frequently differ from the hash produced by the openssl command:
C:\Program Files (x86)\OpenSC Project\OpenSC>openssl dgst -sha1 <filename>
By trying different input files I worked out that the difference is because pkcs11-tool process replaces CRLF by LF before passing it through the hash, whereas openssl passes the complete file contents through the hash.
Is this by design? Am I obliged/expected to convert everything to Base-64 before I hash it if I want to use pkcs11-tool? (I need to hash some pure binary files, which will inevitably contain CRLF by chance and wanted to avoid extra steps ;-) )