You can use algorithm method AM_TOKEN_RSA_PRV_ENCRYPT with AM_MD5 or AM_SHA to have ICSF and the Cryptographic Coprocessor Feature generate RSA digital signatures. To verify the RSA digital signature using the S/390 or IBM zSeries cryptographic solution, you can use AM_TOKEN_RSA_PUB_DECRYPT (with AM_MD5 or AM_SHA). Your BSAFE application must contain a couple of new BSAFE function calls to access the S/390 and IBM zSeries services. AM_TOKEN_RSA_PRV_ENCRYPT and AM_TOKEN_RSA_PUB_DECRYPT are new in BSAFE 3.1. For more information, see Using the New Function Calls in Your BSAFE Application.

For signature generation, you can use either a clear private key in the form of a KI_PKCS_RSAPrivate or a CCA RSA private key token in the form of a KI_TOKEN. For signature verification, you can use either a public RSA key in the form of a KI_RSAPublic or a CCA RSA public key token in the form of a KI_TOKEN. KI_TOKEN is a new key information type in BSAFE. For more information about KI_TOKEN, see Using the BSAFE KI_TOKEN.

The following list shows BSAFE AI types with choosers that may include AM_TOKEN_RSA_PRV_ENCRYPT:

• AI_MD5WithRSAEncryption
• AI_MD5WithRSAEncryptionBER
• AI_SHA1WithRSAEncryption
• AI_SHA1WithRSAEncryptionBER

The following list shows BSAFE AI types with choosers that may include AM_TOKEN_RSA_PUB_DECRYPT:

• AI_MD5WithRSAEncryption
• AI_SHA1WithRSAEncryption