What is ctkd?

ctkd is a security process that most people will never deal with directly.

What is ctkd?

ctkd stands for "CryptoTokenKit daemon". CryptoTokenKit is Apple's system for talking to smart cards, security keys, and other hardware security devices. The daemon manages the link between macOS and these devices.

What devices does it support?

ctkd handles:

• PIV smart cards (common in government and large organisations)
• YubiKeys and other security keys
• CAC (Common Access Card) readers used by military and government
• Other smart card readers that follow the CCID standard

When is it active?

ctkd runs when:

• A smart card or security key is plugged in
• A website asks for hardware key login (for example, using a YubiKey)
• An app uses CryptoTokenKit to reach a hardware token
• Smart card pairing is set up for Mac login

On a Mac with no smart cards or security keys, ctkd will be loaded but idle.

Is it linked to Touch ID?

Not directly. Touch ID uses the Secure Enclave, which is handled separately. ctkd is only for outside security keys and smart cards.

Should you worry?

No. It is a standard macOS security daemon that bridges your Mac and hardware security devices.

Enjoyed this post?

Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.

Tags