Friday, April 23, 2010

Free software Tokend above PKCS#11 (for Mac OS X)

Gemalto released the source code of its tokend.


A tokend is a plugin for Mac OS X that links between the CDSA higher layer and a smart card or other cryptographic device. See Smart Card Services.

PKCS#11 Tokend

The goal of this tokend is to be able to use any PKCS#11 library in CDSA and then with native Apple Applications (Mail, Safari, Key Chain, File Vault, etc.)

No configuration

This tokend will try every PKCS#11 library present in the standard directory /usr/lib/pkcs11/ and try to use them. You do not have to configure a specific PKCS#11 library to use.

Source code

The source code is hosted by Apple in the smartcardservices on the macosforge serveur. Direct access is at You can also find instructions to (re)build the Tokend project at


The code is licensed under Apple Public Source License Version 2.0 as the other tokend provided by Apple.

Compiled version

A compiled version can be found in the package installer provided by Gemalto at Download the ".NET PKCS#11 libraries for Mac OS X" file. The tokend is then installed as /System/Library/Security/tokend/PKCS11.tokend

Long term plan

The idea is to have this tokend provided by Apple in the next major operating system (Mac OS X 10.7). And I have no idea when that will happen. But I will let you know :-)

Flattr this