Since version 3.8.10 it is possible to plug a PKCS#11 module into GnuTLS and override the default cryptographic backend of the library with the cryptographic functions provided by the module.
A PKCS#11 module can be configured to serve as cryptographic backend by adding
url and pin in the [provider] section.
url: URL of the PKCS#11 module.
pin: PIN for logging into the PKCS#11 token.
The following example shows how to use a PKCS#11 module as cryptographic backend. Note that the module has to be initialized first.
[provider] url = pkcs11:model=v1;manufacturer=Kryoptic%20Project;token=Kryoptic%20Token pin = 1234