NOTE    

>Using Luna USB HSM 7 Firmware 7.7.3 and newer, this mechanism is restricted from all wrap/unwrap/encrypt/decrypt operations in FIPS approved configuration. No exceptions are made for decrypt/unwrap operations using larger key sizes. This limited legacy use was permitted under FIPS 140-2; it is no longer approved under FIPS 140-3.

>This mechanism name and RSASSA-PKCS1-v1_5 are referring to the same underlying RSA signature scheme.

NOTE    

>Under Functions restricted from FIPS use, "Cannot legacy decrypt and "Cannot legacy unwrap" means that these operations are restricted with smaller keys (1024-bits, the previous minimum key size for FIPS use), but keys that meet the minimum FIPS size requirement (2048 bits) can still be used for decrypt and unwrap operations.

>To comply with FIPS SP800-131a Rev2 published in March 2019, when the HSM is in FIPS mode, this mechanism is not allowed to wrap objects.

>This algorithm must be combined with a FIPS-approved hash algorithm to be FIPS compliant.