The following article will walk you through enabling CAC support on your MacOS device
Requirements
*NOTE: Most CCID readers will automatically be detected by the TokenD software, however some readers may require additional drivers. Check with the manufacturer for any required MacOS drivers. NDU has tested and recommends the following two readers for devices running MacOS/iOS: the SCM Micro Systems SmartFold Smart Card Reader SCR3500 for devices with USB-A ports, and the ACR39U-NF PocketMate II USB-C Smart Card Reader for systems with USB-C ports.
Disabling Crypto Token Kit
Beginning with MacOS 10.12 (Sierra), Apple has introduced a new API, "Crypto Token Kit," to support Smart Cards (CACs). At this time, however, there is not universal support for this API in many third-party applications such as Outlook, Firefox and others. NDU recommends that users disable Crypto Token Kit, and instead use the older, more compatible "TokenD" software for greater Smart Card (CAC) support in MacOS. While other Third-party software exists to enable TokenD support for MacOS, NDU can only provide support DoD-compliant software at this time.
To disable Crypto Token Kit follow these steps:
- In the Finder, Navigate to /Applications/Utilities double click on the Terminal application.
- Copy and paste the following text into the Terminal window, and then hit return on your keyboard:
sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array com.apple.CryptoTokenKit.pivtoken
Your Crypto Token Kit has now been disabled.
Installing Centrify Express
- Open the Centrify Express download page;
- Navigate to the Centrify Express version that matches your MacOS version, and tap to download to your device;
- If the "downloading disk" image does not automatically display, double click on the Centrify Express For Smart Card disk image to force it to begin; and finally,
- Double click on the Centrify Express For Smart Card installer.
- Click on the Continue button.
- Click on the Continue button again.
- Click on the Agree button.
- Click on the Install button.
- Enter an administrative username and password and then click Install Software.
Centrify Express for Smart Card is now installed. It is recommended that you reboot your machine.
Your system is now fully CAC enabled. Applications such as Mail, Outlook, Safari, Chrome, and Acrobat will now recognize your CAC and offer it as a method for accessing sites, signing email, and signing PDF documents. Please note that one application, Firefox will not recognize your CAC. See instructions on how to enable full CAC support in Firefox.
Re-enabling Apple's Crypto Token Kit
In order to re-enable Apple's Crypto Token Kit, it is highly recommended that you also remove the Centrify Express for Smart Card for software. Failure to uninstall Centrify Express for Smart Card may lead to unexpected errors when attempting to use your CAC.
To re-enable Apple's Crypto Token Kit follow these steps:
- From the Finder navigate to /Applications/Utilities/ and double click on the Terminal application;
- Copy and past the following text into the Terminal window and press return on your keyboard;
sudo defaults write /Library/Preferences/com.apple.security.smartcard EnabledTokens -array com.apple.CryptoTokenKit.pivtoken; and,
- Enter your administrative password and hit return on your keyboard. *NOTE: You will not see anything on screen to indicate your password is being entered, this is normal.
Crypto Token Kit has been re-enabled.
Uninstalling Centrify Express for Smart Card
To remove Centrify Express for Smart Card follow these steps:
- In the Finder, navigate to /Applications/Utilities/Centrify and double click on the Smart Card Assistant application.
- Click the Uninstall button.
- Click the Uninstall button.
- Enter your administrative username and password and click OK; and,
- When prompted quit the Smart Card Assistant application.
Centrify Express for Smart Card has now been removed from you system. It is recommended that you reboot your machine.