Required commands

The required commands for CSNDPKG.

• This verb requires the PKA Key Generate command (offset X'0103') to be enabled in the active role.
• With the CLONE rule-array keyword, enable the PKA Key Generate - Clone command (offset X'0204').
• With the CLEAR rule-array keyword, enable the PKA Key Generate - Clear RSA Key command (offset X'0205') in the hardware.
• To generate ECC keys with the CLEAR rule-array keyword, this verb requires the PKA Key Generate - Clear ECC keys command (offset X'0326') to be enabled in the active role.
• To generate CRYSTALS-Dilithium keys with the CLEAR rule-array keyword, this verb requires the PKA Key Generate - Clear ML-DSA, CRYSTALS-Dilithium keys command (offset X'027F') to be enabled in the active role.
• To generate CRYSTALS-Kyber keys with the CLEAR rule-array keyword, this verb requires the PKA Key Generate - Clear ML-KEM, CRYSTALS-Kyber keys command (offset X'020E') to be enabled in the active role.
• To generate keys based on the value supplied in the regeneration_data variable, you must enable one of these commands:
  • When not using the RETAIN keyword, enable the PKA Key Generate - Permit Regeneration Data command (offset X'027D').
  • When using the RETAIN keyword, enable the PKA Key Generate - Permit Regeneration Data Retain command (offset X'027E').
• When using the RAWSEED rule_array keyword, enable the PKA Key Generate - Permit Regeneration Data command (offset X'027D').
• To disallow the wrapping of a key with a weaker key-encrypting key, enable the Prohibit weak wrapping - Transport keys command (offset X'0328') in the active role. This command affects multiple verbs. See Access control points and verbs.
• To receive a warning when wrapping a key with a weaker key-encrypting key, enable the Warn when weak wrap - Transport keys command (offset X'032C') in the active role. The Prohibit weak wrapping - Transport keys command (offset X'0328') overrides this command.