UADP messages may be signed to ensure integrity. In this case a security header and a signature have to be added to the message. See clause 7.2.2.4.3for a complete description of the signing mechanism.
This header layout is basically the same as the header layout defined in A.3.4but with additional security level ‘Signing but no encryption’. The NetworkMessageheader layout with signing is shown in Figure A.8.
Figure A.8– UADP NetworkMessage header layout with integrity (signing)
Table A.9shows the configuration for the NetworkMessageheader with signing. The table contains only the added or modified rows from Table A.7.
Table A.9– UADP NetworkMessage header layout with integrity (signing)
|
Name |
Type |
Restrictions |
|
ExtendedFlags1 |
Byte |
Bit 4: SecurityHeaderenabled = 1 |
|
SecurityHeader |
|
|
|
SecurityFlags |
Byte |
Bit 0: NetworkMessageSigned enabled = 1 Bit 1: NetworkMessageEncryption enabled = 0 Bit 2: SecurityFooterenabled = 0 Bit 3: Force key reset enabled = 0 Bit range 4-7: Reserved |
|
SecurityTokenId |
IntegerId |
The ID of the security token that identifies the security key in a SecurityGroup. |
|
NonceLength |
Byte |
The length of the Nonce used to initialize the encryption algorithm. |
|
MessageNonce |
Byte[NonceLength] |
A number used exactly once for a given security key. |