OPC Foundation
  • Documents
  • NodeSets
  • Search
A.3.6 Header layout for NetworkMessages with integrity and confidentiality (signing and encryption)

UADP messages may be signed and encrypted. In this case the SecurityHeaderand the Signaturehave to be added to the message. See clause 7.2.2.4.3for a complete description of the security mechanisms.

This header layout is basically the same as the header layout defined in A.3.4but with additional security level ‘Signing and encryption’. The NetworkMessageheader layout with signing and encryption is shown in Figure A.9.

image062.png

image063.pngFigure A.9– UADP NetworkMessage header layout with integrity and confidentiality

Table A.10shows the configuration for the NetworkMessageheader with signing and encryption. The table contains only the added or modified rows from Table A.7.

Table A.10– UADP NetworkMessage header layout with integrity and confidentiality

Name

Type

Restrictions

ExtendedFlags1

Byte

Bit 4: SecurityHeaderenabled = 1

SecurityHeader

SecurityFlags

Byte

Bit 0: NetworkMessageSigned enabled = 1

Bit 1: NetworkMessageEncryption enabled = 1

Bit 2: SecurityFooterenabled = 0

Bit 3: Force key reset enabled = 0

Bit range 4-7: Reserved

SecurityTokenId

IntegerId

The ID of the security token that identifies the security key in a SecurityGroup.

NonceLength

Byte

The length of the Nonce used to initialize the encryption algorithm.

MessageNonce

Byte[NonceLength]

A number used exactly once for a given security key.

Please report errors or issues with the site to webmaster.

Copyright © 2023 - OPC Foundation