Key Storage Provider (KSP) macOS equivalent

Hi,

I successfully developed a key storage provider (KSP) under Windows that allows me to digitally sign from 3rd party application (typically Acrobat Reader but not only).

Now I'm trying to port the key storage provider to macOS, but I cannot find an equivalent technology under this OS.

I've tried different solutions:

  1. API hooking/method swizzling/dll interposing: It doesn't look officially supported plus easily blockable (with hardened runtime);
  2. Endpoint security framework: It looks basically for watch-only purposes plus minimal blocking capabilities;

Is there any supported way to implement a KSP macOS equivalent? Any suggestion? Something else to explore?

Thanks a lot,

max

Up vote post of maxb78 Down vote post of maxb78
369 views
Posted by
maxb78
Reply
Add a Comment

Replies

Sadly, I don’t know what a KSP actually does, which makes it hard to answer your question. I suspect it’s an abstraction layer to support hardware tokens, like smart cards, which can provide digital identities to the system. Someone can then use such a digital identity to, for example, sign code without the identity’s private key leaving the KSP (or, if there’s hardware involved, the hardware that the KSP is managing). Is that right?

If so, the droid you’re looking for is CryptoTokenKit.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment