I’m a new user testing out the iOS Smart Card Utility with a Feitian bR301 reader and a US government issued PIV. I am able to identify and insert the card. When I insert the card and visit a website I’m prompted with a list of the 4 certificates (slots 9A, 9C, 9D, 9E) that are present on my card. If I select the 9A PIV Authentication certificate I’m prompted to enter my PIN. However, I just get stuck in a loop where I’m asked to repeatedly enter my PIN. I’m not able to get to the website.
I’ve tested with the embedded test site and PIV.test.max.gov. I can successfully use the PIV on other systems, both Windows and Mac.
I’m running iOS 14.5 on an iPhone 11.
I’ve tried the TestFlight 2.9 (5159) version, and only inserting a single certificate (9A) with the same outcome: repeated request for a PIN.
The activity light does flash after I enter my pin.
On the latest TestFlight version I get a message as soon as I exit the app (either by clicking the “Test” link in the upper left or closing the app by swiping up) that “Bluetooth readers may have powered off”. When I have the reader USB powered, this doesn’t appear to be the case (and I previously mentally dismissed the error). However, if I’m running off of battery power, the reader does power off and I need to press the power button to turn it back on.
I do not observe the reader powering off after entering the PIN and being unconnected from USB power, nor is a message reported.
After exiting the app and getting the disconnect message (with the USB power applied, so the reader doesn’t require a button press to turn back on, the logs show:
As the problem appeared that it may be related to the Feitian SDK, I figured I would try another option. I generated a self-signed certificate on a YubiKey 5Ci. I was able to insert this with Smart Card Utility 2.9 (5159) and provide a client certificate to the test site (server.cryptomix.com).
Incidentally, even when not having the Feitian reader powered on at all, when exiting Smart Card Utility to Safari I get the message that “Bluetooth readers may have powered off”. Is this just a prompt to the user to remind them of the power saving functionality of the Feitian reader?
And, to round it out, I tossed a YubiKey NEO with NFC into the mix. Again, I generated a self-signed certificate. I am able to select NFC, scan the YubiKey, and see the certificate. With the latest TestFlight release, I am unable to insert the certificate. If I revert to 2.9 (5154) or the 2.8 release build, I am able to insert the certificate, but I am unable to provide a client certificate to the test site. I do not get any prompt to enter a PIN or perform an NFC scan.
Now, this post is mostly just color. I’m interested in the SmartCard PIV functionality, and this is just documenting some of what I’ve learned in case another user is following this in the future. Hello from April 2021!
And a final follow on. Thanks to some fantastic assistance from Tim, everything is now working on the recent 2.9 versions currently posted in TestFlight.