There are some good tools for pkcs11, like pkcs11-tool of the OpenSC project, but often only need the list of key ids to perform signature operations with the engine. I would propose a new pkcs11 command which, for now, only makes the list of ids and labels of keys present in a token. I have already prepared a draft in this branch https://github.com/opensignature/openssl/tree/add-pkcs11-command/apps Thanks, Antonio
