6.7.2.5.1 Unauthenticated Encryption Algorithms

Each MessageChunk when using SecurityPolicies with an Unauthenticated Encryption algorithms have a footer with the fields defined in Table 45.

Table 45 – Message Footer for Unauthenticated Encryption Algorithms

Name Data Type Description
PaddingSize Byte The number of padding bytes (not including the byte for the PaddingSize).
Padding Byte [*]    Padding added to the end of the Message to ensure length of the data to encrypt is an integer multiple of the encryption block size.The value of each byte of the padding is equal to PaddingSize.
ExtraPaddingSize Byte The most significant byte of a two-byte integer used to specify the padding size when the key used to encrypt the message chunk is larger than 2 048 bits. This field is omitted if the key length is less than or equal to 2 048 bits.
Signature Byte [*]    The signature for the MessageChunk.The signature includes the all headers, all Message data, the PaddingSize and the Padding.

The formula to calculate the amount of padding depends on the amount of data that needs to be sent (called BytesToWrite). The sender shall first calculate the maximum amount of space available in the MessageChunk (called MaxBodySize) using the following formula:

MaxBodySize = PlainTextBlockSize * Floor ((MessageChunkSize 						– MessageHeaderSize 						- SecurityHeaderSize 						– SignatureSize - 1)/CipherTextBlockSize) – SequenceHeaderSize;


The MessageHeaderSize is 12 bytes and the SecurityHeader size depends on whether symmetric or asymmetric cryptography is used. The SequenceHeaderSize is always 8 bytes.

During encryption a block with a size equal to PlainTextBlockSize is processed to produce a block with size equal to CipherTextBlockSize. These values depend on the encryption algorithm and may be the same.

The OPC UA Message can fit into a single chunk if BytesToWrite is less than or equal to the MaxBodySize. In this case the PaddingSize is calculated with this formula:

PaddingSize = PlainTextBlockSize –
((BytesToWrite + SignatureSize + 1) % PlainTextBlockSize);


If the BytesToWrite is greater than MaxBodySize the sender shall write MaxBodySize bytes with a PaddingSize of 0. The remaining BytesToWriteMaxBodySize bytes shall be sent in subsequent MessageChunks.

The PaddingSize and Padding fields are not present if the MessageChunk is not encrypted.

The Signature field is not present if the MessageChunk is not signed.

## 6.7.2.5.2 Authenticated Encryption Algorithms

Each MessageChunk when using SecurityPolicies with an Authenticated Encryption algorithms have a footer with the fields defined in Table 45a.

Table 45a – Message Footer for Authenticated Encryption Algorithms

Name Data Type Description
Signature Byte [*]    The signature for the MessageChunk.The signature includes the all headers, all Message data, the PaddingSize and the Padding.