Nitrokey 3A NFC and Java Sun PKCS#11

Nitrokeys
2

On noticing recent post Nk 3c nfc generating keypair through pkcs tool, I tried pkcs11-tool for key creation:

> pkcs11-tool --login-type so --pin "123456" --keypairgen --key-type "EC:prime256v1" --label "modsign" --usage-sign -v
Using slot 0 with a present token (0x0)
Logging in to "OpenPGP card (User PIN)".
Please enter SO PIN: Key pair generated:
Private Key Object; EC
  label:      modsign
  ID:         c0b95d24aed8b5ab78bfb83735d324e25ec7ef6a
  Usage:      sign, signRecover
  Access:     sensitive, always sensitive, never extractable, local
Public Key Object; EC  EC_POINT 1020 bits
  EC_POINT:   04820100fa6d46dc252ea7d263ffaf8c9bf2fa96bf24ab541daf0a6c77048b8bbd5088ac3936ff0335ade9ec82da2975a26a5c3ce4390c98f24c689637d92f9d7d6b46c60000000000000000c6ffdd6c00050090a0519dc3fe01000080ca9bc3fe010000b082bec8fe7f000040819dc3fe0100002d5f0000000000000000000000000000000000000000000000000000000000000000000000000000c9ffe26c00060090000000000000000060559dc3fe0100000000000000000000c0799dc3fe010000860000000000000000519dc3fe010000410000000000000000000000000000000000000000000000ccffe76c0007008f046f7f39716d37034bc3d5ad385d9ada
  EC_PARAMS:  06082a8648ce3d030107
  label:      modsign
  ID:         c0b95d24aed8b5ab78bfb83735d324e25ec7ef6a
  Usage:      verify, verifyRecover
  Access:     none

> pkcs11-tool --list-objects --login
Using slot 0 with a present token (0x0)
Logging in to "OpenPGP card (User PIN)".
Please enter User PIN: Private Key Object; EC
  label:      Authentication key
  ID:         03
  Usage:      sign
  Access:     sensitive, always sensitive, never extractable, local
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   044104fa6d46dc252ea7d263ffaf8c9bf2fa96bf24ab541daf0a6c77048b8bbd5088ac3936ff0335ade9ec82da2975a26a5c3ce4390c98f24c689637d92f9d7d6b46c6
  EC_PARAMS:  06082a8648ce3d030107
  label:      Authentication key
  ID:         03
  Usage:      verify, verifyRecover
  Access:     none
Profile object 1480404688
  profile_id:          CKP_PUBLIC_CERTIFICATES_TOKEN (4)

This was encouraging, but keytool still cannot see any keys.

> keytool -providerClass sun.security.pkcs11.SunPKCS11 -providerArg .\pkcs11.cfg -list -keystore NONE -storetype PKCS11 -v
Enter keystore password:
Keystore type: PKCS11
Keystore provider: SunPKCS11-Nitrokey3

Your keystore contains 0 entries