The RsaEncryptedSecret uses RSA based Asymmetric Cryptography.
Additional semantics for the fields in the EncryptedSecret layout for the RsaEncryptedSecret Structure are described in Table 189.
Table 189 – RsaEncryptedSecret structure
Name |
Type |
Description |
TypeId |
NodeId |
The NodeId of the RsaEncryptedSecret DataType Node. |
EncodingMask |
Byte |
See Table 187. |
Length |
UInt32 |
See Table 187. |
SecurityPolicyUri |
String |
See Table 187. |
Certificate |
ByteString |
The SHA1 hash of the DER form of the Certificate used to encrypt the KeyData. |
SigningTime |
DateTime |
See Table 187. |
KeyDataLength |
UInt16 |
The length, in bytes, of the encrypted KeyData. |
KeyData |
|
The KeyData is encrypted with the PublicKey associated with the receiver of the EncryptedSecret. The creator of the EncryptedSecret generates the SigningKey, EncryptingKey and InitializationVector using a cryptographic random number generator with the lengths required by the SecurityPolicy. |
SigningKey |
ByteString |
The key used to compute the Signature. |
EncryptingKey |
ByteString |
The key used to encrypt payload. |
InitializationVector |
ByteString |
The initialization vector used with the EncryptingKey. |
Nonce |
ByteString |
A Nonce. This is the last ServerNonce returned in the CreateSession or ActivateSession Response when proving a UserIdentityToken passed in the ActivateSession Request. In other contexts, this is a Nonce created by the sender with a length between 32 and 128 bytes inclusive. |
Secret |
ByteString |
See Table 187. |
PayloadPadding |
Byte[*] |
See Table 187. |
PayloadPaddingSize |
UInt16 |
See Table 187. |
Signature |
Byte[*] |
The Signature calculated with the SigningKey using the SymmetricEncryptionAlgorithm from the SecurityPolicy. The Signature is calculated after encrypting the KeyData and the payload. The Signature can only be checked after the KeyData is decrypted. It allows the receiver to verify that the message has not beem tampered with. It does not provide any information about who created the EncryptedSecret. |