A shared library that implements a PKCS#11 interface to the Apple Security framework
I am pleased to announce the 1.1 release of Keychain-PKCS11!
The major update for this release is the package is signed with new signing certificates that are not revoked. This resolves the issues with the 1.0 release that used certificates that were unexpectedly revoked.
This release also includes a minor fix for hardware that contained EC keys (EC is currently not supported but is planned for a future release).
Feedback is always welcome. Please contact the author at [email protected]
Greetings! I am pleased to announce the 1.0 release of Keychain-PKCS11!
This release includes the following changes since the last release:
keychain-pkcs11.dylib
is now built as a multi-architecture library and
the same library should work on x86_64 or amd64.CKM_RSA_X_509
PKCS#11 mechanism (decrypt only)This release has been tested primarily on Catalina and Big Sur, but should work on all versions of MacOS X from High Sierra onwards.
Feedback is always welcome. Please contact the author at [email protected]
Greetings! After a long time I have finally had the opportunity to come out with a new release of Keychain-PKCS11!
Major changes in this release include:
keychain-pkcs11.dylib
has been code-signed so there should be no issues with Gatekeeper causing warnings on Catalina.C_SignUpdate
& C_VerifyUpdate
).A caution for Catalina users: IF the application you are using with Keychain-PKCS11 is running under the hardened runtime environment, it must have the com.apple.security.smartcard
entitlement to access smartcard tokens. Most popular applications (such as Firefox) already do this.
Feedback is always welcome. Please contact the author at [email protected]
Greetings! This is the first public release of Keychain-PKCS11. It is not perfect, but I believe it is functional. We have a number of users locally and they have not reported problems, so I feel comfortable deploying this to a wider audience.
We have specifically tested this library with Firefox, MIT Kerberos, and various versions of Adobe Acrobat. Some preliminary testing has been done with Thunderbird but nothing extensive yet.
Please send any feedback to the author at [email protected]