Add pkcs11 command

Richard Levitte levitte at
Wed Mar 6 09:34:54 UTC 2019

There is a more generic command to do exactly this sort of thing,
'openssl storeutil', available since OpenSSL 1.1.1.

The pkcs11 backend / engine needs to implement the functionality
required to hook with the OSSL_STORE functionality for storeutil to be


On Wed, 06 Mar 2019 09:47:01 +0100,
Antonio Iacono wrote:
> There are some good tools for pkcs11, like pkcs11-tool of the OpenSC
> project, but often only need the list of key ids to perform signature
> operations with the engine.
> I would propose a new pkcs11 command which, for now, only makes the
> list of ids and labels of keys present in a token.
> I have already prepared a draft in this branch
> Thanks,
> Antonio
Richard Levitte         levitte at
OpenSSL Project

More information about the openssl-users mailing list