be found: '/Users/botte/Projects/OpenSCToken/OpenSC/src/pkcs11/misc.c' (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')

ProcessInfoPlistFile /Users/botte/Projects/OpenSCToken/build/UninstalledProducts/macosx/opensc-pkcs11.dylib.bundle/Contents/Info.plist /Users/botte/Projects/OpenSCToken/opensc-pkcs11/Info.plist (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    builtin-infoPlistUtility /Users/botte/Projects/OpenSCToken/opensc-pkcs11/Info.plist -producttype com.apple.product-type.bundle -expandbuildsettings -platform macosx -o /Users/botte/Projects/OpenSCToken/build/UninstalledProducts/macosx/opensc-pkcs11.dylib.bundle/Contents/Info.plist

WriteAuxiliaryFile /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/opensc-pkcs11.dylib.LinkFileList (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/botte/Projects/OpenSCToken
    write-file /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/opensc-pkcs11.dylib.LinkFileList

** INSTALL FAILED **


The following build commands failed:
	CompileC /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/pkcs11-object.o /Users/botte/Projects/OpenSCToken/OpenSC/src/pkcs11/pkcs11-object.c normal x86_64 c com.apple.compilers.llvm.clang.1_0.compiler
	CompileC /Users/botte/Projects/OpenSCToken/build/OpenSCTokenApp.build/Release/opensc-pkcs11.build/Objects-normal/x86_64/misc.o /Users/botte/Projects/OpenSCToken/OpenSC/src/pkcs11/misc.c normal x86_64 c com.apple.compilers.llvm.clang.1_0.compiler
(2 failures)

Question (Not an issue)

Just thinking about how this basically converts TokenD to CTK. Would it be possible to do the opposite of that? Example, with cards that are like Card OS 5.3 and have been focused on CTK support and development, but programs still have a lot of TokenD support like Outlook 2019. Would it be possible to convert CTK to TokenD as another middleware layer and expanding PKI future tech into legacy type applications? I could see a big use for this.

MacOS Catalina: weird compilation failure

Catalina 10.15.3, Xcode-11.3.1, everything else current/latest. Attempt to build OpenSCToken in a separate directory (not as a part of OpenSC, which fails as reported elsewhere).

$ ./build-package
. . . . .
note: Using new build system
note: Planning build
note: Constructing build description
CompileC /Users/uri/src/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/Objects-normal/x86_64/framework-pkcs15init.o /Users/uri/src/OpenSCToken/OpenSC/src/pkcs11/framework-pkcs15init.c normal x86_64 c com.apple.compilers.llvm.clang.1_0.compiler (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/uri/src/OpenSCToken
    export LANG=en_US.US-ASCII
    clang -x c -target x86_64-apple-macos10.15 -fmessage-length=92 -fdiagnostics-show-note-include-stack -fmacro-backtrace-limit=0 -fcolor-diagnostics -std=gnu99 -fmodules -gmodules -fmodules-prune-interval=86400 -fmodules-prune-after=345600 -fbuild-session-file=/var/folders/pd/mxn5kp_55jg23x7jjd10gtwm0000gn/C/org.llvm.clang/ModuleCache.noindex/Session.modulevalidation -fmodules-validate-once-per-build-session -Wnon-modular-include-in-framework-module -Werror=non-modular-include-in-framework-module -Wno-trigraphs -fpascal-strings -O0 -fno-common -Werror -Wno-missing-field-initializers -Wno-missing-prototypes -Wno-return-type -Wno-missing-braces -Wparentheses -Wswitch -Wno-unused-function -Wno-unused-label -Wno-unused-parameter -Wno-unused-variable -Wunused-value -Wno-empty-body -Wno-uninitialized -Wno-unknown-pragmas -Wno-shadow -Wno-four-char-constants -Wno-conversion -Wno-constant-conversion -Wno-int-conversion -Wno-bool-conversion -Wno-enum-conversion -Wno-float-conversion -Wno-non-literal-null-conversion -Wno-objc-literal-conversion -Wno-shorten-64-to-32 -Wpointer-sign -Wno-newline-eof -DDEBUG=1 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk -fasm-blocks -fstrict-aliasing -Wdeprecated-declarations -g -Wno-sign-conversion -Wno-infinite-recursion -Wno-comma -Wno-block-capture-autoreleasing -Wno-strict-prototypes -Wno-semicolon-before-method-body -iquote /Users/uri/src/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/opensc-pkcs11.dylib-generated-files.hmap -I/Users/uri/src/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/opensc-pkcs11.dylib-own-target-headers.hmap -I/Users/uri/src/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/opensc-pkcs11.dylib-all-target-headers.hmap -iquote /Users/uri/src/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/opensc-pkcs11.dylib-project-headers.hmap -I/opt/local/include -I/Users/uri/src/OpenSCToken/build/Debug/include -I/Users/uri/src/OpenSCToken/OpenSC -I/Users/uri/src/OpenSCToken/OpenSC/src -I/Users/uri/src/OpenSCToken/build/openpace/include -I/Users/uri/src/OpenSCToken/build/openssl/include -I/Users/uri/src/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/DerivedSources-normal/x86_64 -I/Users/uri/src/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/DerivedSources/x86_64 -I/Users/uri/src/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/DerivedSources -F/Users/uri/src/OpenSCToken/build/Debug -MMD -MT dependencies -MF /Users/uri/src/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/Objects-normal/x86_64/framework-pkcs15init.d --serialize-diagnostics /Users/uri/src/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/Objects-normal/x86_64/framework-pkcs15init.dia -c /Users/uri/src/OpenSCToken/OpenSC/src/pkcs11/framework-pkcs15init.c -o /Users/uri/src/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/Objects-normal/x86_64/framework-pkcs15init.o
While building module 'Darwin' imported from /Users/uri/src/OpenSCToken/OpenSC/src/pkcs11/framework-pkcs15init.c:23:
In file included from <module-includes>:357:
In file included from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk/usr/include/ncurses.h:141:
/opt/local/include/unctrl.h:61:63: error: unknown type name 'SCREEN'
NCURSES_EXPORT(NCURSES_CONST char *) NCURSES_SP_NAME(unctrl) (SCREEN*, chtype);
                                                              ^
/opt/local/include/unctrl.h:61:53: error: function cannot return function type
      'char *(int *, chtype)' (aka 'char *(int *, unsigned int)')
NCURSES_EXPORT(NCURSES_CONST char *) NCURSES_SP_NAME(unctrl) (SCREEN*, chtype);
                                                    ^
/opt/local/include/unctrl.h:61:54: error: a parameter list without types is only allowed in
      a function definition
NCURSES_EXPORT(NCURSES_CONST char *) NCURSES_SP_NAME(unctrl) (SCREEN*, chtype);
                                                     ^
3 errors generated.
/Users/uri/src/OpenSCToken/OpenSC/src/pkcs11/framework-pkcs15init.c:23:10: fatal error: 
      could not build module 'Darwin'
#include <stdlib.h>
 ~~~~~~~~^
4 errors generated.

Is the NitroKey Pro 2 supported?

Hi,

I'm trying to get CryptoTokenKit running with the NitroKey Pro 2 but a smartcard is not detected:

user$ security list-smartcards
No smartcards found.

user$ system_profiler SPSmartCardsDataType
SmartCards:

    Readers:

      #01: Nitrokey Nitrokey Pro (ATR:<3bda18ff 81b1fe75 1f030031 f573c001 60009000 1c>)

    Reader Drivers:

      #01: org.debian.alioth.pcsclite.smartcardccid:1.4.27 (/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle)
      #02: (null):(null) (/usr/local/libexec/SmartCardServices/drivers/libifd-cyberjack.bundle)
      #03: org.debian.alioth.pcsclite.smartcardccid:1.4.27 (/usr/local/libexec/SmartCardServices/drivers/ifd-ccid.bundle)

    Tokend Drivers:

      #01: com.apple.tokend.opensc:1.0 (/Library/Security/tokend/OpenSC.tokend)

    SmartCard Drivers:

      #01: org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken:1.1 (/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex)
      #02: com.apple.CryptoTokenKit.pivtoken:1.0 (/System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/pivtoken.appex)

    Available SmartCards (keychain):

        org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken:00050000873e:

    Available SmartCards (token):

        org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken:00050000873e:

PIN entry requires GUI

Hello,

When using a PIV smart card on Catalina for code signing using ‘codesign’ and ‘productsign’, the system asks for PIN entry in a modal GUI window. The problem is that I need to be able to build and sign through SSH, i.e. without a GUI.

Is there a setting in macOS or OpenSCToken to ask for the PIN in the terminal instead? If this feature requires a change in OpenSCToken, I will be happy to contribute with some guidance as I am not (yet) familiar with the architecture and APIs.

Unable to switch from contact and contactless reader interfaces

Hi,
I'm running the CryptoTokenKit using a dual interface reader.
At first stage the smart card is inserted into the reader (contact interface). All seems working successfully. Then if I switch the smart card from the contact to the contactless interfacethe CryptoTokenKit stops working.
The same happens if I start working with the contactless interface and then switch to the contact one.
If I use always the same interface (contact or contactless), without switching, all seems working successfully.

Here is the failure log part:

P:496; T:0x123145460260864 17:29:04.207 [cryptotokenkit] ctx.c:855:sc_context_create: opensc version: 0.22.0
P:496; T:0x123145460260864 17:29:04.207 [cryptotokenkit] reader-cryptotokenkit.m:546:cryptotokenkit_detect_readers: called
P:496; T:0x123145460260864 17:29:04.207 [cryptotokenkit] reader-cryptotokenkit.m:554:cryptotokenkit_detect_readers: Probing CryptoTokenKit readers
P:496; T:0x123145460260864 17:29:04.207 [cryptotokenkit] reader-cryptotokenkit.m:585:cryptotokenkit_detect_readers: Found new CryptoTokenKit reader 'SDI011 USB Smart Card Reader(1)'
P:496; T:0x123145460260864 17:29:09.209 [cryptotokenkit] reader-cryptotokenkit.m:585:cryptotokenkit_detect_readers: Found new CryptoTokenKit reader 'SDI011 USB Smart Card Reader(2)'
P:496; T:0x123145460260864 17:29:14.210 [cryptotokenkit] reader-cryptotokenkit.m:597:cryptotokenkit_detect_readers: returning with: 0 (Success)
P:496; T:0x123145460260864 17:29:14.210 [cryptotokenkit] ctx.c:895:sc_ctx_use_reader: called
P:496; T:0x123145460260864 17:29:14.210 [cryptotokenkit] card.c:259:sc_connect_card: called
P:496; T:0x123145460260864 17:29:14.210 [cryptotokenkit] card.c:413:sc_connect_card: returning with: -1104 (Card not present)
P:496; T:0x123145460260864 17:29:14.210 [cryptotokenkit] /Users/angelocastaldo/Desktop/Development/OpenSCToken-master/OpenSCToken/Token.m:97:-[OpenSCToken initWithSmartCard:AID:OpenSCDriver:error:]: sc_connect_card: -1104 (Card not present)
P:496; T:0x123145460260864 17:29:14.210 [cryptotokenkit] ctx.c:930:sc_release_context: called

Thanks in advance for your support.

sc_ctx_use_reader: -1400 (Internal error)

Hi,
I builded OpenSCToken with Xcode Version 12.4 on macOS Catalina (10.15.7). I ran OpenSCTokenApp but it doesn't work.
I'm using a CNS Card and SCM SDI011 smart card readers.
Below you can find the contains of file opens-debug.txt:
P:1092; T:0x123145371058176 10:34:20.318 [cryptotokenkit] ctx.c:855:sc_context_create: ===================================
P:1092; T:0x123145371058176 10:34:20.318 [cryptotokenkit] ctx.c:856:sc_context_create: opensc version: 0.21.0
P:1092; T:0x123145371058176 10:34:20.319 [cryptotokenkit] reader-pcsc.c:892:pcsc_init: PC/SC options: connect_exclusive=0 disconnect_action=0 transaction_end_action=0 reconnect_action=0 enable_pinpad=1 enable_pace=1
P:1092; T:0x123145371058176 10:34:20.320 [cryptotokenkit] reader-pcsc.c:1374:pcsc_detect_readers: called
P:1092; T:0x123145371058176 10:34:20.320 [cryptotokenkit] reader-pcsc.c:1387:pcsc_detect_readers: Probing PC/SC readers
P:1092; T:0x123145371058176 10:34:20.320 [cryptotokenkit] reader-pcsc.c:1440:pcsc_detect_readers: Establish PC/SC context
P:1092; T:0x123145371058176 10:34:20.337 [cryptotokenkit] reader-pcsc.c:1323:pcsc_add_reader: Adding new PC/SC reader 'SDI011 USB Smart Card Reader(1)'
P:1092; T:0x123145371058176 10:34:20.337 [cryptotokenkit] reader-pcsc.c:360:refresh_attributes: SDI011 USB Smart Card Reader(1) check
P:1092; T:0x123145371058176 10:34:20.338 [cryptotokenkit] reader-pcsc.c:407:refresh_attributes: current state: 0x00000012
P:1092; T:0x123145371058176 10:34:20.338 [cryptotokenkit] reader-pcsc.c:408:refresh_attributes: previous state: 0x00000000
P:1092; T:0x123145371058176 10:34:20.338 [cryptotokenkit] reader-pcsc.c:464:refresh_attributes: card absent
P:1092; T:0x123145371058176 10:34:20.339 [cryptotokenkit] reader-pcsc.c:1532:pcsc_detect_readers: SDI011 USB Smart Card Reader(1):SCardConnect(DIRECT): 0x00000000
P:1092; T:0x123145371058176 10:34:20.339 [cryptotokenkit] reader-pcsc.c:1141:detect_reader_features: called
P:1092; T:0x123145371058176 10:34:20.339 [cryptotokenkit] reader-pcsc.c:1143:detect_reader_features: Requesting reader features ...
P:1092; T:0x123145371058176 10:34:20.437 [cryptotokenkit] reader-pcsc.c:1323:pcsc_add_reader: Adding new PC/SC reader 'SDI011 USB Smart Card Reader(2)'
P:1092; T:0x123145371058176 10:34:20.437 [cryptotokenkit] reader-pcsc.c:360:refresh_attributes: SDI011 USB Smart Card Reader(2) check
P:1092; T:0x123145371058176 10:34:20.438 [cryptotokenkit] reader-pcsc.c:407:refresh_attributes: current state: 0x00000012
P:1092; T:0x123145371058176 10:34:20.438 [cryptotokenkit] reader-pcsc.c:408:refresh_attributes: previous state: 0x00000000
P:1092; T:0x123145371058176 10:34:20.438 [cryptotokenkit] reader-pcsc.c:464:refresh_attributes: card absent
P:1092; T:0x123145371058176 10:34:20.439 [cryptotokenkit] reader-pcsc.c:1532:pcsc_detect_readers: SDI011 USB Smart Card Reader(2):SCardConnect(DIRECT): 0x00000000
P:1092; T:0x123145371058176 10:34:20.439 [cryptotokenkit] reader-pcsc.c:1141:detect_reader_features: called
P:1092; T:0x123145371058176 10:34:20.439 [cryptotokenkit] reader-pcsc.c:1143:detect_reader_features: Requesting reader features ...
P:1092; T:0x123145371058176 10:34:20.521 [cryptotokenkit] reader-pcsc.c:1556:pcsc_detect_readers: returning with: 0 (Success)
P:1092; T:0x123145371058176 10:34:20.521 [cryptotokenkit] ctx.c:896:sc_ctx_use_reader: called
P:1092; T:0x123145371058176 10:34:20.521 [cryptotokenkit] reader-pcsc.c:2507:pcsc_use_reader: called
P:1092; T:0x123145371058176 10:34:20.521 [cryptotokenkit] reader-pcsc.c:2561:pcsc_use_reader: returning with: -1400 (Internal error)
P:1092; T:0x123145371058176 10:34:20.521 [cryptotokenkit] /Users/angelocastaldo/Desktop/Development/OpenSCToken-master/OpenSCToken/Token.m:94:-[OpenSCToken initWithSmartCard:AID:OpenSCDriver:error:]: sc_ctx_use_reader: -1400 (Internal error)**
P:1092; T:0x123145371058176 10:34:20.521 [cryptotokenkit] ctx.c:931:sc_release_context: called
P:1092; T:0x123145371058176 10:34:20.521 [cryptotokenkit] reader-pcsc.c:973:pcsc_finish: called

Thx
Angelo

com.apple.CryptoTokenKit.pivtoken disablement conflict

I'm trying to avoid the minor issue that smart card certificates will be shown twice when listed for the user to choose to authenticate onto a website by disabling apple's built in framework with com.apple.CryptoTokenKit.pivtoken via sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array com.apple.CryptoTokenKit.pivtoken. However, after a reboot, neither safari nor chrome will recognize ANY certificates despite security list-smartcards showing both com.apple.pivtoken and org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken. sc_auth to authenticate logons still works. I've used both the package that came with OpenSC 0.20.0 and the one created by compiling the latest code from the master branch.

Not fully understanding OpenSCToken's relation with CryptoTokenKit.pivtoken, it seems that OpenSCToken requires CryptoTokenKit.pivtoken to be enabled.

Can't Login to macOS with smart card

Hi, I have a critical issue, when I login into MacOS with OpenSC smart card appex, it is able to succeed if I just use "lock screen". But if I "Logout", I cannot use my smart card to login, it looks like system doens't recognize my smart card in the login screen, it shows only input "Password", not "PIN". So I want to ask are there any other settings I should do?

Outlook 2019 Issues

Hey everyone,

I'm not entirely sure how to open an issue here but I'm seeing a problem with multiple prompting for auth when using Outlook 2019 on Mojave. Can someone point me toward a quick way to unregister the security agent and remove this plugin for troubleshooting?

compile error

got 2 compile errors

  1. getting an objectve-C error where I don't know how to fix it
    Users/phuang/Desktop/workspace/OpenSCToken/OpenSCToken/Token.h:29:54: error:
    pointer is missing a nullability type specifier (_Nonnull, _Nullable, or
    _Null_unspecified) [-Werror,-Wnullability-completeness]
    static NSData* idToData(u8 type, struct sc_pkcs15_id *p15id)

  2. implicit conversion loses integer precision: 'CK_RV' (aka 'unsigned long')
    to 'int' [-Werror,-Wshorten-64-to-32]
    rc = sc_pkcs11_register_mechanism(p11card, mt);

I temporary it fix it by using casting

Does a self-build OpenSCToken also need custom built OpenSC?

Hi,

I was able to build the current master branch of OpenSCToken and install it. Since #40 was supposed to fix OpenSC/OpenSC#2605.

Unfortunately, the issue still persists on my machine. The native PIN Prompt doesn't show up.

Do I have to Compile a recent version of OpenSC too? Are there related changes "over there" that need to be taken into consideration?

Thanks and best regards
Beh

P.S.: Some more info I was able to observe, maybe this helps:

There is one thing different though:

sudo sc_auth pair shows another error message now:

Cannot pair user (public key hash: <obfuscated>). The operation couldn’t be completed. (CryptoTokenKit error -8.) This message indicates, that the key itself can't be used for pairing. So some stuff semms to got fixed :)

Mac Os Catalina 10.15.4

It seems that on Mac Os Catalina 10.15.4, the OpenSCToken cannot access anymore to smartcard readers.

On 10.15.3, i can use the smartcard, on 10.15.4, instead, the output of security list-smartcards is always No smartcards found and obviously i cannot use smartcard.

Does anyone know if apple has changed anything in new Mac os 10.15.4 ?

OpenSCToken does not get removed/unregistered

I am not sure if this problem manifests only if you build OpenSCToken from source and the copy of its executable is present somewhere on your system.

Config

MacOS Mojave 10.14.6, Xcode-11.3.1. Current master of OpenSC and OpenSCToken, OpenSSL_1_1_1-stable (1.0.2 is deprecated - it's time to move off it ;).

Symptoms

  1. Build and install (from the OpenSCToken.dmg) OpenSCTokenApp.app.
  2. Start it, observe it registering the extension. So far so good.
  3. Insert the token, observe (e.g., via ps -ef | fgrep OpenSCToken) that OpenSCToken started.
  4. Remove the token, uninstall OpenSC via /usr/local/bin/opensc-uninstall. Double-check that the /Applications/OpenSCTokenApp.app has been removed - delete it if it wasn't.
  5. Insert the token - observe the extension started again.
  6. Remove the token, kill the running extension, insert the token - observe the extension started again.

Workaround

  • Determine what file the running extension was invoked from via
ps -ef | fgrep OpenSCToken

then

  • Remove that file via
pluginkit -r /full/path/to/that/file

Now the extension is gone.

Proposed Solution

I don't know - maybe write a real uninstaller that would locate and remove/unregister this extension?

No need to keep the hosting app running

You do not need to have the hosting app target/Library/OpenSC/OpenSCTokenApp.app running to be able to use the plugin.

Just run the application one time to register the plugin then it is done. It is (more or less) the same as registering the plugin using pluginkit.

Maybe you should correct your README.md file.

Wrong .entitlements file name

The Xcode project references a file named PIVToken.entitlements but your project provides a file named opensctoken.entitlements.

Conflict between pre-installed OpenSSL and Xcodeproj

Problem

File OpenSCTokenApp.xcodeproj/project.pbxproj sets location for OpenSSL include files and libraries (actually, only libcrypto.a).

Asa result, if bootstrap script locates a suitable OpenSSL that's already installed on the system (via Macports, in my case), the build fails:

  1. Fails to compile, because cannot find include file <openssl/opensslv.h>. Could get through by manually adding the correct include files location to the .xcodeproj - but it is not a correct workaround (see below).
  2. Then it fails to start linking because it fails to locate the library $SRCROOT/openssl/lib/libcrypto.a. Removing this dependency and relying on $OPENSSL_LIBS did not help - linking failed with unresolved symbols.

To get past this, I had to modify the bootstrap script, forcing it to always build OpenSSL from the source (ugly, but it works).

Proposed solution

If possible - make the .xcodeproj use and depend upon $OPENSSL_CFLAGS and $OPENSSL_LIBS. If not - modify the bootstrap script to always build from the source, so xcodebuild always finds the headers and the library exactly where it is expecting them.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.