Modify private key shards to work with hardware tokens

[osresearch]

Is there someway to modify the key shards to work with hardware tokens that expect CRT parameters or primes? Or are there hardware tokens that can operate on the (n,e,d) private key without the CRT?

[osresearch]

The Nitrokey is open source and has a build-time option to do non-CRT RSA for private key operations. However it does not support the openssl pkcs11 engine right now, so it will need some adjustments to make it work.