ykcs11 doesn't install p11-kit module file

[dwmw2]

When I use OpenSC with my Yubikey PIV, the distribution package of OpenSC installs a .module file which ensures that opensc-pkcs11.so is loaded into any well-behaved applications automatically.

So I can use the PKCS#11 URI 'pkcs11:manufacturer=piv_II;id=%01' with any application in place of a filename for a cert/key, and expect it to work.

That does require that the PKCS#11 module be installed correctly with a p11-kit .module file though...

[qpernil]

I'm not very familiar with p11-kit, if you have such a module config file I'd appreciate the contribution. Do you see anything aside of the config file that would be needed ? One thing that pops to mind is the different shared library suffixes on Linux an MacOS.

[ee987]

@qpernil see https://p11-glue.github.io/p11-glue/p11-kit/manual/pkcs11-conf.html

[sigv]

You just need a /usr/share/p11-kit/modules/ykcs11.module file. At its most minimal configuration:

# https://p11-glue.github.io/p11-glue/p11-kit/manual/pkcs11-conf.html
module: /usr/lib/x86_64-linux-gnu/libykcs11.so

---

It is also possible to symlink /usr/lib/x86_64-linux-gnu/pkcs11/libykcs11.so to ../libykcs11.so.
In that case the module path provided can be a relative one - simply libykcs11.so.

[mlt]

How do I go about it on Windows (MSYS2)? I have a line module: /usr/local/bin/libykcs11.dll in C:\msys64\etc\pkcs11\modules\yubi.module . I copied DLLs (libcrypto-3-x64.dll, libykcs11.dll, libykpiv.dll, zlib1.dll) into C:\msys64\usr\local\bin\.
If I run p11-kit list-modules I get only standard stuff. However, if I try strace, I see some exceptions

…
  131  166181 [main] p11-kit 49376 pathfinder::find: (exists and not dir), take /usr/local/bin/libykcs11.dll
--- Process 33168 (pid: 49376) loaded C:\msys64\usr\local\bin\libykcs11.dll at 00007ffa2d550000
--- Process 33168 (pid: 49376) loaded C:\Windows\System32\vcruntime140.dll at 00007ffa1b1f0000
--- Process 33168 (pid: 49376) loaded C:\msys64\usr\local\bin\libykpiv.dll at 00007ffa39640000
--- Process 33168 (pid: 49376) loaded C:\msys64\ucrt64\bin\libcrypto-3-x64.dll at 00007ff96f450000
--- Process 33168 (pid: 49376) loaded C:\Windows\System32\crypt32.dll at 00007ffa47a80000
--- Process 33168 (pid: 49376) loaded C:\Windows\System32\ws2_32.dll at 00007ffa49910000
--- Process 33168 (pid: 49376) loaded C:\Windows\System32\bcrypt.dll at 00007ffa47420000
--- Process 33168 (pid: 49376) loaded C:\Windows\System32\WinSCard.dll at 00007ffa43ac0000
--- Process 33168 (pid: 49376) loaded C:\msys64\ucrt64\bin\zlib1.dll at 00007ffa395d0000
--- Process 33168 (pid: 49376), exception e06d7363 at 00007ffa47e72bdc
10577  176758 [main] p11-kit 49376 dlopen: ret 0x7FFA2D550000
  155  176913 [main] p11-kit 49376 dlsym: ret 0x7FFA2D55B220
 1529  178442 [main] p11-kit 49376 normalize_posix_path: src /usr/lib/pkcs11/p11-kit-trust.so
…
--- Process 33168 (pid: 49376), exception c0000005 at 00000004dd83402d
--- Process 33168 (pid: 49376), exception c0000005 at 00000004dd83402d
--- Process 33168 (pid: 49376), exception c0000005 at 00000004dd83402d
--- Process 33168 (pid: 49376), exception c0000005 at 00000004dd83402d
…

UPDATE for anyone else landing here. One should use absolute Windows path for p11-kit to work and not just unix/cygwin/msys. So for /ucrt64 version of p11-kit, I had to have module: c:\msys64/usr/local/bin/libykcs11.dll provided that is where you copied DLL files in C:\msys64\ucrt64\etc\pkcs11\modules\yubi.module. Note that forward or backward slash does not matter. Neither there is a need to escape spaces in folder names if any.