The Swift Smart Card Middleware iOS API (SCMAPISwift) is part of the Idopte Smart Card Middleware product, which provides standard interfaces for accessing smart cards or cryptographic tokens from applications (PKCS#11 library, Microsoft CSP and smart card mini-driver, Apple TokenD and CryptoTokenKit token driver, …).
There is, however, no standard way to access cryptographic ressources from smart card hardware from an application running on an iOS phone. The SCM iOS API provides all requires entry points to solve this problem. It provides functionnalities similar to those offered by PKCS#11 interface (enumerating card readers, objects in the card, manipulating pins and objects, and performing cryptographic operations).
Prerequisites
The middleware on iOS mobile devices is provided as a framework to be embedded within a custom application.
The middleware requires :
- The provided
ScmApi.framework
framework to be linked with the target application. - If you wish to use NFC you will need iOS(13.0 or above) and iPhone X or above.
The target application must add NFC capabilities, and provide a non-empty string for the
NFCReaderUsageDescriptionkey
in its info.plist file. For the value, enter a string that describes the reason the app needs access to the device’s NFC reader.Example :
<key>NFCReaderUsageDescription</key> <string>YOUR_PRIVACY_DESCRIPTION</string>
The target application must add the
Near Field Communication Tag Reader Session Formats Entitlement
to the entitlements file.Example :
</array> <key>com.apple.developer.nfc.readersession.formats</key> <array> <string>TAG</string> </array>
The target application must contain list of application identifiers (AIDs) that may have to be selected. At the bare minimum, all AIDs declared in the EF.DIR of the cards to support should be declared, as well as the AID of the IAS application itself (in the case of a JavaCard implementation).
Example:
<key>com.apple.developer.nfc.readersession.iso7816.select-identifiers</key> <array> <string>A000000077010800070000FE00000100</string> <string>E828BD080FF2504F5420415750</string> <string>A000000018800000000662</string> </array>
If the target application plans to use bluetooth smart card readers, it must provide a non-empty string for the
NSBluetoothAlwaysUsageDescription
in its info.plist file. For the value, a message that tells the user why the application is requesting the ability to connect to Bluetooth peripherals.Example :
<key>NSBluetoothAlwaysUsageDescription</key> <string>YOUR_PRIVACY_DESCRIPTION</string>
Note
Note that if the target application has a deployment target earlier thaniOS 13
, it needs to add theNSBluetoothPeripheralUsageDescription
key in its info.plist file in addition toNSBluetoothAlwaysUsageDescription
.
Functions
The API can perform the following operations:
- Enumerating all connected smart card readers, getting reader name and state (reader type, card presence, …)
- Reader event detection (card insertion/withdrawal, reader plug/unplug)
- Connecting to a card, disconnecting from a card
- Getting card information (label, manufacturer, model, serial number, …)
- Getting PIN information (number of PINs, label of each PIN, status, …)
- PIN verification, change, and unblocking
- Enumerating card objects (certificates, keys, …)
- Getting object properties (object type, PKCS label and ID, …)
- For certificates, getting textual representation of X.509 attributes (subject, issuer, validity period, key usages, extensions, …)
- Checking certificate validity according to the system certificate stores configured on the client computer (and getting details about the certification path, the reasons why a certificate is not trusted, …)
- Getting the contents of a certificate
- Performing cryptographic operations with the private keys (signature, decryption)