Nitrokey HSM with Key Authentication and EJBCA / XCA support

If I want to enforce public key authentication of the CA, it is easy to setup this via OpenSCDP.
But: if I want to use EJBCA as PKI software solution, how this becomes possible?

With the default configuration and default PKCS11 driver there is no interface to select the public key authentication. Is there a way to make possible to use the public key authenticated HSM?

Same thing should be valid for XCA tool.

Does even ejbca support such a thing?

EJBCA has an official support for Nitrokey HSMs

Yes, but this does not mean “we support all the features”, like biometric authentication for example, and others.

There is a custom integration for EJBCA available, unfortunately not as open source in the community edition.