Restriction to extended evaluations

You can control the use of certain mechanisms within a domain of an EP11 cryptographic coprocessor by configuring this coprocessor by means of access control points (ACPs). So except for one restriction, the use of mechanisms is no longer restricted to the limitations imposed by the extended evaluations.

Read the information about filter mechanisms in
Exploiting Enterprise PKCS #11 using openCryptoki
for information on how to manage the access to PKCS #11 mechanisms using ACPs. The available mechanisms and their attributes are then reflected by the openCryptoki functions C_GetMechanismList and C_GetMechanismInfo. However, there is one restriction on RSA mechanisms that cannot be reflected in the result of C_GetMechanismInfo: The CKA_PUBLIC_EXPONENT must have a value of at least 17.