### Registering a Smart Card App Extension Source: https://developer.apple.com/documentation/cryptotokenkit/authenticating-users-with-a-cryptographic-token Launch the hosting app as the _securityagent user to register the app extension with the system. This action only needs to be performed once, typically during a managed installation. ```bash sudo -u _securityagent /Applications/HostApp.app/Contents/MacOS/HostApp ``` -------------------------------- ### Get TKSmartCard Instance Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardtokensession/getsmartcard%28%29 Returns a TKSmartCard instance with an active exclusive session and the SmartCard application selected. This method is available on iOS, iPadOS, macOS, tvOS, visionOS, and watchOS starting from version 26.0. ```swift func getSmartCard() throws -> TKSmartCard ``` -------------------------------- ### beginSession(reply:) Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcard/beginsession%28reply%3A%29 Begins a session with the Smart Card. This method requires a reply closure to handle the success or failure of the session initiation. ```APIDOC ## beginSession(reply:) ### Description Begins a session with the Smart Card. ### Method Signature ```swift func beginSession(reply: @escaping @Sendable (Bool, (any Error)?) -> Void) ``` ### Parameters * `reply` - A closure that is called when the session attempt completes. It receives a boolean indicating success and an optional Error object. * `success` (Bool) - Indicates whether the session could be established successfully. * `error` (Error?) - Contains information about the error preventing the session from being established. The `NSError` object is created in the `TKErrorDomain` domain with a code in the `TKError.Code` enumeration. ### Discussion This method will fail if there is already an existing session for the Smart Card. Calls to this method must be balanced with calls to `endSession()`. ``` -------------------------------- ### Get and Set Minimum PIN Length Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardpinformat/minpinlength Use this property to get or set the minimum number of characters required for a valid PIN. The default value is 4. ```swift var minPINLength: Int { get set } ``` -------------------------------- ### Get and Set pinBitOffset Property Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardpinformat/pinbitoffset Use this property to get or set the bit offset within the PIN block for the formatted PIN. The default value is 0. ```swift var pinBitOffset: Int { get set } ``` -------------------------------- ### Initializers Source: https://developer.apple.com/documentation/cryptotokenkit/tktlvrecord Initializes a TKTLVRecord instance. ```APIDOC convenience init?(fromData: Data) ``` -------------------------------- ### init(from:) Source: https://developer.apple.com/documentation/cryptotokenkit/tktlvrecord/init%28from%3A%29 Creates and returns a TLV record by parsing the specified data. This initializer is available on iOS 10.0+, iPadOS 10.0+, Mac Catalyst 13.1+, macOS 10.12+, tvOS 11.0+, visionOS 1.0+, and watchOS 4.0+. ```APIDOC ## init(from:) ### Description Creates and returns a TLV record from by parsing the specified data. ### Method `convenience init?(from data: Data)` ### Parameters #### Path Parameters * **data** (Data) - Description: A data object containing the serialized representation of a TLV record. ### Response #### Success Response A TLV record, or `nil` if `data` does not specify a valid record. ``` -------------------------------- ### Getting the Slot State Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardslot Retrieves the current state of the Smart Card reader slot. ```APIDOC ## var state: TKSmartCardSlot.State ### Description The current state of the Smart Card reader slot. ### Type `TKSmartCardSlot.State` (enum) ``` -------------------------------- ### interfaceGroup(at:) Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardatr/interfacegroup%28at%3A%29 Returns the interface group at the specified index. Interface group indexes start at 1. ```APIDOC ## interfaceGroup(at:) ### Description Returns the interface group at the specified index. ### Method Signature ```swift func interfaceGroup(at index: Int) -> TKSmartCardATR.InterfaceGroup? ``` ### Parameters #### Path Parameters - **index** (Int) - Required - The index of the desired interface group. Interface group indexes start at `1`, as specified by ISO 7816-3. ### Return Value The interface group at the specified index, or `nil` if not present. ### See Also - `func interfaceGroup(for: TKSmartCardProtocol) -> TKSmartCardATR.InterfaceGroup?` - `class InterfaceGroup` ``` -------------------------------- ### init(token:) Source: https://developer.apple.com/documentation/cryptotokenkit/tktokensession/init%28token%3A%29 Initializes a token session with the specified token. This is the designated initializer. ```APIDOC ## init(token:) ### Description Initializes a token session with the specified token. ### Parameters #### Path Parameters - **token** (TKToken) - Required - The token to which the initialized session is bound. ### Return Value A new token session created with the specified token. ### Discussion This is the designated initializer. ``` -------------------------------- ### beginSession() async throws Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcard/beginsession%28reply%3A%29 Begins a session with the Smart Card asynchronously. This method returns a boolean indicating success and can throw an error. ```APIDOC ## beginSession() async throws ### Description Begins a session with the Smart Card asynchronously. ### Method Signature ```swift func beginSession() async throws -> Bool ``` ### Return Value * `Bool` - Returns `true` if the session could be established successfully, otherwise `false`. ### Throws This method may throw an error if the session cannot be established. The `NSError` object is created in the `TKErrorDomain` domain with a code in the `TKError.Code` enumeration. ### Discussion This method will fail if there is already an existing session for the Smart Card. Calls to this method must be balanced with calls to `endSession()`. ``` -------------------------------- ### Get and Set pinFormat Property Source: https://developer.apple.com/documentation/cryptotokenkit/tktokensmartcardpinauthoperation/pinformat This property defines the format of the PIN. By default, it is initialized without specific configuration. ```swift var pinFormat: TKSmartCardPINFormat { get set } ``` -------------------------------- ### Begin Smart Card Session (Async/Await) Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcard/beginsession%28reply%3A%29 Initiates a session with the smart card using async/await. Ensure calls are balanced with endSession(). This method may fail if a session already exists. ```swift func beginSession() async throws -> Bool ``` -------------------------------- ### Get publicKeyHash Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenkeychainkey/publickeyhash Retrieve the SHA1 hash of the raw public key. This property is equivalent to the kSecAttrApplicationLabel type attribute. ```swift var publicKeyHash: Data? { get set } ``` -------------------------------- ### Get Max PIN Length Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardpinformat/maxpinlength Access the maximum number of characters allowed for a valid PIN. Defaults to 8. ```swift var maxPINLength: Int { get set } ``` -------------------------------- ### Initializer Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenkeychainkey/init%28certificate%3Aobjectid%3A%29 Initializes a token keychain key with data from the specified certificate reference and a given object ID. ```APIDOC ## init(certificate:objectID:) ### Description Initializes a token keychain key with data from the specified certificate reference and a given object ID. ### Parameters #### Parameters - **certificateRef** (SecCertificate?) - The certificate reference. You can create a `SecCertificateRef` value from a data object using the `SecCertificateCreateWithData` function. - **objectID** (TKToken.ObjectID) - The object ID. ### Return Value A new token keychain certificate. ### Discussion This is the designated initializer. ``` -------------------------------- ### cancel() Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcarduserinteraction/cancel%28%29 Attempts to cancel an interaction started by calling `run(reply:)`. For certain interactions, cancellation may not be available. ```APIDOC ## cancel() ### Description Attempts to cancel an interaction started by calling `run(reply:)`. For certain interactions, cancellation may not be available. ### Method Signature ```swift func cancel() -> Bool ``` ### Return Value Returns `false` if the operation is not running, or if cancelation is not supported. ``` -------------------------------- ### Initializer Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenkeychaincertificate/init%28certificate%3Aobjectid%3A%29 Initializes a token keychain certificate with data from the specified certificate reference and a given object ID. ```APIDOC ## init(certificate:objectID:) ### Description Initializes a token keychain certificate with data from the specified certificate reference and a given object ID. ### Parameters #### Parameters - **certificateRef** (SecCertificate) - The certificate reference. You can create a `SecCertificate` value from a data object using the `SecCertificateCreateWithData(_:_:)` function. - **objectID** (TKToken.ObjectID) - The object ID. ### Return Value A new token keychain certificate. ### Discussion This is the designated initializer. ``` -------------------------------- ### TKError.Code Cases Source: https://developer.apple.com/documentation/cryptotokenkit/tkerror/code These cases represent specific error conditions within CryptoTokenKit. For example, use `notImplemented` when a requested feature is not supported. ```swift case notImplemented ``` ```swift case communicationError ``` ```swift case corruptedData ``` ```swift case canceledByUser ``` ```swift case authenticationFailed ``` ```swift case objectNotFound ``` ```swift case tokenNotFound ``` ```swift case badParameter ``` ```swift case authenticationNeeded ``` -------------------------------- ### init(objectID:) Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenkeychainitem/init%28objectid%3A%29 Initializes a new token keychain item with a given object identifier. ```APIDOC ## init(objectID:) ### Description Initializes a token keychain item with the specified object ID. ### Parameters #### Path Parameters * **objectID** (TKToken.ObjectID) - Required - The object ID. ### Return Value A new keychain item. ``` -------------------------------- ### Accessing Token Configuration Data Source: https://developer.apple.com/documentation/cryptotokenkit/tktoken/configuration-swift.class/configurationdata Use this property to get or set additional configuration data for a token instance. The system does not interpret this data. ```swift var configurationData: Data? { get set } ``` -------------------------------- ### Begin Smart Card Session (Callback) Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcard/beginsession%28reply%3A%29 Initiates a session with the smart card using a completion handler. Ensure calls are balanced with endSession(). This method may fail if a session already exists. ```swift func beginSession(reply: @escaping @Sendable (Bool, (any Error)?) -> Void) ``` -------------------------------- ### tokenDriver(_:tokenFor:) Source: https://developer.apple.com/documentation/cryptotokenkit/tktokendriverdelegate/tokendriver%28_%3Atokenfor%3A%29 This method is called by the system to request the creation of a token instance. The `configuration` parameter identifies the specific token to be created. The created token will have access to its configuration data and can interact with keychain items through methods provided by the configuration. ```APIDOC ## tokenDriver(_:tokenFor:) ### Description Creates a new token for the configuration you specify. ### Method Signature ```swift optional func tokenDriver( _ driver: TKTokenDriver, tokenFor configuration: TKToken.Configuration ) throws -> TKToken ``` ### Parameters - **driver** (`TKTokenDriver`) - The token driver. - **configuration** (`TKToken.Configuration`) - The configuration that identifies the token to create. ### Return Value - **TKToken** - The created token. ### Discussion The system invokes this method to request creation of a token instance, which the `instanceID` property of the configuration you specify identifies. The created token has access to its current configuration using the `configurationData` property, which can provide token-implementation-specific additional data. The token can access keychain items this token exports with the methods `key(for:)` and `certificate(for:)` that the configuration provides. ### See Also - `func tokenDriver(TKTokenDriver, terminateToken: TKToken)` ``` -------------------------------- ### TKSmartCardUserInteractionForSecurePINChange.Confirmation.new Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcarduserinteractionforsecurepinchange/confirmation/new Use this static property to get a default confirmation interaction for secure PIN changes. It is available across multiple Apple platforms. ```swift static var new: TKSmartCardUserInteractionForSecurePINChange.Confirmation { get } ``` -------------------------------- ### Get Slot by Name (Synchronous) Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardslotmanager/slotnames Returns the Smart Card slot with a given name. Returns nil if no slot with the specified name exists. ```swift func slotNamed(String) -> TKSmartCardSlot? ``` -------------------------------- ### init(fromData:) Source: https://developer.apple.com/documentation/cryptotokenkit/tktlvrecord/init%28fromdata%3A%29 Initializes a TKTLVRecord object from the provided Data. This is a convenience initializer and may return nil if the data is invalid. ```APIDOC ## init(fromData:) ### Description Initializes a TKTLVRecord object from the provided Data. ### Method `convenience init?(fromData data: Data)` ### Parameters #### Path Parameters - **data** (Data) - The data to initialize the TKTLVRecord with. ### Response #### Success Response A new TKTLVRecord object, or nil if initialization fails. ``` -------------------------------- ### Get Slot by Name Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardslotmanager/slotnames Asynchronously retrieves a Smart Card slot for a specified name. The reply block is called with the slot or nil if not found. ```swift func getSlot(withName: String, reply: (TKSmartCardSlot?) -> Void) ``` -------------------------------- ### init(tokenDriver:instanceID:) Source: https://developer.apple.com/documentation/cryptotokenkit/tktoken/init%28tokendriver%3Ainstanceid%3A%29 Initializes a new TKToken object with the provided token driver and instance identifier. ```APIDOC ## init(tokenDriver:instanceID:) ### Description Initializes a token with the driver you specify. ### Parameters #### Parameters - **tokenDriver** (TKTokenDriver) - The driver of the token. - **instanceID** (TKToken.InstanceID) - A unique, persistent identifier for this token. This value is typically generated from the serial number of the target hardware. ### Return Value A new token object. ### Discussion This is the designated initializer. ``` -------------------------------- ### Getting the Slot Configuration Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardslot Accesses the configuration details of the Smart Card reader slot, including its name and maximum data transfer lengths. ```APIDOC ## var name: String ### Description The name of the Smart Card reader slot. ### Type `String` ## var maxInputLength: Int ### Description The maximum length of input APDU (Application Protocol Data Unit) that the Smart Card reader slot is able to transfer to the Smart Card. ### Type `Int` ## var maxOutputLength: Int ### Description The maximum length of output APDU (Application Protocol Data Unit) that the Smart Card reader slot is able to transfer from the Smart Card. ### Type `Int` ``` -------------------------------- ### TKTLVRecord init(from:) Source: https://developer.apple.com/documentation/cryptotokenkit/tktlvrecord/init%28from%3A%29 Creates and returns a TLV record by parsing the specified data. Use this initializer when you have serialized TLV data and need to reconstruct the record object. Returns nil if the data is invalid. ```swift convenience init?(from data: Data) ``` -------------------------------- ### init() Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenwatcher/init%28%29 Initializes a token watcher. This is the basic initializer for TKTokenWatcher. ```APIDOC ## init() ### Description Initializes a token watcher. ### Method `init()` ### Parameters This initializer does not take any parameters. ### Response Initializes a `TKTokenWatcher` object. ``` -------------------------------- ### Get and Set PIN Block Byte Length Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardpinformat/pinblockbytelength This property retrieves or sets the total length of the PIN block in bytes. It defaults to 8. ```swift var pinBlockByteLength: Int { get set } ``` -------------------------------- ### Create Token Instance with tokenDriver(_:tokenFor:) Source: https://developer.apple.com/documentation/cryptotokenkit/tktokendriverdelegate/tokendriver%28_%3Atokenfor%3A%29 The system invokes this method to request creation of a token instance. The created token has access to its current configuration using the `configurationData` property. ```swift optional func tokenDriver( _ driver: TKTokenDriver, tokenFor configuration: TKToken.Configuration ) throws -> TKToken ``` -------------------------------- ### Retrieve Interface Group by Index Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardatr/interfacegroup%28at%3A%29 Use this method to get an interface group at a specific 1-based index. Returns nil if the index is out of bounds. ```swift func interfaceGroup(at index: Int) -> TKSmartCardATR.InterfaceGroup? ``` -------------------------------- ### Initialize TKBERTLVRecord with Tag and Records Source: https://developer.apple.com/documentation/cryptotokenkit/tkbertlvrecord/init%28tag%3Arecords%3A%29 Use this initializer to create a new BER-TLV record. It requires a `TKTLVTag` and an array of `TKTLVRecord` objects. ```swift init( tag: TKTLVTag, records: [TKTLVRecord] ) ``` -------------------------------- ### Get Token Information Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenwatcher/tokeninfo%28fortokenid%3A%29 Use this method to retrieve detailed information about a specific token by providing its unique identifier. Ensure you have the correct token ID. ```swift func tokenInfo(forTokenID tokenID: String) -> TKTokenWatcher.TokenInfo? ``` -------------------------------- ### Retrieve a Key by ObjectID Source: https://developer.apple.com/documentation/cryptotokenkit/tktoken/configuration-swift.class/key%28for%3A%29 Use this method to get a specific key from the token's keychain. If the key is not found, the system will return a `TKError.Code.objectNotFound` error. ```swift func key(for objectID: TKToken.ObjectID) throws -> TKTokenKeychainKey ``` -------------------------------- ### init(bytes:) Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardatr/init%28bytes%3A%29 Initializes a `TKSmartCardATR` object from a provided data object. Returns `nil` if the data is not a valid ATR. ```APIDOC ## init(bytes:) ### Description Initializes a `TKSmartCardATR` object from a provided data object. ### Method `init?(bytes: Data)` ### Parameters #### Parameters - **bytes** (Data) - The ATR data to be parsed. ### Return Value A `TKSmartCardATR` object initialized with the parsed data. If `bytes` does not contain a valid ATR, returns `nil`. ``` -------------------------------- ### Initialize TKBERTLVRecord with Tag and Subrecords Source: https://developer.apple.com/documentation/cryptotokenkit/tkbertlvrecord Initializes a BER-TLV record with a specified tag and an array of TLV subrecords. The subrecords should be instances of TKTLVRecord. ```swift init(tag: TKTLVTag, records: [TKTLVRecord]) ``` -------------------------------- ### interactionTimeout Property Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcarduserinteraction/interactiontimeout Sets or gets the timeout, in seconds, after the first key stroke. A value of 0 uses the reader-defined default timeout. Defaults to 0. ```APIDOC ## interactionTimeout ### Description The timeout, in seconds, after the first key stroke. If set to `0`, the reader-defined default timeout is used. `0` by default. ### Property `var interactionTimeout: TimeInterval { get set }` ### Availability iOS 9.0+ | iPadOS 9.0+ | Mac Catalyst 13.1+ | macOS 10.11+ | tvOS 11.0+ | visionOS 1.0+ | watchOS 4.0+ ``` -------------------------------- ### Get Maximum Input APDU Length Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardslot/maxinputlength Retrieve the maximum length of an input APDU that the smart card reader slot supports. This value is read-only. ```swift var maxInputLength: Int { get } ``` -------------------------------- ### Initialize TKBERTLVRecord with Tag and Value Source: https://developer.apple.com/documentation/cryptotokenkit/tkbertlvrecord/init%28tag%3Avalue%3A%29 Use this initializer to create a new BER-TLV record. Provide the tag and the data value for the record. ```swift init( tag: TKTLVTag, value: Data ) ``` -------------------------------- ### TKTokenSession Initialization Source: https://developer.apple.com/documentation/cryptotokenkit/tktokensession Initializes a token session with the specified token. ```APIDOC ## init(token: TKToken) ### Description Initializes a token session with the specified token. ### Parameters #### Path Parameters - **token** (TKToken) - Required - The token to initialize the session with. ``` -------------------------------- ### TKSmartCardPINFormat.Encoding.ascii Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardpinformat/encoding-swift.enum/ascii Represents the ASCII encoding format for PINs. Characters are encoded in ASCII format, for example, `1234` is encoded as `31h 32h 33h 34h`. ```APIDOC ## TKSmartCardPINFormat.Encoding.ascii ### Description Characters are encoded in ASCII format (for example, `1234` is encoded as `31h 32h 33h 34h`). ### Case ```swift case ascii ``` ### Availability iOS 9.0+ iPadOS 9.0+ Mac Catalyst 13.1+ macOS 10.11+ tvOS 11.0+ visionOS 1.0+ watchOS 4.0+ ``` -------------------------------- ### Initializer Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardtoken/init%28smartcard%3Aaid%3Ainstanceid%3Atokendriver%3A%29-90hza Initializes a TKSmartCardToken with a smart card object, an optional AID, a unique instance ID, and the token driver. ```APIDOC ## init(smartCard:AID:instanceID:tokenDriver:) ### Description Initializes a new instance of `TKSmartCardToken`. ### Parameters - **smartCard** (`TKSmartCard`) - The smart card object to associate with the token. - **AID** (`Data?`) - An optional Application Identifier for the smart card. - **instanceID** (`String`) - A unique identifier for this token instance. - **tokenDriver** (`TKSmartCardTokenDriver`) - The token driver managing this smart card token. ### Availability iOS 10.0+ iPadOS 10.0+ Mac Catalyst 13.1+ macOS 10.12+ tvOS 11.0+ visionOS 1.0+ watchOS 4.0+ ``` -------------------------------- ### List Available Token IDs Source: https://developer.apple.com/documentation/cryptotokenkit/using-cryptographic-assets-stored-on-a-smart-card Instantiate TKTokenWatcher to get a list of all token IDs currently present in the system. This allows you to identify available smart cards. ```swift let watcher = TKTokenWatcher() print("The following token IDs are present in the system:") for tokenID in watcher.tokenIDs { print(tokenID) } ``` -------------------------------- ### Accessing Keychain Items Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenkeychaincontents Provides methods to access and retrieve keychain items associated with the token. You can get all items, or specific keys and certificates by their object identifiers. ```APIDOC ## var items: [TKTokenKeychainItem] ### Description Returns all items for the token in the keychain. ### Response #### Success Response (200) - **items** (array of TKTokenKeychainItem) - All items for the token in the keychain. ``` ```APIDOC ## func key(forObjectID: TKToken.ObjectID) throws -> TKTokenKeychainKey ### Description Returns the key for a specified object identifier. ### Parameters #### Path Parameters - **forObjectID** (TKToken.ObjectID) - Required - The object identifier for the key. ### Response #### Success Response (200) - **key** (TKTokenKeychainKey) - The requested key. ``` ```APIDOC ## func certificate(forObjectID: TKToken.ObjectID) throws -> TKTokenKeychainCertificate ### Description Returns the certificate for a specified object identifier. ### Parameters #### Path Parameters - **forObjectID** (TKToken.ObjectID) - Required - The object identifier for the certificate. ### Response #### Success Response (200) - **certificate** (TKTokenKeychainCertificate) - The requested certificate. ``` -------------------------------- ### init(tag:value:) Source: https://developer.apple.com/documentation/cryptotokenkit/tkbertlvrecord/init%28tag%3Avalue%3A%29 Initializes a BER-TLV record with the specified tag and value. Available on iOS 10.0+, iPadOS 10.0+, Mac Catalyst 13.1+, macOS 10.12+, tvOS 11.0+, visionOS 1.0+, and watchOS 4.0+. ```APIDOC ## init(tag:value:) ### Description Initializes a BER-TLV record with the specified tag and value. ### Parameters #### Path Parameters - **tag** (TKTLVTag) - Required - The tag field of the record. - **value** (Data) - Required - The value field of the record. ### Return Value A new TLV record containing the specified tag and value fields. ### See Also - `init(tag: TKTLVTag, records: [TKTLVRecord])` - `typealias TKTLVTag` ``` -------------------------------- ### Retrieve a Certificate by ObjectID Source: https://developer.apple.com/documentation/cryptotokenkit/tktoken/configuration-swift.class/certificate%28for%3A%29 Use this method to get a certificate from the token's keychain. If the certificate with the specified `objectID` is not found, the system will return a `TKError.Code.objectNotFound` error. ```swift func certificate(for objectID: TKToken.ObjectID) throws -> TKTokenKeychainCertificate ``` -------------------------------- ### Implement tokenSession(_:sign:keyObjectID:algorithm:) Source: https://developer.apple.com/documentation/cryptotokenkit/tktokensessiondelegate/tokensession%28_%3Asign%3Akeyobjectid%3Aalgorithm%3A%29 Implement this method to handle signing requests. It requires the session, data to sign, the key identifier, and the signing algorithm. The method should return the signed data or throw an error. ```swift optional func tokenSession( _ session: TKTokenSession, sign dataToSign: Data, keyObjectID: TKToken.ObjectID, algorithm: TKTokenKeyAlgorithm ) throws -> Data ``` -------------------------------- ### Get and Set pinLengthBitSize Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardpinformat/pinlengthbitsize This property determines the bit size for the PIN length field. Set to 0 to omit writing the PIN length. Defaults to 0. ```swift var pinLengthBitSize: Int { get set } ``` -------------------------------- ### TKToken Initialization Source: https://developer.apple.com/documentation/cryptotokenkit/tktoken Initializes a token with the specified driver. ```APIDOC ## init(tokenDriver: TKTokenDriver, instanceID: TKToken.InstanceID) ### Description Initializes a token with the driver you specify. ### Parameters - **tokenDriver** (TKTokenDriver) - The token driver. - **instanceID** (TKToken.InstanceID) - The instance identifier of the token. ``` -------------------------------- ### new Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcarduserinteractionforsecurepinchange/confirmation/new Returns a new confirmation instance. ```APIDOC ## new iOS 9.0+iPadOS 9.0+Mac Catalyst 13.1+macOS 10.11+tvOS 11.0+visionOS 1.0+watchOS 4.0+ ```swift static var new: TKSmartCardUserInteractionForSecurePINChange.Confirmation { get } ``` ### Description Returns a new confirmation instance. ``` -------------------------------- ### Retrieve Interface Group by Protocol Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardatr/interfacegroup%28for%3A%29 Use this method to get an interface group that uses a specific communication protocol. Returns `nil` if no matching group is found. ```swift func interfaceGroup(for protocol: TKSmartCardProtocol) -> TKSmartCardATR.InterfaceGroup? ``` -------------------------------- ### Retrieve Keychain Key by ObjectID Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenkeychaincontents/key%28forobjectid%3A%29 Use this method to get a specific key from the token's keychain using its object identifier. Returns `nil` if no key is found. ```swift func key(forObjectID objectID: TKToken.ObjectID) throws -> TKTokenKeychainKey ``` -------------------------------- ### init(tag:value:) Source: https://developer.apple.com/documentation/cryptotokenkit/tkcompacttlvrecord/init%28tag%3Avalue%3A%29 Initializes a TLV record with the specified tag and value. Available on iOS 10.0+, iPadOS 10.0+, Mac Catalyst 13.1+, macOS 10.12+, tvOS 11.0+, visionOS 1.0+, watchOS 4.0+. ```APIDOC ## init(tag:value:) ### Description Initializes a TLV record with the specified tag and value. ### Parameters #### Path Parameters - **tag** (UInt8) - Required - The tag field of the record. - **value** (Data) - Required - The value field of the record. ### Return Value A new TLV record containing the specified tag and value fields. ``` -------------------------------- ### Accessing the Current Confirmation Interaction Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcarduserinteractionforsecurepinchange/confirmation/current Use this static property to get the default confirmation interaction for secure PIN changes. It is available across multiple Apple platforms. ```swift static var current: TKSmartCardUserInteractionForSecurePINChange.Confirmation { get } ``` -------------------------------- ### Begin a Session with the Smart Card Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcard Call this method to begin a session with the smart card. It takes a completion handler that receives a boolean indicating success and an optional error. ```swift func beginSession(reply: (Bool, (any Error)?) -> Void) ``` -------------------------------- ### run(reply:) Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcarduserinteraction/run%28reply%3A%29 Runs the user interaction and asynchronously receives a reply. This method is available on iOS 9.0+, iPadOS 9.0+, Mac Catalyst 13.1+, macOS 10.11+, tvOS 11.0+, visionOS 1.0+, and watchOS 4.0+. ```APIDOC ## run(reply:) ### Description Runs the user interaction and asynchronously receives a reply. ### Method Signature ```swift func run(reply: @escaping @Sendable (Bool, (any Error)?) -> Void) ``` ### Parameters * `reply` - A callback closure that is executed upon completion of the user interaction. It receives two arguments: * `success` (Bool): Indicates whether the user interaction was successful. * `error` (Error?): Contains information about the error that occurred during the user interaction. The `NSError` object is created in the `TKErrorDomain` domain with a code in the `TKError.Code` enumeration. ``` ```APIDOC ## run() async throws -> Bool ### Description Runs the user interaction and returns a boolean indicating success or failure, throwing an error if one occurs. This is the asynchronous version of the `run(reply:)` method. ### Method Signature ```swift func run() async throws -> Bool ``` ### Return Value * `Bool`: `true` if the user interaction was successful, `false` otherwise. ### Throws * `Error`: An error object if the user interaction fails. The `NSError` object is created in the `TKErrorDomain` domain with a code in the `TKError.Code` enumeration. ``` -------------------------------- ### Swift initialTimeout Property Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcarduserinteraction/initialtimeout Use this property to get or set the timeout for initial smart card interaction. A value of 0 uses the reader's default timeout. ```swift var initialTimeout: TimeInterval { get set } ``` -------------------------------- ### Get Maximum Output APDU Length Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardslot/maxoutputlength Retrieve the maximum length of an output APDU that the Smart Card reader slot can transfer from the Smart Card. This property is read-only. ```swift var maxOutputLength: Int { get } ``` -------------------------------- ### Initializer Source: https://developer.apple.com/documentation/cryptotokenkit/tksimpletlvrecord/init%28tag%3Avalue%3A%29 Initializes a TLV record with the specified tag and value. ```APIDOC ## init(tag:value:) ### Description Initializes a TLV record with the specified tag and value. ### Parameters #### Path Parameters * **tag** (UInt8) - Required - The tag field of the record. * **value** (Data) - Required - The value field of the record. ### Return Value A new TLV record containing the specified tag and value fields. ``` -------------------------------- ### Implement tokenDriver(_:createTokenFor:aid:) Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardtokendriverdelegate/tokendriver%28_%3Acreatetokenfor%3Aaid%3A%29 Implement this method to create a `TKSmartCardToken` for a detected smart card. Return `nil` if an error occurs or if no token should be provided. ```swift func tokenDriver( _ driver: TKSmartCardTokenDriver, createTokenFor smartCard: TKSmartCard, aid AID: Data? ) throws -> TKSmartCardToken ``` -------------------------------- ### Get Current Smart Card Protocol Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcard/currentprotocol Access the currentProtocol property to determine the communication protocol currently in use with the smart card. Returns TKSmartCardProtocolNone if no session is active. ```swift var currentProtocol: TKSmartCardProtocol { get } ``` -------------------------------- ### end() Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardslotnfcsession/end%28%29 Ends the NFC slot session and dismisses the system-presented NFC UI (if present). Available on iOS, iPadOS, Mac Catalyst, and visionOS starting from version 26.0. ```APIDOC ## end() ### Description Ends the NFC slot session and dismisses the system-presented NFC UI (if present). ### Method func end() ### Availability iOS 26.0+ iPadOS 26.0+ Mac Catalyst 26.0+ visionOS 26.0+ ``` -------------------------------- ### Begin Token Authentication Source: https://developer.apple.com/documentation/cryptotokenkit/tktokensessiondelegate Notifies the delegate that authentication has begun for a specified operation and constraint. Returns a TKTokenAuthOperation. Requires TKTokenSession, TKTokenOperation, and Any constraint. ```swift func tokenSession(TKTokenSession, beginAuthFor: TKTokenOperation, constraint: Any) throws -> TKTokenAuthOperation ``` -------------------------------- ### Get Smart Card Slot with Callback Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardslotmanager/getslot%28withname%3Areply%3A%29 Use this method to asynchronously retrieve a Smart Card reader slot by its name. The result is delivered via a completion handler block. ```swift func getSlot( withName name: String, reply: @escaping @Sendable (TKSmartCardSlot?) -> Void ) ``` -------------------------------- ### Initializer Source: https://developer.apple.com/documentation/cryptotokenkit/tkbertlvrecord/init%28tag%3Arecords%3A%29 Initializes a BER-TLV record with the specified tag and an array of TLV subrecords. ```APIDOC ## init(tag:records:) ### Description Initializes a BER-TLV record with the specified tag and an array of TLV subrecords. ### Parameters #### Parameters - **tag** (TKTLVTag) - The tag field of the record. - **records** ([TKTLVRecord]) - The TLV subrecords of the record. ### Return Value A new TLV record containing the specified tag field and subrecords. ``` -------------------------------- ### withSession(_:) Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcard/withsession%28_%3A%29 Synchronously begins a session, executes the given closure, and ends the session. ```APIDOC ## Instance Method # withSession(_:) Synchronously begins a session, executes the given closure, and ends the session. Available in iOS 10.0+ and later. ```swift func withSession(_ body: @escaping () throws -> T) throws -> T ``` ### Parameters `body` A closure to be called in the context of the created session. ``` -------------------------------- ### Get CryptoTokenKit Error Domain Source: https://developer.apple.com/documentation/cryptotokenkit/tkerror/errordomain Use this static property to retrieve the error domain string for CryptoTokenKit errors. This is useful for error handling and checking specific error types. ```swift static var errorDomain: String { get } ``` -------------------------------- ### TKToken.Configuration Methods Source: https://developer.apple.com/documentation/cryptotokenkit/tktoken/configuration-swift.class Methods available on the TKToken.Configuration class. ```APIDOC ## TKToken.Configuration Methods ### Description Methods for retrieving specific items from the token's configuration. ### Methods - `certificate(for: TKToken.ObjectID) throws -> TKTokenKeychainCertificate` - Returns a certificate from the keychain with the object identifier you specify. - `key(for: TKToken.ObjectID) throws -> TKTokenKeychainKey` - Returns a key from the keychain with the object identifier you specify. ``` -------------------------------- ### slotName Property Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardslotnfcsession/slotname This property returns the name of the NFC smart card slot that was created with the session. It is available on iOS, iPadOS, Mac Catalyst, and visionOS starting from version 26.0. ```APIDOC ## slotName ### Description Smart card slot name of the NFC slot that was created together with this session. ### Availability iOS 26.0+ iPadOS 26.0+ Mac Catalyst 26.0+ visionOS 26.0+ ### Syntax ```swift var slotName: String? { get } ``` ``` -------------------------------- ### TKTokenKeychainKey Initialization Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenkeychainkey Initializes a token keychain key with data from the specified certificate reference and a given object ID. ```APIDOC ## init?(certificate: SecCertificate?, objectID: TKToken.ObjectID) ### Description Initializes a token keychain key with data from the specified certificate reference and a given object ID. ### Parameters #### Path Parameters - **certificate** (SecCertificate?) - Optional - The certificate reference. - **objectID** (TKToken.ObjectID) - Required - A unique and persistent identifier of a particular token object. ### Response #### Success Response (200) - **TKTokenKeychainKey** - An initialized TKTokenKeychainKey object. ``` -------------------------------- ### ASCII Encoding Case Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardpinformat/encoding-swift.enum/ascii Use this case to specify that PIN characters should be encoded using their ASCII values. For example, the PIN '1234' is encoded as '31h 32h 33h 34h'. ```swift case ascii ``` -------------------------------- ### Authenticating Source: https://developer.apple.com/documentation/cryptotokenkit/tktokensessiondelegate Tells the delegate that authentication has begun for the specified operation and constraint. ```APIDOC ## func tokenSession(TKTokenSession, beginAuthFor: TKTokenOperation, constraint: Any) throws -> TKTokenAuthOperation ### Description Tells the delegate that authentication has begun for the specified operation and constraint. ### Parameters #### Path Parameters - **TKTokenSession** (TKTokenSession) - Description - **beginAuthFor** (TKTokenOperation) - Description - **constraint** (Any) - Description ### Returns - **TKTokenAuthOperation** - Description ### Throws - Description ``` -------------------------------- ### init(source:) Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardatr/init%28source%3A%29 Initializes a TKSmartCardATR object from a provided data source block. The block should return one byte of data at a time, or -1 to indicate an error. This initializer is available on iOS 9.0+, iPadOS 9.0+, macOS 10.10+, tvOS 11.0+, watchOS 4.0+, and visionOS 1.0+. ```APIDOC ## init(source:) ### Description Initializes a `TKSmartCardATR` object from a provided data source. ### Method `init?(source: @escaping () -> Int32)` ### Parameters #### Source Block - `source` (Function returning Int32) - Required - The block providing a stream of data for an ATR. The block takes no arguments and returns one byte. To indicate that an error occurred, the block returns -1. ### Return Value A `TKSmartCardATR` object initialized with the parsed data. Returns `nil` if the byte stream produces an error or does not contain a valid ATR. ### See Also - `init?(bytes: Data)` ``` -------------------------------- ### Get the Shared Smart Card Slot Manager Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardslotmanager Access the shared singleton instance of the Smart Card reader slot manager. This is the entry point for managing smart card readers. ```swift class var default: TKSmartCardSlotManager? ``` -------------------------------- ### Get Smart Card Slot with Async/Await Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardslotmanager/getslot%28withname%3Areply%3A%29 This is the modern Swift concurrency version for asynchronously retrieving a Smart Card reader slot by name. It returns the slot directly or nil if not found. ```swift func getSlot(withName name: String) async -> TKSmartCardSlot? ``` -------------------------------- ### Initializer Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcarduserinteractionforsecurepinchange/confirmation/init%28rawvalue%3A%29 Initializes the confirmation object with a raw unsigned integer value. This is available on iOS 9.0+, iPadOS 9.0+, Mac Catalyst 13.1+, macOS 10.11+, tvOS 11.0+, visionOS 1.0+, and watchOS 4.0+. ```APIDOC ## init(rawValue:) ### Description Initializes a new instance of the confirmation object with a raw unsigned integer value. ### Method Signature ```swift init(rawValue: UInt) ``` ### Availability * iOS 9.0+ * iPadOS 9.0+ * Mac Catalyst 13.1+ * macOS 10.11+ * tvOS 11.0+ * visionOS 1.0+ * watchOS 4.0+ ``` -------------------------------- ### fill(with:) Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenkeychaincontents/fill%28with%3A%29 Fills the keychain with the specified items. All existing items for the token are first removed from the keychain before filling the keychain with the new items. ```APIDOC ## fill(with:) ### Description Fills the keychain with the specified items. All existing items for the token are first removed from the keychain before filling the keychain with `items`. ### Method Signature ```swift func fill(with items: [TKTokenKeychainItem]) ``` ### Parameters #### items - **items** (*[TKTokenKeychainItem]*) - Required - The items to be added to the keychain. ``` -------------------------------- ### Get Available Smart Card Slot Names Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardslotmanager Retrieve a list of identifiers for all smart card reader slots available on the system. This property provides the names you can use to access individual slots. ```swift var slotNames: [String] ``` -------------------------------- ### Retrieve a Smart Card Slot by Name Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardslotmanager/slotnamed%28_%3A%29 Use this method to get a specific smart card slot object using its unique name. Returns nil if no slot with the given name is found. ```swift func slotNamed(_ name: String) -> TKSmartCardSlot? ``` -------------------------------- ### addTokenConfiguration(for:) Source: https://developer.apple.com/documentation/cryptotokenkit/tktokendriver/configuration/addtokenconfiguration%28for%3A%29 Creates a configuration object for a token using its instance identifier. If a configuration for the given instance ID already exists, it will be replaced with a new, empty configuration. ```APIDOC ## addTokenConfiguration(for:) ### Description Creates a configuration object for a token with the token instance identifier you specify. ### Method Signature ```swift func addTokenConfiguration(for instanceID: TKToken.InstanceID) -> TKToken.Configuration ``` ### Parameters #### Path Parameters - **instanceID** (TKToken.InstanceID) - Required - The token’s instance identifier. ### Return Value - TKToken.Configuration - The configuration class for the token. ### Discussion This method adds the created configuration into the `tokenConfigurations` dictionary. Adding a configuration with an `instanceID` that already exists replaces the existing configuration with a new empty configuration. ### See Also - `removeTokenConfiguration(for:)` ``` -------------------------------- ### TKSimpleTLVRecord Initialization Source: https://developer.apple.com/documentation/cryptotokenkit/tksimpletlvrecord Initializes a TLV record with the specified tag and value. ```APIDOC ## init(tag: UInt8, value: Data) ### Description Initializes a TLV record with the specified tag and value. ### Parameters #### Path Parameters - **tag** (UInt8) - Required - The tag for the TLV record. - **value** (Data) - Required - The value for the TLV record. ``` -------------------------------- ### TKSmartCardPINFormat.Encoding.binary Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardpinformat/encoding-swift.enum/binary Represents the binary encoding format for PINs. In this format, characters are encoded directly as their binary values. For example, the PIN '1234' would be encoded as the bytes 0x01, 0x02, 0x03, 0x04. ```APIDOC ## TKSmartCardPINFormat.Encoding.binary ### Description Represents the binary encoding format for PINs. Characters are encoded in Binary format (for example, `1234` is encoded as `01h 02h 03h 04h`). ### Supported Platforms iOS 9.0+ iPadOS 9.0+ Mac Catalyst 13.1+ macOS 10.11+ tvOS 11.0+ visionOS 1.0+ watchOS 4.0+ ### See Also - `case ascii` - `case bcd` ``` -------------------------------- ### Get Persistent Reference to Token Item Source: https://developer.apple.com/documentation/cryptotokenkit/using-cryptographic-assets-stored-on-a-smart-card Set kSecReturnPersistentRef to true in the keychain query to obtain a persistent reference to a token item. This reference can be used to access the item later, but will fail if the token is removed. ```swift let getquery: [String: Any] = [kSecClass as String: kSecClassKey, kSecAttrTokenID as String: "com.example.piv:0123456789", kSecReturnPersistentRef as String: true] ``` -------------------------------- ### init(smartCard:aid:instanceID:tokenDriver:) Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcardtoken/init%28smartcard%3Aaid%3Ainstanceid%3Atokendriver%3A%29-38ak2 Initializes a smart card token with the specified smart card, application identifier, and token driver. Available on iOS 10.0+, iPadOS 10.0+, Mac Catalyst 13.1+, macOS 10.12+, tvOS 11.0+, visionOS 1.0+, watchOS 4.0+. ```APIDOC ## init(smartCard:aid:instanceID:tokenDriver:) ### Description Initializes a smart card token with the specified smart card, application identifier, and token driver. ### Parameters #### Parameters - **smartCard** (TKSmartCard) - The smart card on which the created token should operate. - **aid** (Data?) - The ISO 7816-4 application identifier for the smart card. - **instanceID** (String) - A unique, persistent identifier for this token. This value is typically generated from the serial number of the target hardware. - **tokenDriver** (TKSmartCardTokenDriver) - The driver associated with the created token. ### Discussion This is the designated initializer. ``` -------------------------------- ### Retrieve Certificate by ObjectID Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenkeychaincontents/certificate%28forobjectid%3A%29 Use this method to get a specific certificate from the token's keychain. Ensure you have the correct object identifier. The method can throw an error if the certificate is not found or an issue occurs during retrieval. ```swift func certificate(forObjectID objectID: TKToken.ObjectID) throws -> TKTokenKeychainCertificate ``` -------------------------------- ### Add Token Configuration Source: https://developer.apple.com/documentation/cryptotokenkit/tktokendriver/configuration/removetokenconfiguration%28for%3A%29 Use this method to create a configuration object for a token, identified by its instance ID. This is often used in conjunction with removing configurations. ```swift func addTokenConfiguration(for: TKToken.InstanceID) -> TKToken.Configuration ``` -------------------------------- ### supportsAlgorithm(_:) Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenkeyalgorithm/supportsalgorithm%28_%3A%29 Determines whether the specified algorithm is the target operation algorithm or one of the other algorithms used by the token key. ```APIDOC ## supportsAlgorithm(_:) ### Description Checks if the specified algorithm is the target operation algorithm, or one of the other algorithms used. ### Method `func supportsAlgorithm(_ algorithm: SecKeyAlgorithm) -> Bool` ### Parameters #### Path Parameters - **algorithm** (SecKeyAlgorithm) - Required - The algorithm to be checked. ### Return Value `true` if `algorithm` is the target operation algorithm or one of the other algorithms used; otherwise, `false`. ### See Also - `func isAlgorithm(SecKeyAlgorithm) -> Bool` ``` -------------------------------- ### Optional func tokenSession(_:beginAuthFor:constraint:) Source: https://developer.apple.com/documentation/cryptotokenkit/tktokensessiondelegate/tokensession%28_%3Abeginauthfor%3Aconstraint%3A%29 Implement this method to handle the start of an authentication process for a token operation. Return a `TKTokenAuthOperation` subclass to manage context-specific properties like passwords before the operation finishes. ```swift optional func tokenSession( _ session: TKTokenSession, beginAuthFor operation: TKTokenOperation, constraint: Any ) throws -> TKTokenAuthOperation ``` -------------------------------- ### TKTokenKeychainCertificate Initialization Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenkeychaincertificate Initializes a token keychain certificate with data from the specified certificate reference and a given object ID. ```APIDOC ## init?(certificate: SecCertificate, objectID: TKToken.ObjectID) ### Description Initializes a token keychain certificate with data from the specified certificate reference and a given object ID. ### Parameters #### Path Parameters - **certificate** (SecCertificate) - Description of the certificate reference. - **objectID** (TKToken.ObjectID) - Description of the object ID. ``` -------------------------------- ### Get and Set pinByteOffset Source: https://developer.apple.com/documentation/cryptotokenkit/tktokensmartcardpinauthoperation/pinbyteoffset The offset, in bytes, within the APDU template to mark the location for filling in the PIN. This property is available on iOS 10.0+, iPadOS 10.0+, macOS 10.12+, tvOS 11.0+, and watchOS 4.0+. ```swift var pinByteOffset: Int { get set } ``` -------------------------------- ### Initialize TKTokenKeychainItem Source: https://developer.apple.com/documentation/cryptotokenkit/tktokenkeychainitem/init%28objectid%3A%29 Initializes a new `TKTokenKeychainItem` instance using a provided object ID. This is the primary way to create a keychain item linked to a specific token. ```swift init(objectID: TKToken.ObjectID) ``` -------------------------------- ### Accessing Keychain Items Source: https://developer.apple.com/documentation/cryptotokenkit/tktoken/configuration-swift.class/keychainitems Use this property to get or set the array of keychain items associated with the token. Available on iOS 14.0+, iPadOS 14.0+, macOS 10.15+, tvOS 14.0+, watchOS 7.0+, and visionOS 1.0+. ```swift var keychainItems: [TKTokenKeychainItem] { get set } ``` -------------------------------- ### TKSmartCard Overview Source: https://developer.apple.com/documentation/cryptotokenkit/tksmartcard This class provides an interface for managing sessions with a smart card, transmitting requests, and facilitating user interaction. You can create a TKSmartCard object when a smart card is inserted into a slot, by calling the makeSmartCard() method on the corresponding TKSmartCardSlot object. To start communicating with the smart card, call the beginSession(reply:) method on the TKSmartCard object. Once an exclusive session has been established, you transmit data using the transmit(_:reply:) method. After you’ve finished communicating with a smart card, you call the endSession() method. ```APIDOC ## Overview This class provides an interface for managing sessions with a smart card, transmitting requests, and facilitating user interaction. You can create a `TKSmartCard` object when a smart card is inserted into a slot, by calling the `makeSmartCard()` method on the corresponding `TKSmartCardSlot` object. To start communicating with the smart card, call the `beginSession(reply:)` method on the `TKSmartCard` object. Once an exclusive session has been established, you transmit data using the `transmit(_:reply:)` method. After you’ve finished communicating with a smart card, you call the `endSession()` method. If the smart card is physically removed from its slot, the session object becomes invalid, and any further calls to `transmit(_:reply:)` will return an error. You can use Key-Value Observing on the `isValid` property to be notified when a smart card is invalidated, due to being removed from the slot or another reason. ```