Rickard answered my question about mechanisms:


> Which CKM_xxx methods are required for OpenDNSSEC?

For generating the key:
  CKM_RSA_PKCS_KEY_PAIR_GEN

For signatures:
  CKM_RSA_PKCS

For digesting:
  CKM_MD5
  CKM_SHA_1
  CKM_SHA256 (for future use)
  CKM_SHA512 (for future use)

// Rickard