On Wed, 11 Dec 2013, Benjamin Fras wrote: > > Hi, > This is the output of the pkcs11-tool using the safenet-lib > pkcs11-tool --module /usr/lib/libeToken.so -O > Using slot 0 with a present token (0x0) > Certificate Object, type = X.509 cert > label: 411ef289-88cf-4f38-89b1-5e8691f6cb8a > ID: 1f67fd84c675af27 > Certificate Object, type = X.509 cert > label: {E670E946-633C-4956-83B0-5EB67A3A5EAE} > ID: e93a991dca5b2939 This is the problem - the released versions only handle plain keys. E.g. [djm at demiurge ~]$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -O Using slot 2 with a present token (0x5) Public Key Object; RSA 2048 bits label: Private Key ID: 71c719db35ffd0f8087710e57722a3d82f630e58 Usage: encrypt, verify, wrap Certificate Object, type = X.509 cert label: Certificate ID: 71c719db35ffd0f8087710e57722a3d82f630e58 Markus added support for extracting a public key from a certificate only recently. -d