I would like to develop a macOS keychain integration with the network attached HSM storing the private key. However, I am unable to find the documentation describing the way how integration with the keychain works and what is the starting point for developers.
What I want to achieve is to run the codesign with my code signing certificate and associated private key that is on remote HSM. According to the codesign command documentation:
To be used for code signing, a digital identity must be stored in a keychain that is on the calling user's keychain search list. All keychain sources are supported if properly configured. In particular, it is possible to sign code with an identity stored on a supported smart card. If your signing identity is stored in a different form, you need to make it available in keychain form to sign code with it.
Based on that, my identity representing the certificate and private key stored on the HSM should be available in the keychain form.
What should I do to implement it from the developer perspective? How to store my custom implementation in the keychain form?
I have found the Security Interface:
The Security Interface framework is a set of Objective-C classes that provide user interface elements for programs that implement security features such as authorization, access to digital certificates, and access to items in keychains.
However, I do not need to implement user interface. I need to implement my custom way of performing cryptographic operations on the HSM through the keychain. For example, when you create CSR to be signed on the CA, I want to generate the private key on the HSM, when creating the CSR.
I am trying to identify relevant documentation and guides on how this works and how it should be properly implemented.
