Supporting the BSICC2017 compliance mode

The EP11 token provides an access control point (ACP) to enable the BSICC2017 compliance mode. When enabled, this compliance mode disables the RSA PKCS #1 v1.5 mechanisms.

The EP11 host library supports access control point 61 which is related to the BSICC2017 compliance mode.

61    XCP_CPB_ALG_NBSI2017           enable the BSICC2017 compliance mode

This ACP can be used to disable the following RSA PKCS #1 v1.5 mechanisms:

  • CKM_RSA_PKCS
  • CKM_SHA1_RSA_PKCS
  • CKM_SHA224_RSA_PKCS
  • CKM_SHA256_RSA_PKCS
  • CKM_SHA384_RSA_PKCS
  • CKM_SHA512_RSA_PKCS