PKA Encrypt (CSNDPKE)

This verb encrypts a supplied clear key value under an RSA, CRYSTALS-Kyber, or ML-KEM public key.

The supplied key to be encrypted can be formatted using the PKCS 1.2, ZERO-PAD, PKCSOAEP or PKOAEP2 method prior to encryption. These rule array keywords specify the format of the key prior to encryption.

A CRYSTALS-Kyber or ML-KEM public key may be passed as the PKA_key_identifier parameter. The CRYSTALS-Kyber or ML-KEM algorithm encrypts a static sized data object of 32 bytes, with the output data size equal to the size of the public key material.

Note: This verb supports PCI-HSM 2016 compliant-tagged key tokens.