diff --git a/contrib/release/openssl-pkcs11.cnf b/contrib/release/openssl-pkcs11.cnf
new file mode 100644
index 000000000..2e911001a
--- /dev/null
+++ b/contrib/release/openssl-pkcs11.cnf
@@ -0,0 +1,14 @@
+# openssl-pkcs11.cnf
+openssl_conf = openssl_init
+
+[openssl_init]
+engines = engine_section
+
+[engine_section]
+pkcs11 = pkcs11_section
+
+[pkcs11_section]
+engine_id = pkcs11
+dynamic_path = /nix/store/drl8sclg3kyanl2fpya48b0l8kgznr5m-libp11-0.4.12/lib/engines/pkcs11.so
+MODULE_PATH = /nix/store/cr9w0d4gvcqfb3ri4pvm48n5ig8aidiz-opensc-0.26.0/lib/opensc-pkcs11.so
+INIT = 0
diff --git a/flake.lock b/flake.lock
index 20c180ed8..0623e3b0b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -109,16 +109,16 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1732014248,
-        "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
+        "lastModified": 1735563628,
+        "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
+        "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
diff --git a/flake.nix b/flake.nix
index d6a963f61..c9fcbc42b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,7 @@
   description = "Dev shell to help contributing to liana";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
     flake-utils.url = "github:numtide/flake-utils";
     crane.url = "github:ipetkov/crane";
     fenix = {
@@ -168,7 +168,18 @@
             pkgs.gnutar
             pkgs.dpkg
             pkgs.rcodesign
+            pkgs.opensc          # Provides pkcs11 tools and module (opensc-pkcs11.so)
+            pkgs.pcsclite       # Smartcard support
+            pkgs.osslsigncode    # For signing Windows executables
+            pkgs.openssl         # To have the PKCS#11 engine available (lib/engines)
+            pkgs.libp11
           ];
+
+          shellHook = ''
+            export OPENSSL_CONF=${toString ./contrib/release/openssl-pkcs11.cnf}
+            echo "OPENSSL_CONF is set to ${toString ./contrib/release/openssl-pkcs11.cnf}"
+            echo "PKCS#11 environment ready."
+          '';
         };
 
       in {