diff --git a/clevis.spec b/clevis.spec
index 18acdd1..33b9e8c 100644
--- a/clevis.spec
+++ b/clevis.spec
@@ -48,8 +48,6 @@ Requires:       curl
 Requires:       jq
 Requires(pre):  shadow-utils
 Requires(post): systemd
-Requires:       pcsc-lite
-Requires:       opensc
 
 %description
 Clevis is a framework for automated decryption. It allows you to encrypt
@@ -109,6 +107,17 @@ Requires:       %{name}-luks%{?_isa} = %{version}-%{release}
 Automatically unlocks LUKS block devices in desktop environments that
 use UDisks2 or storaged (like GNOME).
 
+%package pin-pkcs11
+Summary:        PKCS#11 for clevis
+Requires:       %{name}-systemd%{?_isa} = %{version}-%{release}
+Requires:       %{name}-luks%{?_isa} = %{version}-%{release}
+Requires:       %{name}-dracut%{?_isa} = %{version}-%{release}
+Requires:       pcsc-lite
+Requires:       opensc
+
+%description pin-pkcs11
+Automatically unlocks LUKS block devices through a PKCS#11 device.
+
 %prep
 %autosetup -S git
 
@@ -143,20 +152,15 @@ systemctl preset %{name}-luks-askpass.path >/dev/null 2>&1 || :
 %{_bindir}/%{name}-decrypt-tpm2
 %{_bindir}/%{name}-decrypt-sss
 %{_bindir}/%{name}-decrypt-null
-%{_bindir}/%{name}-decrypt-pkcs11
 %{_bindir}/%{name}-decrypt
 %{_bindir}/%{name}-encrypt-tang
 %{_bindir}/%{name}-encrypt-tpm2
 %{_bindir}/%{name}-encrypt-sss
 %{_bindir}/%{name}-encrypt-null
-%{_bindir}/%{name}-encrypt-pkcs11
-%{_bindir}/%{name}-pkcs11-afunix-socket-unlock
-%{_bindir}/%{name}-pkcs11-common
 %{_bindir}/%{name}
 %{_mandir}/man1/%{name}-encrypt-tang.1*
 %{_mandir}/man1/%{name}-encrypt-tpm2.1*
 %{_mandir}/man1/%{name}-encrypt-sss.1*
-%{_mandir}/man1/%{name}-encrypt-pkcs11.1*
 %{_mandir}/man1/%{name}-decrypt.1*
 %{_mandir}/man1/%{name}.1*
 %{_sysusersdir}/clevis.conf
@@ -184,12 +188,8 @@ systemctl preset %{name}-luks-askpass.path >/dev/null 2>&1 || :
 %files systemd
 %{_libexecdir}/%{name}-luks-askpass
 %{_libexecdir}/%{name}-luks-unlocker
-%{_libexecdir}/%{name}-luks-pkcs11-askpass
-%{_libexecdir}/%{name}-luks-pkcs11-askpin
 %{_unitdir}/%{name}-luks-askpass.path
 %{_unitdir}/%{name}-luks-askpass.service
-%{_unitdir}/%{name}-luks-pkcs11-askpass.service
-%{_unitdir}/%{name}-luks-pkcs11-askpass.socket
 
 %files dracut
 %{_prefix}/lib/dracut/modules.d/60%{name}
@@ -197,6 +197,17 @@ systemctl preset %{name}-luks-askpass.path >/dev/null 2>&1 || :
 %{_prefix}/lib/dracut/modules.d/60%{name}-pin-sss/module-setup.sh
 %{_prefix}/lib/dracut/modules.d/60%{name}-pin-tang/module-setup.sh
 %{_prefix}/lib/dracut/modules.d/60%{name}-pin-tpm2/module-setup.sh
+
+%files pin-pkcs11
+%{_libexecdir}/%{name}-luks-pkcs11-askpass
+%{_libexecdir}/%{name}-luks-pkcs11-askpin
+%{_bindir}/%{name}-decrypt-pkcs11
+%{_bindir}/%{name}-encrypt-pkcs11
+%{_bindir}/%{name}-pkcs11-afunix-socket-unlock
+%{_bindir}/%{name}-pkcs11-common
+%{_unitdir}/%{name}-luks-pkcs11-askpass.service
+%{_unitdir}/%{name}-luks-pkcs11-askpass.socket
+%{_mandir}/man1/%{name}-encrypt-pkcs11.1*
 %{_prefix}/lib/dracut/modules.d/60%{name}-pin-pkcs11/module-setup.sh
 %{_prefix}/lib/dracut/modules.d/60%{name}-pin-pkcs11/%{name}-pkcs11-hook.sh
 %{_prefix}/lib/dracut/modules.d/60%{name}-pin-pkcs11/%{name}-pkcs11-prehook.sh