Required commands
The required commands for CSNDPKE.
This verb requires the PKA Encrypt command (offset X'011E') to be enabled in the active role.
Use of an ML-KEM or CRYSTALS-Kyber public key in the PKA_key_identifier parameter requires the PKA Encrypt - Allow ML-KEM, CRYSTALS-Kyber keys command (offset X'0083').
Use of an ML-KEM public key requires the PKA Key Generate - Permit Regeneration Data command (offset X'027D').
The PKA Encrypt verb also requires the following commands to be enabled in the active role to disallow the encryption of clear source data:
| Rule-array keyword | Offset | Command |
|---|---|---|
| MRP | X'0208' | PKA Encrypt - Disallow MRP |
| PKCS-1.2 | X'0206' | PKA Encrypt - Disallow PKCS-1.2 |
| PKCSOAEP | X'0209' | PKA Encrypt - Disallow PKCSOAEP |
| PKCSOAEP2 | X'03F1' | PKA Encrypt - Disallow PKOAEP2 |
| ZERO-PAD | X'0207' | PKA Encrypt - Disallow ZEROPAD |