Table 11 – Security

Title Description
   AsymmetricSignatureAlgorithm_ECDSA-SHA2-256CertificateSignatureAlgorithm_ECDSA-SHA2-256    ECC digital signature algorithm described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 256 bits and is described in http://tools.ietf.org/html/rfc6234.
   AsymmetricSignatureAlgorithm_ECDSA-SHA2-384CertificateSignatureAlgorithm_ECDSA-SHA2-384    ECC digital signature algorithm described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 384 bits and is described in http://tools.ietf.org/html/rfc6234.
   AsymmetricSignatureAlgorithm_PureEdDSA-25519CertificateSignatureAlgorithm_ PureEdDSA-25519    ECC digital signature algorithm Ed25519 described inhttp://tools.ietf.org/html/rfc8032.
   AsymmetricSignatureAlgorithm_PureEdDSA-448CertificateSignatureAlgorithm_PureEdDSA-448    ECC digital signature algorithm Ed448 described inhttp://tools.ietf.org/html/rfc8032.
EphemeralKeyAlgorithm_ECC-nistP256    The P-256 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf.   ECC public key compression is not used.   ECC coordinates are encoded as big endian integers padded with zeros. Signatures and keys are 64 bytes. The ECDHE shared secret is calculated according to RFC8422.
CertificateKeyAlgorithm_ECC-nistP256    The P-256 or P-384 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf.   ECC public key compression is not used.   ECC coordinates are encoded as big endian integers padded with zeros. Signatures and keys are 64 bytes or 96 bytes. The ECDHE shared secret is calculated according to RFC8422.
   EphemeralKeyAlgorithm_ECC-nistP384CertificateKeyAlgorithm_ECC-nistP384    The P-384 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf.    ECC public key compression is not used.   ECC coordinates are encoded as big endian integers padded with zeros. Signatures and keys are 96 bytes. The ECDHE shared secret is calculated according to RFC8422.
EphemeralKeyAlgorithm_ECC-brainpoolP256r1    The non-twisted 256 bit curve described in http://www.faqs.org/rfcs/rfc5639.html.    ECC public key compression is not used.   ECC coordinates are encoded as big endian integers padded with zeros.    Signatures and keys are 64 bytes. The ECDHE shared secret is calculated according to RFC8422.
CertificateKeyAlgorithm_ECC-brainpoolP256r1    The non-twisted 256 or 384 bit curve described in http://www.faqs.org/rfcs/rfc5639.html.    ECC public key compression is not used.   ECC coordinates are encoded as big endian integers padded with zeros.    Signatures and keys are 64 bytes or 96 bytes. The ECDHE shared secret is calculated according to RFC8422.
   EphemeralKeyAlgorithm_ECC-brainpoolP384r1CertificateKeyAlgorithm_ECC-brainpoolP384r1    The non-twisted 384 bit curve described in http://www.faqs.org/rfcs/rfc5639.html.    ECC public key compression is not used.   ECC coordinates are encoded as big endian integers padded with zeros.    Signatures and keys are 96 bytes. The ECDHE shared secret is calculated according to RFC8422.
   EphemeralKeyAlgorithm_ECC-curve25519CertificateKeyAlgorithm_ECC-curve25519    Curve25519 described in   http://tools.ietf.org/html/rfc7748.   ECC public keys are a single coordinate.   ECC coordinates are encoded as little endian integers padded with zeros.    Signatures are 64 bytes and keys are 32 bytes.The ECDHE shared secret is calculated according to http://tools.ietf.org/html/rfc7748.
   EphemeralKeyAlgorithm_ECC-curve448CertificateKeyAlgorithm_ECC-curve448    Curve448 described in   http://tools.ietf.org/html/rfc7748.   ECC public keys are a single coordinate.   ECC coordinates are encoded as little endian integers padded with zeros.    Signatures are 114 bytes, EphemeralKeys are 56 bytes and the public key in Certificates is 57 bytes.The ECDHE shared secret is calculated according to http://tools.ietf.org/html/rfc7748.
KeyDerivationAlgorithm_HKDF-SHA2-256    The HKDF psuedo-random function defined in   http://tools.ietf.org/html/rfc5869.The hash algorithm is SHA2 with 256 bits and is described in http://tools.ietf.org/html/rfc6234.
KeyDerivationAlgorithm_HKDF-SHA2-384    The HKDF psuedo-random function defined in   http://tools.ietf.org/html/rfc5869The hash algorithm is SHA2 with 384 bits and is described in http://tools.ietf.org/html/rfc6234.
SymmetricSignatureAlgorithm_HMAC-SHA2-384 A keyed hash used for message authentication which is defined in https://tools.ietf.org/html/rfc2104. The hash algorithm is SHA2 with 384 bits and described in https://tools.ietf.org/html/rfc4634
SymmetricEncryptionAlgorithm_ChaCha20Poly1305    A symmetric authenticated encryption algorithm defined inhttps://tools.ietf.org/html/rfc7539
SymmetricSignatureAlgorithm_Poly1305    An algorithm to create a message authentication code defined inhttps://tools.ietf.org/html/rfc7539
ECC-nistP256_Limits    DerivedSignatureKeyLength = 256   EncryptionKeyLength=256   InitializationVectorLength=128    SignatureLength=256   MinAsymmetricKeyLength = 256 (ECC)   MaxAsymmetricKeyLength = 384 (ECC)SecureChannelNonceLength = 64
ECC-nistP384_Limits    DerivedSignatureKeyLength = 384    EncryptionKeyLength=256   InitializationVectorLength=128    SignatureLength=384   MinAsymmetricKeyLength = 384 (ECC)   MaxAsymmetricKeyLength = 384 (ECC)SecureChannelNonceLength = 96
ECC-brainpoolP256r1_Limits    DerivedSignatureKeyLength = 256   EncryptionKeyLength=256   InitializationVectorLength=128    SignatureLength=256   MinAsymmetricKeyLength = 256 (ECC)   MaxAsymmetricKeyLength = 384 (ECC)SecureChannelNonceLength = 64
ECC-brainpoolP384r1_Limits    DerivedSignatureKeyLength = 384    EncryptionKeyLength=256   InitializationVectorLength=128    SignatureLength=384   MinAsymmetricKeyLength = 384 (ECC)   MaxAsymmetricKeyLength = 384 (ECC)SecureChannelNonceLength = 96
ECC-curve25519_Limits    DerivedSignatureKeyLength = 256    EncryptionKeyLength=256   InitializationVectorLength=96    SignatureLength=128   MinAsymmetricKeyLength = 256 (ECC)   MaxAsymmetricKeyLength = 256 (ECC)SecureChannelNonceLength = 32
ECC-curve448_Limits    DerivedSignatureKeyLength = 256    EncryptionKeyLength=256   InitializationVectorLength=96    SignatureLength=128   MinAsymmetricKeyLength = 456 (ECC)   MaxAsymmetricKeyLength = 456 (ECC)SecureChannelNonceLength = 56

Clauses 6.6.164, 6.6.165, 6.6.166: Append the following rows to the RSA profiles defined in Tables 184, 185 and 186.

Title Description
CertificateKeyAlgorithm_RSA The RSA algorithm described in http://www.faqs.org/rfcs/rfc3447.html.
EphemeralKeyAlgorithm_None No EphemeralKeys are used.

Clause 6.2: Append the following rows to Table 23.

6.2 Profile list

Profile Related Category URI
SecurityPolicy – ECC-nistP256 Security http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256
SecurityPolicy – ECC-nistP384 Security http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384
SecurityPolicy – ECC-brainpoolP256r1 Security http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1
SecurityPolicy – ECC-brainpoolP384r1 Security http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1
SecurityPolicy – ECC-curve25519 Security http://opcfoundation.org/UA/SecurityPolicy#ECC_curve25519
SecurityPolicy – ECC-curve448 Security http://opcfoundation.org/UA/SecurityPolicy#ECC_curve448

Add Clauses 6.8.187 through 6.8.192

6.6.187 SecurityPolicy - ECC-nistP256

Table 206a defines an ECC based security policy for configurations with average security needs. It is equivalent to the Aes128-Sha256-RsaOaep policy, however, the key sizes are much smaller and therefore better suited for embedded systems.

NIST curves are widely implemented and offer good performance.

This facet requires a PKI infrastructure. As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time.

Table 206a – SecurityPolicy – ECC-nistP256

Group Conformance Unit / Profile Title Optional
Security ECC-nistP256_Limits False
Security AsymmetricEncryptionAlgorithm_None False
Security AsymmetricSignatureAlgorithm_ECDSA-SHA2-256 False
Security CertificateSignatureAlgorithm_ECDSA-SHA2-256 False
Security KeyDerivationAlgorithm_HKDF-SHA2-256 False
Security Security Certificate Validation False
Security Security Encryption Required False
Security Security Signing Required False
Security SymmetricEncryptionAlgorithm_AES128-CBC False
Security SymmetricSignatureAlgorithm_HMAC-SHA2-256 False
Security EphemeralKeyAlgorithm_ECC-nistP256 False
Security CertificateKeyAlgorithm_ECC-nistP256 False

6.6.188 SecurityPolicy – ECC-nistP384

Table 206b defines an ECC based security policy for configurations with very high security needs. It is equivalent to the Aes256-Sha256-RsaPss policy, however, the key sizes are much smaller and therefore better suited for embedded systems.

NIST curves are widely implemented and offer good performance.

This facet requires a PKI infrastructure. As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time.

Table 206b – SecurityPolicy – ECC-nistP384

Group Conformance Unit / Profile Title Optional
Security ECC-nistP384_Limits False
Security AsymmetricEncryptionAlgorithm_None False
Security AsymmetricSignatureAlgorithm_ECDSA-SHA2-384 False
Security CertificateSignatureAlgorithm_ECDSA-SHA2-384 False
Security KeyDerivationAlgorithm_HKDF-SHA2-384 False
Security Security Certificate Validation False
Security Security Encryption Required False
Security Security Signing Required False
Security SymmetricEncryptionAlgorithm_AES256-CBC False
Security SymmetricSignatureAlgorithm_HMAC-SHA2-384 False
Security EphemeralKeyAlgorithm_ECC-nistP384 False
Security CertificateKeyAlgorithm_ECC-nistP384 False

6.6.189 SecurityPolicy - ECC-brainpoolP256r1

Table 206c.defines an ECC based security policy for configurations with average security needs. It is equivalent to the Aes128-Sha256-RsaOaep policy, however, the key sizes are much smaller and therefore better suited for embedded systems.

Brainpool curves are widely implemented, however, offer mediocre performance. They are needed for applications that have explicity prohibited the use of NIST curves.

This facet requires a PKI infrastructure. As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time.

Table 206c – SecurityPolicy – ECC-brainpoolP256r1

Group Conformance Unit / Profile Title Optional
Security ECC-brainpoolP256r1_Limits False
Security AsymmetricEncryptionAlgorithm_None False
Security AsymmetricSignatureAlgorithm_ECDSA-SHA2-256 False
Security CertificateSignatureAlgorithm_ECDSA-SHA2-256 False
Security KeyDerivationAlgorithm_HKDF-SHA2-256 False
Security Security Certificate Validation False
Security Security Encryption Required False
Security Security Signing Required False
Security SymmetricEncryptionAlgorithm_AES128-CBC False
Security SymmetricSignatureAlgorithm_HMAC-SHA2-256 False
Security EphemeralKeyAlgorithm_ECC-brainpoolP256r1 False
Security CertificateKeyAlgorithm_ECC-brainpoolP256r1 False

6.6.190 SecurityPolicy – ECC-brainpoolP384r1

Table 206d defines an ECC based security policy for configurations with very high security needs. It is equivalent to the Aes256-Sha256-RsaPss policy, however, the key sizes are much smaller and therefore better suited for embedded systems.

Brainpool curves are widely implemented, however, offer mediocre performance. They are needed for applications that have explicity prohibited the use of NIST curves.

This facet requires a PKI infrastructure. As computing power increases, security policies are expected to expire. BRAINPOOL provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time.

Table 206d – SecurityPolicy – ECC-brainpoolP384r1

Group Conformance Unit / Profile Title Optional
Security ECC-brainpoolP384r1_Limits False
Security AsymmetricEncryptionAlgorithm_None False
Security AsymmetricSignatureAlgorithm_ECDSA-SHA2-384 False
Security CertificateSignatureAlgorithm_ECDSA-SHA2-384 False
Security KeyDerivationAlgorithm_HKDF-SHA2-384 False
Security Security Certificate Validation False
Security Security Encryption Required False
Security Security Signing Required False
Security SymmetricEncryptionAlgorithm_AES256-CBC False
Security SymmetricSignatureAlgorithm_HMAC-SHA2-384 False
Security EphemeralKeyAlgorithm_ECC-brainpoolP384r1 False
Security CertificateKeyAlgorithm_ECC-brainpoolP384r1 False

6.6.191 SecurityPolicy - ECC-curve25519

Table 206e.defines an ECC based security policy for configurations with average security needs. It is equivalent to the Aes128-Sha256-RsaOaep policy, however, the key sizes are much smaller and therefore better suited for embedded systems.

Edward’s curves (Curve25519 and Curve448) are not as widely implemented as some other curves, however, they offer the best performance. They are well suited for embedded applications where CPU cycles are a premium. The number of implementations will increase over time which will eventually make this curve the best choice.

This security Facet specifies ChaCha20-Poly1305 as the symmetric encryption algorithm. This algorithm offers improved performance by combining encryption and authentication into a single algorithm.

This facet requires a PKI infrastructure. As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time.

Table 206e – SecurityPolicy – ECC-curve25519

Group Conformance Unit / Profile Title Optional
Security ChaChaPoly-Sha256-curve25519_Limits False
Security AsymmetricEncryptionAlgorithm_None False
Security AsymmetricSignatureAlgorithm_PureEdDSA-25519 False
Security CertificateSignatureAlgorithm_PureEdDSA-25519 False
Security KeyDerivationAlgorithm_HKDF-SHA2-256 False
Security Security Certificate Validation False
Security Security Encryption Required False
Security Security Signing Required False
Security SymmetricEncryptionAlgorithm_ChaCha20Poly1305 False
Security SymmetricSignatureAlgorithm_Poly1305 False
Security EphemeralKeyAlgorithm_ECC-curve25519 False
Security CertificateKeyAlgorithm_ECC-curve25519 False

6.6.192 SecurityPolicy – ECC-curve448

This security Facet defines an ECC based security policy for configurations with very high security needs. It is equivalent to the Aes256-Sha256-RsaPss policy, however, the key sizes are much smaller and therefore better suited for embedded systems.

Edward’s curves (Curve25519 and Curve448) offer the best performance. They are well suited for embedded applications where CPU cycles are a premium. The number of implementations will increase over time which will eventually make this curve the best choice.

This security Facet specifies ChaCha20-Poly1305 as the symmetric encryption algorithm. This algorithm offers improved performance by combining encryption and authentication into a single algorithm.

This facet requires a PKI infrastructure. As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time.

Table 206f – SecurityPolicy – ECC-curve448

Group Conformance Unit / Profile Title Optional
Security ECC-curve448_Limits False
Security AsymmetricEncryptionAlgorithm_None False
Security AsymmetricSignatureAlgorithm_PureEdDSA-448 False
Security CertificateSignatureAlgorithm_PureEdDSA-448 False
Security KeyDerivationAlgorithm_HKDF-SHA2-256 False
Security Security Certificate Validation False
Security Security Encryption Required False
Security Security Signing Required False
Security SymmetricEncryptionAlgorithm_ChaCha20Poly1305 False
Security SymmetricSignatureAlgorithm_Poly1305 False
Security EphemeralKeyAlgorithm_ECC-curve448 False
Security CertificateKeyAlgorithm_ECC-curve448 False

OPC-10000-12, OPC UA Specification: Part 12 – Discovery

Add Clauses 7.4.19 through 7.4.25.

7.4.19 EccApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC Public Key. Applications which support the ECC profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 29a.

Table 29a – EccApplicationCertificateType Definition

Attribute Value
BrowseName EccApplicationCertificateType
Namespace CORE (see 3.3)
IsAbstract False

Subtype of the ApplicationCertificateType defined in 7.4.12.

7.4.20 EccNistP256ApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC nistP256 Public Key. Applications which support the ECC NIST P256 curve profiles (see OPC 10000-7) shall have a Certificate of this type or a Certificate of the EccNistP384ApplicationCertificateType defined in 7.4.21. This type is defined in Table 29b.

Table 29b – EccNistP256ApplicationCertificateType Definition

Attribute Value
BrowseName EccNistP256ApplicationCertificateType
Namespace CORE (see 3.3)
IsAbstract False

Subtype of the EccApplicationCertificateType defined in 7.4.17.

7.4.21 EccNistP384ApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC nistP384 Public Key. Applications which support the ECC NIST P384 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 29c.

Table 29c – EccNistP384ApplicationCertificateType Definition

Attribute Value
BrowseName EccNistP384ApplicationCertificateType
Namespace CORE (see 3.3)
IsAbstract False

Subtype of the EccApplicationCertificateType defined in 7.4.17.

7.4.22 EccBrainpoolP256r1ApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC brainpoolP256r1 Public Key. Applications which support the ECC brainpoolP256r1 curve profiles (see OPC 10000-7) shall have a Certificate of this type or a Certificate of the EccBrainpoolP384r1ApplicationCertificateType defined in 7.5.23. This type is defined in Table 29d.

Table 29d – EccBrainpoolP256r1ApplicationCertificateType Definition

Attribute Value
BrowseName EccBrainpoolP256r1ApplicationCertificateType
Namespace CORE (see 3.3)
IsAbstract False

Subtype of the EccApplicationCertificateType defined in 7.4.17.

7.4.23 EccBrainpoolP384r1ApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC brainpoolP384r1 Public Key. Applications which support the ECC brainpoolP384r1 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 29e.

Table 29e – EccBrainpoolP384r1ApplicationCertificateType Definition

Attribute Value
BrowseName EccBrainpoolP384r1ApplicationCertificateType
Namespace CORE (see 3.3)
IsAbstract False

Subtype of the EccApplicationCertificateType defined in 7.4.17.

7.4.24 EccCurve25519ApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC curve25519 Public Key. Applications which support the ECC curve25519 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 29f.

Table 29f – EccCurve25519ApplicationCertificateType Definition

Attribute Value
BrowseName EccCurve25519ApplicationCertificateType
Namespace CORE (see 3.3)
IsAbstract False

Subtype of the EccApplicationCertificateType defined in 7.4.17.

7.4.25 EccCurve448ApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC curve448 Public Key. Applications which support the ECC curve448 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 29g.

Table 29g – EccCurve448ApplicationCertificateType Definition

Attribute Value
BrowseName EccCurve448ApplicationCertificateType
Namespace CORE (see 3.3)
IsAbstract False

Subtype of the EccApplicationCertificateType defined in 7.4.17.

Replace Clauses 8.5.7 through 8.5.9

8.5.7 KeyCredentialConfigurationType ToC Previous Next index

This ObjectType is the TypeDefinition for an Object that allows the configuration of KeyCredentials used by the Server. It also includes basic status information which report problems accessing the resource that might be related to bad KeyCredentials. It is defined in Table 60a.

Table 60a – KeyCredentialConfigurationType Definition

Attribute Value
BrowseName KeyCredentialConfigurationType
Namespace CORE (see 3.3)
IsAbstract False

Subtype of the BaseObjectType defined in OPC 10000-5.

References NodeClass BrowseName DataType TypeDefinition Modelling Rule
HasProperty Variable ResourceUri String PropertyType Mandatory
HasProperty Variable ProfileUri String PropertyType Mandatory
HasProperty Variable EndpointUrls String[] PropertyType Optional
HasProperty Variable ServiceStatus StatusCode PropertyType Optional
HasComponent Method GetEncryptingKey   Defined in 8.5.4. Optional
HasComponent Method UpdateCredential   Defined in 8.5.5. Optional
HasComponent Method DeleteCredential   Defined in 8.5.6. Optional

The ResourceUri Property uniquely identifies the resource that accepts the KeyCredentials.

The ProfileUri Property specifies the protocol used to access the resource.

The EndpointUrls Property specifies the URLs that the Server uses to access the resource.

The ServiceStatus Property indicates the result of the last attempt to communicate with the resource. The following common error values are defined:

ServiceStatus Description
Bad_OutOfService Communication was not attempted by the Server because Enabled is FALSE.
Bad_IdentityTokenRejected Communication failed because the KeyCredentials are not valid.
Bad_NoCommunication    Communication failed because the endpoint is not reachable.   Where possible a more specific error code should be used.See OPC 10000-4 for a complete list of standard StatusCodes.

The GetEncryptingKey Method is used request a Public Key that can be used to encrypt the KeyCredentials.

The UpdateKeyCredential Method is used to change the KeyCredentials used by the Server.

The DeleteKeyCredential Method is used to delete the KeyCredentials stored by the Server.

Previous Next