SAF may be invoked to verify the caller is authorized to use this callable service, the key label, or internal secure key tokens that are stored in the CKDS or PKDS.

The initialization vectors must have already been established between the communicating applications or must be passed with the data.

This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.

Table 126. Ciphertext translate required hardware

Server	Required cryptographic hardware	Restrictions
IBM zSeries 900	Cryptographic Coprocessor Feature
IBM zSeries 990 IBM zSeries 890		This callable service is not supported.
IBM System z9 EC IBM System z9 BC		This callable service is not supported.