USB SMART CARD READER DRIVERS
(man SmartCardServices)
OS X has a builtin list of supported USB CCID class-compliant smart card readers. For other readers, install the reader driver in /usr/libexec/SmartCardServices/drivers. Each driver is a bundle.
...
Note |
---|
with macOS Mojave (10.14.6) it is still possible to install your own version of libccid or other PC/SC IFD Handler bundles to /usr/local/libexec/SmartCardServices/drivers. |
Using non USB based Readers
/etc/reader.conf is read similar to standard pcscd way of doing things but instead of pointing to a library directly, it points to a bundle directry containg the same files as for usb readers, the difference is that Info.plist does not contain any product or vendor ids or friendly names.
Some projects declare a fake usb device in their Info.plist and expect the users to attach that device (maybe a usb memory stick) if they want to use the card reader, although the device has nothing to do with the card reader.
Related processes
Mojave
/System/Library/Frameworks/PCSC.framework/Versions/A/XPCServices/com.apple.ctkpcscd.xpc/Contents/MacOS/com.apple.ctkpcscd
Related processes
Mojave
/System/Library/Frameworks/PCSC.framework/Versions/A/XPCServices/com.apple.ctkpcscd.xpc/Contents/MacOS/com.apple.ctkpcscd
/System/Library//System/Library/CryptoTokenKit/com.apple.ifdreader.slotd/Contents/MacOS/com.apple.ifdreader
Drivers are loaded as dynamic library from the latter one
Catalina
Logging
Using unified Logging on macOS platform
https://developer.apple.com/documentation/os/logging?language=objc#1682416
and
and https://www.avanderlee.com/debugging/oslog-unified-logging/
It is possible to turn on logging for smart cards. Logging is turned on by setting global preference:
...
Note |
---|
Note that logging setting is one-shot; it must be turned on by the command above to start logging again with a new reader. This is to avoid security risk that logging is turned on indefinitely. So, set this value to yes, plug in your AirID via USB and you should see APDU tracing. After the AirID is unplugged from USB, APDU tracing is disabled again. |
Logging behavior is normally governed by the system. However, while debugging in macOS, you can enable different logging levels for a subsystem using the log
command-line tool’s config
argument while logged in as root.
...
Enabling debug-level logging for a subsystem
UI Expand |
---|
|
code | title | Enabling debug-level logging for a subsystem |
---|
collapse | true |
---|
|
$ sudo log config --mode "level:debug" --subsystem com.your_company.your_subsystem_name |
Logging PC/SC or IFD Hander activity
This is the script I use normally to debug PC/SC under macOS Mojave
Code Block |
---|
#! /bin/bash
#
# enable APDU tracing use this
sudo defaults write /Library/Preferences/com.apple.security.smartcard Logging -bool yes
echo "now plug in your USBAirID basedAirID AirIDdevice"
sleep 5;
# enable displaying of private fields
sudo NOTE logenabling config -private data no longer works on macOS Catalina 10.15+
sudo log config --mode "private_data:on"
# log as stream
sudo log stream --debug --info --source --style syslog --predicate '((subsystem == "com.apple.CryptoTokenKit") || (process == "com.apple.ifdreader"))' |
ui-text-box |
---|
-debug --info On my machine this leads to the following logging |
UI Expand |
---|
title | logging PC/SC on macOS |
---|
|
Code Block |
---|
al@heron ~/bin debug_pcsc.sh
Filtering the log data using "process == "com.apple.ifdreader""
Timestamp Thread Type Activity PID TTL
2019-08-07 15:14:05.668951+0200 0x3a402a Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] deviceRemovalHandler invoked (entryId=4295018162)
2019-08-07 15:14:05.669017+0200 0x3a402a Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] installed device removal notification
2019-08-07 15:14:05.669325+0200 0x3a402a Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] new device arrival: 2dff:b602 14122430 (entryId=4295018162)
2019-08-07 15:14:05.669466+0200 0x3a402a Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] bundle loaded: /usr/local/libexec/SmartCardServices/drivers/ifd-ccid.bundle
2019-08-07 15:14:05.669518+0200 0x3a402a Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] found bundle for device, resolved entryId=4295018162 to deviceName='certgateAirID GmbH AirID2 Mini'
2019-08-07 15:14:05.669621+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] -> IFDHCreateChannelByName(00000000, 'certgateAirID GmbH AirID2 Mini')
2019-08-07 15:14:05.669780+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 42925798 ifdhandler.c:110:CreateChannelByNameOrChannel() Lun: 0, device: certgateAirID GmbH AirID2 Mini
2019-08-07 15:14:05.669927+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000158 ccid_usb.c:302:OpenUSBByName() Using: /usr/local/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist
2019-08-07 15:14:05.678628+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00008626 ccid_usb.c:320:OpenUSBByName() ifdManufacturerString: Ludovic Rousseau ([email protected])
2019-08-07 15:14:05.678760+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000234 ccid_usb.c:321:OpenUSBByName() ifdProductString: Generic CCID driver
2019-08-07 15:14:05.678916+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000125 ccid_usb.c:322:OpenUSBByName() Copyright: This driver is protected by terms of the GNU Lesser General Public License version 2.1, or (at your option) any later version.
2019-08-07 15:14:07.127959+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 01449055 ccid_usb.c:784:OpenUSBByName() Wait after libusb: 9
2019-08-07 15:14:07.231178+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00103223 ccid_usb.c:660:OpenUSBByName() Found Vendor/Product: 2DFF/B602 (certgateAirID GmbH AirID2 Mini)
2019-08-07 15:14:07.231268+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000131 ccid_usb.c:662:OpenUSBByName() Using USB bus/device: 20/60000013
2019-08-07 15:14:07.231338563391+0200 0x5a71150x5a7405 InfoDebug 0x0 13149 0 com.apple.ifdreader: (libccid.dylibCryptoTokenKit) 00000073 ccid_usb.c:722:OpenUSBByName() bNumDataRatesSupported is 0[com.apple.CryptoTokenKit:token] AirID GmbH AirID2 Mini: card reset done -> <TKSmartCardATR: 0x7fe531200840 3b 130000 T=1:--- T=1:fe45-;4a434f5076323431>
2019-08-07 15:14:07.281130563463+0200 0x5a71150x5a7405 DebugDefault 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:smartcardAPDULog] ATR: <- IFDHCreateChannelByName() = 03b f8 13 .....
2019-08-07 15:14:07.281179563581+0200 0x5a71150x5a7405 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:smartcardtoken] -> IFDHGetCapabilities(00000000, TAG_IFD_THREAD_SAFE)
2019-08-07 15:14:07.281286+0200 0x5a7115 InfoAirID GmbH AirID2 Mini: broadcasting state change { atr = <3bf81300 008131fe 0x0454a434f 50763234 31b7>; power = 1; prevstate = 2; 13149share = 0; com.apple.ifdreader: (libccid.dylib) 00049910 ifdhandler.c:381:IFDHGetCapabilities() tag: 0xFAD, certgate GmbH AirID2 Mini (lun: 0)
2019-08-07 15:14:07.281309+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] <- IFDHGetCapabilities() = 0 (0)
2019-08-07 15:14:07.281333+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] -> IFDHGetCapabilities(00000000, SCARD_ATTR_MAXINPUT)
2019-08-07 15:14:07.281412+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000152 ifdhandler.c:381:IFDHGetCapabilities() tag: 0x7A007, certgate GmbH AirID2 Mini (lun: 0)
2019-08-07 15:14:07.281434+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] <- IFDHGetCapabilities() = 0 (8182)
2019-08-07 15:14:07.281475+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] -> IFDHControl_v3(00000000, code=1107299656, in=(null))
2019-08-07 15:14:07.281568+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000145 ifdhandler.c:1411:IFDHControl() ControlCode: 0x42000D48, certgate GmbH AirID2 Mini (lun: 0)
2019-08-07 15:14:07.281703+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) Control TxBuffer:
2019-08-07 15:14:07.281830+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) Control RxBuffer: 12 04 42 33 00 12
2019-08-07 15:14:07.281888+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] <- IFDHControl(out=<12044233 0012>) = 0
2019-08-07 15:14:07.281916+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] -> IFDHGetCapabilities(00000000, TAG_IFD_SLOTS_NUMBER)
2019-08-07 15:14:07.282054+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000442 ifdhandler.c:381:IFDHGetCapabilities() tag: 0xFAE, certgate GmbH AirID2 Mini (lun: 0)
2019-08-07 15:14:07.282158+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000146 ifdhandler.c:476:IFDHGetCapabilities() Reader supports 1 slot(s)
2019-08-07 15:14:07.282186+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] <- IFDHGetCapabilities() = 0, (1)
2019-08-07 15:14:07.282227+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] setupWithName:'certgate GmbH AirID2 Mini'
2019-08-07 15:14:07.283570+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] certgate GmbH AirID2 Mini: new client connection established
2019-08-07 15:14:07.283610+0200 0x5a7405 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] initWithName:'certgate GmbH AirID2 Mini' successfully registered
2019-08-07 15:14:07.283693+0200 0x5a7405 Activity 0x84ae26 13149 0 com.apple.ifdreader: (CoreFoundation) Loading Preferences From System CFPrefsD
2019-08-07 15:14:07.283701+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] certgate GmbH AirID2 Mini: slot was set up
2019-08-07 15:14:07.284032+0200 0x5a7405 Debug 0x84ae26 13149 0 com.apple.ifdreader: (CoreFoundation) [com.apple.defaults:User Defaults] CFPrefsPlistSource<0x7fe52f50f310> (Domain: com.apple.security.smartcard, User: kCFPreferencesAnyUser, ByHost: Yes, Container: (null), Contents Need Refresh: No) loaded: a new base plist and no additional changes from the base plist
2019-08-07 15:14:07.284129+0200 0x5a7405 Debug 0x0 13149 0 com.apple.ifdreader: (CoreFoundation) [com.apple.defaults:User Defaults] looked up value 1 for key Logging in CFPrefsPlistSource<0x7fe52f50f310> (Domain: com.apple.security.smartcard, User: kCFPreferencesAnyUser, ByHost: Yes, Container: (null), Contents Need Refresh: No)
2019-08-07 15:14:07.285145+0200 0x5a7405 Debug 0x0 13149 0 com.apple.ifdreader: (CoreFoundation) [com.apple.defaults:User Defaults] setting new value 0 for key Logging in CFPrefsPlistSource<0x7fe52f50f310> (Domain: com.apple.security.smartcard, User: kCFPreferencesAnyUser, ByHost: Yes, Container: (null), Contents Need Refresh: No)
2019-08-07 15:14:07.285203+0200 0x5a7405 Default 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:APDULog] logging slot certgate GmbH AirID2 Mini
2019-08-07 15:14:07.285239+0200 0x5a7405 Debug 0x0 13149 0 com.apple.ifdreader: (CoreFoundation) [com.apple.defaults:User Defaults] found no value for key PollingTimeout in CFPrefsPlistSource<0x7fe52f50f310> (Domain: com.apple.security.smartcard, User: kCFPreferencesAnyUser, ByHost: Yes, Container: (null), Contents Need Refresh: No)
2019-08-07 15:14:07.286534+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] certgate GmbH AirID2 Mini: card inserted
2019-08-07 15:14:07.286586+0200 0x5a7115 Default 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:APDULog] card in
2019-08-07 15:14:07.286616+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] certgate GmbH AirID2 Mini: card reset
2019-08-07 15:14:07.286753+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] certgate GmbH AirID2 Mini: broadcasting state change { power = 0; prevstate = 1; share = 0; state = 2;}
2019-08-07 15:14:07.286888+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] -> IFDHPowerICC(00000000, action=502)
2019-08-07 15:14:07.287045+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00004828 ifdhandler.c:1154:IFDHPowerICC() action: Reset, certgate GmbH AirID2 Mini (lun: 0)
2019-08-07 15:14:07.287210+0200 0x5a7115 Info 0x0 13149 0 com.apple.ifdreader: (libccid.dylib) 00000171 commands.c:204:CmdPowerOn() 5V requested but not support by reader
2019-08-07 15:14:07.563262+0200 0x5a7115 Debug 0x0 13149 0 com.apple.ifdreader: [com.apple.CryptoTokenKit:smartcard] <- IFDHPowerICC(atr=<3bf81300 008131fe 454a434f 50763234 31b7>) = 0
2019-08-07 15:14:07.563391+0200 0x5a7405 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] certgate GmbH AirID2 Mini: card reset done -> <TKSmartCardATR: 0x7fe531200840 3b 130000 T=1:--- T=1:fe45-;4a434f5076323431>
2019-08-07 15:14:07.563463+0200 0x5a7405 Default 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:APDULog] ATR: 3b f8 13 00 00 81 31 fe 45 4a 43 4f 50 76 32 34 31 b7
2019-08-07 15:14:07.563581+0200 0x5a7405 Debug 0x0 13149 0 com.apple.ifdreader: (CryptoTokenKit) [com.apple.CryptoTokenKit:token] certgate GmbH AirID2 Mini: broadcasting state change { atr = <3bf81300 008131fe 454a434f 50763234 31b7>; power = 1; prevstate = 2; share = 0; state = 4;} |
|
Bluetooth-related information
Getting information from com.apple.bluetoothd
...
title | Getting information from com.apple.bluetoothd |
---|
Code Block |
---|
bash-3.2# defaults read com.apple.bluetoothd
SMPCloudLocalNonce = <9475e7a0 f4e93a9a b51df8d7 0b800896>;
LinkKeys = {
"b8-e8-56-0d-fb-81" = {
"7c-c3-a1-8f-be-4f" = <a21c29c4 a7d6591c 40d5789d 8d8b5675>;
"d8-30-62-39-11-ca" = <4a8b9385 4eb21c5c 68226d58 b7c8501b>;
};
};
SMPCloudLocalNonce = <9475e7a0 f4e93a9a b51df8d7 0b800896>;
SMPCloudLocalPrivateKey = <a2f2a3a8 7b0668e5 0c2d85aa c3761d3e 8c924e90 bd630dd7 4dcf957f bded6289 9ee1948e 9e2710be 43a70171 0911a72f f6e3ce7b 4a37e9f4 6a3c8c7f 43bb8fb6 9a3e9abb fe328a8d f616c9aa 126b42e0 bedc22c9 a5174980 838d2f7d 4d9faf05>;
SMPCloudLocalPublicKey = <a2f2a3a8 7b0668e5 0c2d85aa c3761d3e 8c924e90 bd630dd7 4dcf957f bded6289 9ee1948e 9e2710be 43a70171 0911a72f f6e3ce7b 4a37e9f4 6a3c8c7f 43bb8fb6>;
SMPDistributionKeys = {
"b8-e8-56-0d-fb-81" = {
"d0-cf-5e-06-f9-c4" = {
Address = <d0cf5e06 f9c4>;
AddressType = 0;
IRK = <be6658dd 46c563c1 9b0273be be0ae0e6>;
LTK = <3b2fd57f 7fed7c96 6e0ff8a1 c99ee836>;
LTKLength = <10>;
MITMProtection = 1;
OriginalAddressType = 0;
SecureConnection = <01>;
};
};
};
}
|
Getting information from blued (does not exist on catalina)
...
title | Getting information from blued |
---|
Code Block |
---|
bash-3.2# defaults read blued
{
LinkKeys = {
"b8-e8-56-0d-fb-81" = {
"7c-c3-a1-8f-be-4f" = <a21c29c4 a7d6591c 40d5789d 8d8b5675>;
"d8-30-62-39-11-ca" = <4a8b9385 4eb21c5c 68226d58 b7c8501b>;
};
};
} |
Bluetooth-related information
Getting information from com.apple.bluetoothd
UI Expand |
---|
title | Getting information from com.apple.bluetoothd |
---|
|
Code Block |
---|
bash-3.2# defaults read com.apple.bluetoothd
SMPCloudLocalNonce = <9475e7a0 .... .... ....>;
LinkKeys = {
"..-..-..-..-..-.." = {
"..-..-..-..-..-.." = <a21c29c4 .... .... ....>;
"..-..-..-..-..-.." = <4a8b9385 .... .... ....>;
};
};
SMPCloudLocalNonce = <9475e7a0 .... .... ....>;
SMPCloudLocalPrivateKey = <a2f2a3a8 .... ..... ..... ..... ..... >;
SMPCloudLocalPublicKey = <a2f2a3a8 .... ..... ..... ..... ..... >;
SMPDistributionKeys = {
"..-e8-..-0d-..-.." = {
"..-..-..-..-..-.." = {
Address = <.... ....>;
AddressType = 0;
IRK = <be6658dd ..... ..... .....>;
LTK = <3b2fd57f ..... ..... .....>;
LTKLength = <10>;
MITMProtection = 1;
OriginalAddressType = 0;
SecureConnection = <01>;
};
};
};
}
|
|
Getting information from blued (does not exist on catalina)
UI Expand |
---|
title | Getting information from blued |
---|
|
Code Block |
---|
bash-3.2# defaults read blued
{
LinkKeys = {
"..-..-..-..-..-.." = {
"..-..-..-..-..-.." = <a21c29c4 ..... ..... .....>;
"..-..-..-..-..-.." = <4a8b9385 ..... ..... .....>;
};
};
} |
|
Getting information from system_profiler
Code Block |
---|
$ sudo system_profiler -detailLevel full SPBluetoothDataType |
Related Articles
Content by Label |
---|
showLabels | false |
---|
max | 16 |
---|
spaces | PM |
---|
showSpace | false |
---|
sort | modified |
---|
reverse | true |
---|
type | page |
---|
excerptType | simple |
---|
cql | label in ("kb-how-to-article","macos","ctk","cryptotokenkit") and type = "page" and space = "DEMTHSP" |
---|
labels | kb-troubleshooting-article |
---|
|
Was this answer helpful?
Please rate & help us to improve our FAQ.
Getting information from system_profiler
Code Block |
---|
$ sudo system_profiler -detailLevel full SPBluetoothDataType |
MacOS PCSC related projects
macOS IFD Handler GIT Project
https://gitlab.certgate.com/airid/mac-ble-ifd
git clone https://gitlab.certgate.com/airid/mac-ble-ifd
cd mac-ifd
make
sudo ./install.sh
Edit /etc/reader.conf to select right AirID device
sudo pkill -9 com.apple.ifdreader
Virtual smart card for testing IFDH behavior
git clone https://gitlab.certgate.com/airid-support-group/virtual_card.git
cd mac
make
sudo ./install.sh
or if you want a populated iso7816 filesystem
sudo ./install-with-isofs.sh