Message security in PubSub concerns integrity and confidentiality of the published message payload. The level of security can be:
- No security
- Signing but no encryption
- Signing and encryption
Message security is end-to-end security (from Publisher to Subscriber) and requires common knowledge of the cryptographic keys necessary to sign and encrypt on the Publisher side as well as validate signature and decrypt on the Subscriber side.
This standard defines a general distribution framework for cryptographic keys. This framework is introduced in 5.4.3.
The message security for PubSub is independent of the transport protocol mapping and is completely defined by OPC UA.