[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: opening smart card keychains

Subject: Re: opening smart card keychains
From: "Cole Barnes" <email@hidden>
Date: Wed, 10 May 2006 15:54:27 -0500
Delivered-to: email@hidden
Delivered-to: email@hidden
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=f9m5/ZjKM7R8MfNB7tF0blpG5/d4KP1PidTATI79KPJHpN/HMB2rL3DGkWorr/vqkwOGTgQQqPRAvZIe4mjDYGqwgpoo/kPLFzFspvKc73JIeGH3S7vKKEJR/Y3VPgTyB84eLx5gsllzYPb7E1UJQ443ubVzbX7os/yp3zypkNQ=

Thanks Perry...

I understand all of that, and I can see my CAC certificates and keys
in Keychain Access, so no problems there.

Here's my issue:

I am calling SecKeychainCopySearchList() first; it's my understanding
that when this function is called, it gives you back the search list
used by Keychain Access.  Does this include all keychains shown by
Keychain Access?

I then take that search list and pass it to SecIdentitySearchCreate()
and loop through the results using SecIdentitySearchCopyNext() to get
my identities.  The problem is, the only things returned in the search
are from my default keychain (login) and not from the union of all
keychains visible in Keychain Access.

What am I missing here?

On 5/9/06, Perry The Cynic <email@hidden> wrote:

--On May 9, 2006 3:24:54 PM -0500 Cole Barnes <email@hidden>
wrote:

> I'm trying to get to my CAC through the Keystore services API with
> little success.  Certs/Keys from my card aren't included in the
> default (login) keychain, and I don't see any way to open my smart
> card keychain with the SecKeychainOpen() function.

If everything works as it should, your CAC card should appear (in your
keychain list) as a new, separate keychain. Open Keychain Access, extend
the keychain drawer (the "show keychains" button at the bottom), and insert
your card. You should see a new keychain appear in the list, named
something like "smartcard #2".

If that doesn't work, something is wrong somewhere. :-)

There is no (official) way to "open a smartcard keychain" in Tiger, since
there are no canonical names for them. You can however scan the keychain
search list and match the SecKeychainRefs against the CSSM MDS if you need
to isolate a particular one. We usually discourage that, because your
application should work with the union set of all items in all keychains
whenever practical. Less confusing for the user, that way. But you can if
you must.

Cheers
  -- perry
---------------------------------------------------------------------------
Perry The Cynic                                             email@hidden
To a blind optimist, an optimistic realist must seem like an Accursed Cynic.
---------------------------------------------------------------------------

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: opening smart card keychains
  - From: Perry The Cynic <email@hidden>
- Re: opening smart card keychains
  - From: Paul Nelson <email@hidden>

References:
	>opening smart card keychains (From: "Cole Barnes" <email@hidden>)
	>Re: opening smart card keychains (From: Perry The Cynic <email@hidden>)

Prev by Date: OpenSSL Link library
Next by Date: Re: opening smart card keychains
Previous by thread: Re: opening smart card keychains
Next by thread: Re: opening smart card keychains
Index(es):
- Date
- Thread

Home