We ship p11-kit which gives PKCS#11 modules such as OpenSC a a simple way to register themselves with the system and be automatically visible to applications.
With well-behaved applications, the device (and objects therein) will Just Work™. It's as simple as installing the OpenSC (or whatever) package, and plugging the device in. And then they appear in the seahorse GUI, can be queried with p11tool, can be used with applications like the OpenConnect VPN client by using standard PKCS#11 URIs.
Well-behaved applications should:
- Use the p11-kit-configured set of modules instead of having to be
explicitly told which provider module to use (defaulting to
p11-kit-proxy.so as the provider is a simple way to fix this).
- Use standard PKCS#11 URIs as described in
https://tools.ietf.org/html/draft-pechanec-pkcs11uri-16 instead of
their own non-standard form (engine_pkcs11, pkcs11_helper thus
- Allow the use of PKCS#11 objects in all cases that a file can be
used for a certificate and/or key.
PKCS #11 URLs is now a standard's track RFC:
Closing tracker as everything tracked is complete.