This package is built to leverage p11-kit proxy.
Normally, one would specify PKCS#11 module to use explicitly, e.g. for YubiKey
$ PKCS11_MODULE_PATH=libykcs11.dll openssl pkeyutl -engine pkcs11 -keyform engine \
-inkey "pkcs11:object=Private key for PIV Authentication;type=private;pin-value=123456" \
-sign -in data.txt -out data.sig
Note that libykcs11.dll along with its dependencies has to be on the PATH.
However, this package is built with default PKCS#11 module libp11-kit-0.dll. That is if you
have YOUR-ENV-p11-kit package installed, and say you use OpenSC installed in its default
location along with a properly configured module, e.g. by creating a file
/ucrt64/etc/pkcs11/modules/opensc.module with a single line
module: C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll
then you would be able to use it implicitly, e.g.
$ openssl pkeyutl -engine pkcs11 -keyform engine \
-inkey "pkcs11:token=some_cn;type=private;pin-value=123456" \
-sign -in data.txt -out data.sig
You should be able to check whether your module is set up properly by running
p11-kit list-modules
You should see opensc module in there as well as your token.
Note that pkg-config has an incorrect information about proxy on msys2. The following line
will result in an error.
$ ls -l $(pkg-config.exe --variable=proxy_module p11-kit-1)
ls: cannot access 'C:/msys64/ucrt64/bin/../lib/p11-kit-proxy.dll': No such file or directory
However the proxy and the main library (libp11-kit-0.dll) are essentially the same. This is a
bug in p11-kit packaging.
df882d6a87