Thank you, Quinn. This worked like a charm. I'm now able to view the certificates on my PIV smart card from my app. I also appreciate you filing the bug. In your original post, you seemed to imply that using a PIV smart card to authenticate to a server may pose a bit of a challenge. Are there any suggested readings that you would recommend?

@DTS Engineer Quinn, Thank you for your response. To answer your question: Yes, I am attempting to debug my application on a physical iPad with a card reader + PIV smart card plugged into it. My iPad is an iPad Pro 11-inch (M4) running iPadOS 18.5. The card reader I'm using is an HID Omnikey 3121. Do you have any additional troubleshooting suggestions?

Hi @DTS Engineer Quinn. I am new to swift development, and it's possible that I'm missing something fundamental/obvious. If so, I apologize in advance. I also realize that this post is a couple of years old - and perhaps outdated. However, I'm trying to accomplish something similar to what the original inquirer is asking for here, and thus far I haven't found anything recent that is as relevant as this post. The only difference is that I'm trying to use a PIV smart card to achieve authentication to a server rather than digitally signing a document. Unfortunately, I'm getting stuck when attempting to run the list() function you posted in the accepted answer above to simply list the certificates from the smart card. When attempting to call SecItemCopyMatching(), I'm getting a -34018 missing entitlement error. I've attempted to add the com.apple.token to my app's keychain-access-groups entitlements, but this does not resolve the issue. I have checked the entitlements in my built app, per your recommendation in the troubleshooting guide here: https://developer.apple.com/forums/thread/114456. The entitlement for com.apple.token is indeed present in the plist. Based on other documentation I've read, however, it seems that the explicit declaration of com.apple.token should not even be required in the entitlements. Is there something obvious that I'm missing here that would prevent my app from accessing the token access group?