There is a more generic command to do exactly this sort of thing, 'openssl storeutil', available since OpenSSL 1.1.1. The pkcs11 backend / engine needs to implement the functionality required to hook with the OSSL_STORE functionality for storeutil to be useful. Cheers, Richard On Wed, 06 Mar 2019 09:47:01 +0100, Antonio Iacono wrote: > > There are some good tools for pkcs11, like pkcs11-tool of the OpenSC > project, but often only need the list of key ids to perform signature > operations with the engine. > > I would propose a new pkcs11 command which, for now, only makes the > list of ids and labels of keys present in a token. > > I have already prepared a draft in this branch > https://github.com/opensignature/openssl/tree/add-pkcs11-command/apps > > Thanks, > Antonio > -- Richard Levitte levitte@xxxxxxxxxxx OpenSSL Project http://www.openssl.org/~levitte/