Mac OSX Sonoma and higher Smart-card reader issue

Smart Card Reader Issues Tracker for Sonoma

Smart-card issue

Quick fix

A short fix for Mac Sonoma, more details below in the section 'Overview'.

Execute the following steps:

1. Open a Mac Terminal

   1. Press Command+Spacebar on your keyboard. Enter Terminal in the search field and press enter.

2. Execute command: sudo defaults write /Library/Preferences/com.apple.security.smartcard useIFDCCID -bool yes

   1. copy/paste the section in bold in the terminal and press enter

3. Unplug smart card reader from USB port

4. Restart Mac

5. Plug smart card reader back in USB port

The fix has been applied and you should be able to sign a document or authenticate

Overview

Starting from OSX Sonoma, smart card readers for Mac can fail for the following use cases:

• detect card reader

• execute transaction (digital signature or authentication)

The general end-user experience is that the smart card communication fails (card reader disseappears or the transaction fails).

A very great shout-out to Ludovic Rousseau who initially did a follow-up on impact of smart card readers in Sonoma:

macOS Sonoma and smart cards statusLudovic Rousseau's blog

Reported Bug to Mac OSX:

macOS Sonoma bug: SCardControl() returns SCARD_E_NOT_TRANSACTEDLudovic Rousseau's blog

OSX Forum

MacOS 14 (Sonoma) Smart Card Reade… | Apple Developer Forumsforums.developer.apple.com

Solution

The initial solution prior to 11/2023 was very elaborate, but was made easy by applying a single command in a MAC OSX terminal:

sudo defaults write /Library/Preferences/com.apple.security.smartcard useIFDCCID -bool yes

What does the command execute/change?

The command switches the MAC OSX implementation of the CCID drivers to the legacy version (the version working prior to Sonoma).

As MAC OSX defaults using a custom CCID implementation, which still have some issues, switching to the old version is a temporary stolution.

How to roll-back to MAC OSX CCID implementation?

Form a specific moment (not at the time of writing), switching back to the default CCID implementation can be done using the following commands (in a terminal):

Check if the built-in Apple CCID driver is active

defaults read /Library/Preferences/com.apple.security.smartcard.plist useIFDCCID

If the former command results in:

he domain/default pair of (/Library/Preferences/com.apple.security.smartcard.plist, useIFDCCID) does not exist

This means that the built-in Apple driver is active.

The result is 1 so the "external" (non-Apple) CCID driver is enabled.

Returning back to default, execute:

sudo defaults write /Library/Preferences/com.apple.security.smartcard useIFDCCID -bool no

After executing a driver switch, we have noticed that a restart is mandatory!

You need to unplug your smart card reader from the USB port, and plug it back in after restarting