Restrictions

The ability to recover a message from a signature (which ISO-9796 allows but does not require) is not supported.

The exponent of the RSA public key must be odd.

Although ISO-9796 does not require the input hash to be an integral number of bytes in length, this service requires you to specify the hash_length in bytes.

X9.31 requires the RSA token to have a minimum modulus bit length of 1024, and the length must also be a multiple of 256 bits (or 32 bytes).

The Signature algorithm keyword CRDL-DSA is only supported with quantum-safe (QSA) public keys whose token section type is 0x’51’ and whose algorithm is CRYSTALS-Dilithium or pure or pre-hash ML-DSA.

The Signature algorithm keyword CRDL-DSA is only supported with the MESSAGE input type and data_length at or below 6000 bytes.

The Signature Algorithm keyword EC-SDSA is not supported in releases before 7.4. It is only supported with ECC keys. EC-SDSA in release 7.4 only supports random ECC curves secp256r1 (P256) and secp521r1 (P521). Hashing method SHA-256 must be used with P256 and SHA-512 must be used with P521.

The SHA-3 hash methods can only be used with this verb starting with CCA 8.1.

Only the SHA-512 hash method is supported for ML-DSA pre-hash.