RSA

RSA encryption and decryption is available in the provider. As the RSA algorithm is computationally intensive, using the hardware should provide significant performance improvements over software cryptography. Using hardware to perform the RSA encryption and decryption also allows the application to choose to use more secure key pairs such as key pairs that are stored on the card and that keep the sensitive private key from ever being made available in the clear.

In the software versions of JCE (such as IBMJCE) providers, RSA encryption and decryption is implemented with PKCS 1 type 2 padding. The IBMPKCS11Impl provider allows PKCS padding and no padding, only. There are two restrictions that must be noted because of restrictions by the hardware, the type of the key pair that is needed and the maximum length of the data that can be encrypted or decrypted. This capability requires that the keys that are used to encrypt or decrypt data be generated to have a key attribute of ENCRYPT or DECRYPT. The second restriction is that the amount of data that can be encrypted or decrypted must be smaller than the modulus size of the key, in bytes.

The following example shows how to create an instance on an RSA Cipher with no padding: 
Cipher myCipher = Cipher.getInstance("RSA/ /NoPadding","IBMPKCS11Impl");
The following examples show how to create an instance on an RSA Cipher with PKCS padding: 
Cipher myCipher = Cipher.getInstance("RSA/ /PKCS1Padding", "IBMPKCS11Impl");
or 
Cipher myCipher = Cipher.getInstance("RSA/ /PKCS", " IBMPKCS11Impl"); // this is the default
or 
Cipher myCipher = Cipher.getInstance("RSA", " IBMPKCS11Impl"); // this is the default