Hi Daniel, Thanks for already adding the import-pkcs11 command in 2.6.8! As a late suggestion (but not a specific feature request):
I tried importing a self-generated key pair and it imported fine, but only after adapting it to generate a CKA_ID of 40 nibbles. This was a script made to generate keys for ods-signer of OpenDNSSEC. It may be useful for Knot be more loose on CKA_ID length, as that may simplify migrations from other signers to Knot with keys stored in an HSM! (No feature request, just a late suggestion.) -Rick -- https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users