Every supplier of tokens claims to support PKCS#11. Nevertheless this is
always their own PKCS#11 libary (PKCS#11 has very different flavours).
So you need to install their libary and use their cards. On the
otherhand you need to check if the filestructure on the card is
supported by the libary. Every token supplier has made their own
structure. The most open standard structure for this moment is PKCS#15.
What you would like is a n (application) to n (token) relation.
Therefore you need to install some middleware on the clientside that
supports both PKCS#11, CAPI and PKCS#12 and it is preferable that this
middleware is developed by a non token manufacturer.
On the otherhand you must make sure that the readers for the tokens are
also supported and talk via a fast way to the tokens (115000 in stead of
9600 baud)
OpenSSL is supporting pkcs#12 and PKCS#11 at this moment
Regards,
Kick WIllemse
Amsterdam
