7.41.2.3 EncryptedSecret Format

The EncryptedSecretuses an extensible format which has the TypeIdof a DataType Nodeas a prefix as defined for the ExtensionObjectencoding in OPC 10000-6. The general layout of the EncryptedSecretis shown in Figure 39.

image042.png

Figure 39– EncryptedSecret layout

The TypeIdspecifies how the EncryptedSecretis serialized and secured. For example, the RsaEncryptedSecretrequires that the KeyDatabe encrypted with the public key associated with the EncryptingCertificatebefore it is serialized.

The SecurityPolicyUriis used to determine what algorithms were used to encrypt and sign the data. Valid SecurityPolicyUris are defined in OPC 10000-7.

The payload is always encrypted using the symmetric encryption algorithm specified by the SecurityPolicyUri. The KeyDatais used to create the keys used needed for the symmetric encryption. The structure of the KeyDatadepends on the EncryptedSecret DataType.

The EncryptedSecretis secured and serialized as follows:

  • Serialize the common header;
  • Serialize the KeyData;
  • If required, encrypt the KeyData and append the result to the common header;
  • Update the KeyDataLength with the length of the encrypted KeyData;
  • Append the Nonce and the Secret to the encrypted KeyData;
  • Calculate padding required on the payload and append after the Secret;
  • Encrypt the payload;
  • Calculate a Signature;
  • Append the Signature.

Individual fields are serialized using the UA Binary encoding (see OPC 10000-6) for the DataTypespecified in Table 187. The Paddingis used to ensure there is enough data to fill an integer multiple of encryption blocks. The size of the encryption block depends on the encryption algorithm. The total length of the Padding, not including the PaddingSize, is encoded as a UInt16. The individual bytes of the Paddingare set to the the least significant byte of the PaddingSize.

The EncryptedSecret is deserilized and validated as follows:

  • Deserialize the common header;
  • Verify the Signature if the KeyData is not encrypted;
  • Decrypt the KeyData and verify the Signature if the KeyData is encrypted;
  • Decrypt the payload;
  • Verify the padding on the payload;
  • Extract the Secret;

The fields in the EncryptedSecretare described in Table 187. The first three fields TypeId, EncodingMaskand Lengthbelong to the ExtensionObjectencoding defined in OPC 10000-6.

Table 187– EncryptedSecret layout

Name

Type

Description

TypeId

NodeId

The NodeIdof the DataType Node.

EncodingMask

Byte

This value is always 1.

Length

Int32

The length of the data that follows including the Signature.

SecurityPolicyUri

String

The URI for the SecurityPolicyused to apply security.

Certificate

ByteString

The signing and/or encrypting Certificate.

SigningTime

DateTime

When the Signaturewas created.

KeyDataLength

UInt16

The length, in bytes, of the KeyDatathat follows

If the KeyDatais encrypted this is the length of the encrypted data;

Otherwise, it is the length of the unencrypted data.

KeyData

Byte [*]

The key data used to create the keys needed for decrypting and verifying the payload. Each EncryptedSecret DataTypedescribes how the key data is structured for different SecurityPolicies.

Nonce

ByteString

This is the last serverNoncereturned in the CreateSessionor ActivateSession Responsewhen a UserIdentityTokenis passed with the ActivateSession Request.

If used outside of an ActivateSession call, the Nonceis created by the sender and is a function of the SecureChannelNonceLength.

Secret

ByteString

The secret to protect.

The passwordwhen used with UserNameIdentityTokens.

The tokenDatawhen used with IssuedIdentityTokens.

If the Secretis a Stringis it encoded using UTF-8 first.

PayloadPadding

Byte[*]

Additional padding added to ensure the size of the encrypted payload is an integer multiple of the input block size for the symmetric encryption algorithm specified by the SecurityPolicyUri.

The value of each byte is the least significant byte of the PayloadPaddingSize.

PayloadPaddingSize

UInt16

The size of the padding added to the payload.

Signature

Byte[*]

The Signaturecalculated after all encryption is applied.

Each EncryptedSecret DataTypedescribes how the Signatureis calculated for different SecurityPolicies.

The PayloadPaddingSize adjusted with the following formula:

If (Secret.Length + PayloadPaddingSize < InputBlockSize) Then

PayloadPaddingSize = PayloadPaddingSize + InputBlockSize

Where the InputBlockSize is specified by the SymmetricEncryptionAlgorithm.

The currently available EncryptedSecret DataTypesare defined in Table 188.

Table 188– EncryptedSecret DataTypes

Type Name

When to Use

RsaEncryptedSecret

Used when the SecurityPolicyrequires the use of RSA cryptography. It is described in 7.41.2.4.

EccEncryptedSecret

Used when the SecurityPolicyrequires the use of ECC cryptography.It is described in .