diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 4ecb63d..7f6232b 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -138,7 +138,14 @@ static certificate_t *load_from_smartcard(smartcard_format_t format,
 	chunk_t chunk;
 	void *cred;
 
-	chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
+	if (streq (keyid, "%any"))
+    {
+        chunk = chunk_clone (chunk_create("\0", 1)) ;
+    }
+    else
+    {
+        chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
+    }    
 	switch (format)
 	{
 		case SC_FORMAT_SLOT_MODULE_KEYID:
@@ -662,7 +669,7 @@ static shared_key_t* pin_cb(pin_cb_data_t *data, shared_key_type_t type,
 		return NULL;
 	}
 
-	if (!me || !chunk_equals(me->get_encoding(me), data->keyid))
+	if (!streq (data->card, "%smartcard:%any") && (!me || !chunk_equals(me->get_encoding(me), data->keyid)))
 	{
 		return NULL;
 	}
@@ -748,7 +755,14 @@ static bool load_pin(private_stroke_cred_t *this, chunk_t line, int line_nr,
 		return FALSE;
 	}
 
-	chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
+	if (streq (keyid, "%any"))
+    {
+        chunk = chunk_clone (chunk_create("\0", 1)) ;
+    }
+    else
+    {
+        chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
+    }    
 	if (secret.len == 7 && strneq(secret.ptr, "%prompt", 7))
 	{
 		free(secret.ptr);
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
index e65f3a0..047deb4 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
@@ -312,6 +312,7 @@ certificate_t *pkcs11_creds_load(certificate_type_t type, va_list args)
 			{CKA_CERTIFICATE_TYPE, &type, sizeof(type)},
 			{CKA_ID, keyid.ptr, keyid.len},
 		};
+        int     tmpl_len = countof(tmpl) ;
 		CK_ATTRIBUTE attr[] = {
 			{CKA_VALUE, NULL, 0},
 		};
@@ -327,7 +328,11 @@ certificate_t *pkcs11_creds_load(certificate_type_t type, va_list args)
 		{
 			continue;
 		}
-
+        if (keyid.len == 1 && keyid.ptr[0] == '\0')
+        {
+            tmpl_len-- ;
+        }
+        
 		rv = p11->f->C_OpenSession(current, CKF_SERIAL_SESSION, NULL, NULL,
 								   &session);
 		if (rv != CKR_OK)
@@ -336,7 +341,7 @@ certificate_t *pkcs11_creds_load(certificate_type_t type, va_list args)
 			continue;
 		}
 		certs = p11->create_object_enumerator(p11, session,
-									tmpl, countof(tmpl), attr, countof(attr));
+									tmpl, tmpl_len, attr, countof(attr));
 		if (certs->enumerate(certs, &object))
 		{
 			data = chunk_clone(chunk_create(attr[0].pValue, attr[0].ulValueLen));
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
index bb9cc7a..6423ace 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@ -415,7 +415,7 @@ static pkcs11_library_t* find_lib(char *module)
 /**
  * Find the PKCS#11 lib having a keyid, and optionally a slot
  */
-static pkcs11_library_t* find_lib_by_keyid(chunk_t keyid, int *slot,
+static pkcs11_library_t* find_lib_by_keyid(chunk_t * keyid, int *slot,
 										   CK_OBJECT_CLASS class)
 {
 	pkcs11_manager_t *manager;
@@ -436,13 +436,22 @@ static pkcs11_library_t* find_lib_by_keyid(chunk_t keyid, int *slot,
 			/* look for a pubkey/cert, it is usually readable without login */
 			CK_ATTRIBUTE tmpl[] = {
 				{CKA_CLASS, &class, sizeof(class)},
-				{CKA_ID, keyid.ptr, keyid.len},
+				{CKA_ID, keyid -> ptr, keyid -> len},
 			};
+            int     tmpl_len = countof(tmpl) ;
+            CK_ATTRIBUTE attr[] = {
+                {CKA_ID, NULL, 0},
+            };
 			CK_OBJECT_HANDLE object;
 			CK_SESSION_HANDLE session;
 			CK_RV rv;
 			enumerator_t *keys;
 
+            if (keyid -> len == 1 && keyid -> ptr[0] == '\0')
+            {
+                tmpl_len-- ;
+            }
+
 			rv = p11->f->C_OpenSession(current, CKF_SERIAL_SESSION, NULL, NULL,
 									   &session);
 			if (rv != CKR_OK)
@@ -452,13 +461,28 @@ static pkcs11_library_t* find_lib_by_keyid(chunk_t keyid, int *slot,
 				continue;
 			}
 			keys = p11->create_object_enumerator(p11, session,
-												 tmpl, countof(tmpl), NULL, 0);
+												 tmpl, tmpl_len, attr, countof(attr));
 			if (keys->enumerate(keys, &object))
 			{
 				DBG1(DBG_CFG, "found key on PKCS#11 token '%s':%d",
 					 p11->get_name(p11), current);
 				found = p11;
 				*slot = current;
+                if (keyid -> len == 1 && keyid -> ptr[0] == '\0')
+                {
+                    if (attr[0].ulValueLen)
+                    {
+                        chunk_free (keyid) ;
+                        *keyid = chunk_clone(chunk_create(attr[0].pValue, attr[0].ulValueLen));
+                        DBG1(DBG_CFG, "  set keyid to %#B", keyid);
+                    }
+                    else
+                    {
+                        found = NULL ;
+                        DBG1(DBG_CFG, "  cannot get keyid for %any");
+                    }
+
+                }
 			}
 			keys->destroy(keys);
 			p11->f->C_CloseSession(session);
@@ -683,10 +713,10 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
 	}
 	else
 	{
-		this->lib = find_lib_by_keyid(keyid, &slot, CKO_PUBLIC_KEY);
+		this->lib = find_lib_by_keyid(&keyid, &slot, CKO_PUBLIC_KEY);
 		if (!this->lib)
 		{
-			this->lib = find_lib_by_keyid(keyid, &slot, CKO_CERTIFICATE);
+			this->lib = find_lib_by_keyid(&keyid, &slot, CKO_CERTIFICATE);
 		}
 		if (!this->lib)
 		{