To perform a digital signature verify (CSNDDSV) with Rule 'PKCS-1.1' it is necessary to ASN.1 BER encode the used hash.
In appendix E, chapter "PKCS #1 Formats" of the ICSF Application Programmer's Guide some prefixes to be used are listed.
As far as I understood they refer to RFC 3447: PKCS #1: RSA Cryptography Specifications (http://tools.ietf.org/html/rfc3447#page-43).
It would be nice if anyone could explain the meaning of the different Bytes in the ASN.1 BER Prefix. For example using the hash-prefix provided in this sample.
INITIALIZE CSNDDSV-PARMS
MOVE 1 TO CSNDDSV-RULE-ARRAY-COUNT
MOVE 'PKCS-1.1' TO CSNDDSV-RULE
MOVE 64 TO CSNDDSV-PKA-PK-ID-LENGTH
MOVE <Name of Public Key> TO CSNDDSV-PKA-PK-ID
MOVE X'3031300D060960864801650304020105000420' TO WORK-HASH-PREFIX-SHA256
MOVE LENGTH OF WORK-HASH-PREFIX-SHA256 TO CSNDDSV-HASH-LENGTH
ADD LENGTH OF <SHA-256 Hash> TO CSNDDSV-HASH-LENGTH
STRING WORK-HASH-PREFIX-SHA256
<SHA-256 Hash> DELIMITED BY SIZE INTO CSNDDSV-HASH
MOVE LENGTH OF <Binary Signature> TO CSNDDSV-SIGNATURE-LAENGE
MOVE <Binary Signature> TO CSNDDSV-SIGN-FIELD
CALL CSNDDSV USING
CSNDDSV-RC,
CSNDDSV-RSN,
CSNDDSV-EXIT-DATA-LENGTH,
CSNDDSV-EXIT-DATA,
CSNDDSV-RULE-ARRAY-COUNT,
CSNDDSV-RULE-ARRAY,
CSNDDSV-PKA-PK-ID-LENGTH,
CSNDDSV-PKA-PK-ID,
CSNDDSV-HASH-LENGTH,
CSNDDSV-HASH,
CSNDDSV-SIGN-FIELD-LENGTH,
CSNDDSV-SIGN-FIELD
IF CSNDDSV-RC NOT EQUALS ZERO ...-RC NOT EQUALS ZERO ...
Olaf_Warnecke