TechnologiesSecurity, Privacy & Authentication

CryptoTokenKit

iOSmacOStvOSwatchOSvisionOS

CryptoTokenKit provides access to smart cards and cryptographic tokens through reader slots, exposing the keys, certificates, and secure PIN-based interactions they hold. You discover and connect to hardware with TKSmartCardSlotManager, TKSmartCardSlot, and TKSmartCard, parse card responses with TLV record types such as TKBERTLVRecord and TKSimpleTLVRecord, and drive secure operations like PIN verification and change through TKSmartCardUserInteractionForSecurePINVerification and related user-interaction classes. To make a token's contents available to the system, you implement a token extension with TKToken, TKTokenSession, and TKTokenDriver, surfacing its keys and certificates as keychain items via TKTokenKeychainKey and TKTokenKeychainCertificate. The framework is available on iOS, macOS, tvOS, watchOS, and visionOS.

Smart Card Discovery and Connection 6

Discover card readers, connect to cards, and exchange application protocol data with smart card hardware.

  • Cl
    TKSmartCardSlotManageriOS 9.0+
    Represents pool of SmartCard reader slots.
  • Cl
    TKSmartCardSlotiOS 9.0+
    Represents single slot which can contain SmartCard.
  • Cl
    TKSmartCardiOS 9.0+
    Represents SmartCard inserted in the slot. Once the card is physically removed from the slot, the session object is invalid and will always fail the operation invoked on it. In order to communicate wi
  • Cl
    TKSmartCardATRiOS 9.0+
    Represents parsed SmartCard ATR. Provides routine for parsing byte stream or NSData with binary ATR and accessors to parsed ATR parts.
  • Cl
    TKSmartCardSlotNFCSessioniOS 26.0+
    NFC session that's related to NFC smart card slot which was created.
  • St
    TKSmartCardProtocoliOS 9.0+
    Bitmask of available SmartCard protocols.

Secure PIN Interactions 6

Drive secure PIN verification and change operations through reader-controlled user interactions.

  • Cl
    TKSmartCardUserInteractioniOS 9.0+
    Represents handle to a user interaction involving the SmartCard reader.
  • Cl
    TKSmartCardUserInteractionForPINOperationiOS 9.0+
    User interaction for the secure PIN operations on the SmartCard reader.
  • Cl
    TKSmartCardUserInteractionForSecurePINVerificationiOS 9.0+
    User interaction for the secure PIN verification on the SmartCard reader.
  • Cl
    TKSmartCardUserInteractionForSecurePINChangeiOS 9.0+
    User interaction for the secure PIN change on the SmartCard reader.
  • Cl
    TKSmartCardPINFormatiOS 9.0+
    Specifies PIN formatting properties.
  • Pr
    TKSmartCardUserInteractionDelegateiOS 9.0+
    Delegate for user interactions involving the SmartCard reader.

Parsing Card Responses 4

Decode and construct the tag-length-value records returned by smart cards.

  • Cl
    TKTLVRecordiOS 10.0+
    Base class representing Tag-Length-Value record.
  • Cl
    TKBERTLVRecordiOS 10.0+
    TKBERTLVRecord implements encoding using BER-TLV encoding rules.
  • Cl
    TKSimpleTLVRecordiOS 10.0+
    TKSimpleTLVRecord implements Simple-TLV encoding according to ISO7816-4.
  • Cl
    TKCompactTLVRecordiOS 10.0+
    TKCompactTLVRecord implements Compact-TLV encoding according to ISO7816-4

Implementing a Token Extension 6

Build a token extension that surfaces a card or token's cryptographic contents to the system.

  • Cl
    TKTokeniOS 10.0+
    @discussion Class representing single token. When implementing SmartCard based token, it is recommended to inherit the implementation from TKSmartCardToken. Token object serves as synchronization poin
  • Cl
    TKTokenSessioniOS 10.0+
    @abstract TKTokenSession represents token session which shares authentication status.
  • Cl
    TKTokenDriveriOS 10.0+
    @discussion Base class for token drivers. SmartCard token drivers should use TKSmartCardTokenDriver subclass.
  • Pr
    TKTokenDelegateiOS 10.0+
    @abstract TKTokenDelegate contains operations implementing functionality of token class.
  • Pr
    TKTokenSessionDelegateiOS 10.0+
    @abstract TKTokenSessionDelegate contains operations with token objects provided by token implementors which should be performed in the context of authentication session.
  • Pr
    TKTokenDriverDelegateiOS 10.0+
    @discussion Delegate for customizing token driver operations. SmartCard tokens should implement TKSmartCardTokenDriverDelegate instead of this base protocol.

Smart Card Token Backing 5

Back a token extension with a connected smart card and register it with the system.

  • Cl
    TKSmartCardTokeniOS 10.0+
    @abstract TKSmartCardToken base class for implementing SmartCard based token.
  • Cl
    TKSmartCardTokenSessioniOS 10.0+
    @abstract TKSmartCardTokenSession represents token session based on SmartCard token.
  • Cl
    TKSmartCardTokenDriveriOS 10.0+
    @abstract TKSmartCardTokenDriver represents driver for specific SmartCard type.
  • Pr
    TKSmartCardTokenDriverDelegate
    @discussion TKSmartCardTokenDriverDelegate is used to implement creation of new token instance according to the SmartCard.
  • Cl
    TKSmartCardTokenRegistrationManageriOS 26.0+
    Provides a centralized management system for registering and unregistering smartcards

Token Keychain Items 4

Expose a token's keys and certificates as keychain items the system can use.

  • Cl
    TKTokenKeychainItemiOS 10.0+
    @interface TKTokenKeychainItem
  • Cl
    TKTokenKeychainKeyiOS 10.0+
    @interface TKTokenKeychainKey
  • Cl
    TKTokenKeychainCertificateiOS 10.0+
    @interface TKTokenKeychainCertificate
  • Cl
    TKTokenKeychainContentsiOS 10.0+
    @discussion Contains TKTokenKeychainItem instances (keys and certificates) which represent keychain state (i.e. set of items) of specific token.

Cryptographic Operations and Authentication 6

Describe key algorithms, key-exchange parameters, and the authentication operations a token performs.

  • Cl
    TKTokenKeyAlgorithmiOS 10.0+
    @abstract TKTokenKeyAlgorithm Encapsulates cryptographic algorithm, possibly with additional associated required algorithms.
  • Cl
    TKTokenKeyExchangeParametersiOS 10.0+
    @abstract TKTokenKeyExchangeParameters Encapsulates parameters needed for performing specific Key Exchange operation types.
  • Cl
    TKTokenAuthOperationiOS 10.0+
    @discussion Context of a pending authentication operation.
  • Cl
    TKTokenPasswordAuthOperationiOS 10.0+
    @discussion Context of a password authentication operation.
  • Cl
    TKTokenSmartCardPINAuthOperationiOS 10.0+
    @discussion Context of a SmartCard PIN authentication operation.
  • En
    TKTokenOperationiOS 10.0+
    @enum TKTokenOperation enumerates operations which can be performed with objects (keys and certificates) on the token.

Monitoring and Errors 2

Observe available tokens and handle errors raised by the framework.

  • Cl
    TKTokenWatcheriOS 10.0+
    An object that observes the set of tokens currently available on the system.
  • St
    TKErroriOS 9.0+
    A structure describing errors raised by CryptoTokenKit operations.

Type Aliases 2

  • Ty
    TKTLVTag
    Type used for identifying TLV format tags.
  • Ty
    TKTokenOperationConstraint
    @abstract TKTokenOperationConstraint represents authentication constraint of token object for specific token operation.
← Security, Privacy & Authentication