Usage notes
The usage notes for CSNDPKE.
- Encrypt operations using CRYSTALS-Kyber Round 2 and Round 3 keys use the Kyber.CPAPKE.Enc algorithm as described in the CRYSTALS-Kyber Algorithm specification v3.02 August 4, 2021.
- ML-KEM uses ML-KEM.Encaps as described in FIPS-203 algorithm 20. Calls to the internal K-PKE.Encrypt function (algorithm 14) are not supported.
- For RSA DSI PKCS #1 formatting, the key value length must be a minimum of 11 bytes less than the modulus length of the RSA key.
- The hardware configuration sets the limit on the modulus size of keys for key management; thus, this service will fail if the RSA key modulus bit length exceeds this limit.