This is a long-standing upstream issue: https://github.com/Yubico/yubico-piv-tool/issues/92 Instead of waiting for upstream, Gentoo could install the required module file to make YubiKeys work with OpenSSL, GnuTLS and various other applications. The module file should be installed in /usr/share/p11-kit/modules/ykcs11.module. The file simply needs to reference the ykcs11 library, i.e. contain a line like: module: /usr/lib64/libykcs11.so Note: The library could be installed into the p11-kit search path, which is /usr/lib64/pkcs11 on my system. In this case, the absolute path is not required. Reproducible: Always Steps to Reproduce: One way to the this is p11tool from the gnutls package: 1. USE='pkcs11 tools' emerge net-libs/gnutls 2. Connect YubiKey 4 or 5 3. p11tool --list-tokens Actual Results: Token 0: URL: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust Label: System Trust Type: Trust module Flags: uPIN uninitialized Manufacturer: PKCS#11 Kit Model: p11-kit-trust Serial: 1 Module: p11-kit-trust.so Expected Results: Token 0: URL: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust Label: System Trust Type: Trust module Flags: uPIN uninitialized Manufacturer: PKCS#11 Kit Model: p11-kit-trust Serial: 1 Module: p11-kit-trust.so Token 1: URL: pkcs11:model=YubiKey%20YK4;manufacturer=Yubico;serial=1234;token=YubiKey%20PIV Label: YubiKey PIV Type: Hardware token Flags: RNG, Requires login Manufacturer: Yubico Model: YubiKey YK4 Serial: 1234 Module: /usr/lib64/libykcs11.so
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1978be7e390b24a4edbccb0db659e6ba7532f34 commit e1978be7e390b24a4edbccb0db659e6ba7532f34 Author: Marek Szuba <marecki@gentoo.org> AuthorDate: 2020-09-06 20:38:16 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2020-09-06 20:39:26 +0000 sys-auth/yubico-piv-tool: make p11-kit aware of libykcs11 Closes: https://bugs.gentoo.org/701058 Signed-off-by: Marek Szuba <marecki@gentoo.org> .../yubico-piv-tool-2.1.1-r1.ebuild | 51 ++++++++++++++++++++++ 1 file changed, 51 insertions(+)