The Message header is followed by a security header which specifies what cryptography operations have been applied to the Message. There are two versions of the security header which depend on the type of security applied to the Message. The security header used for asymmetric algorithms is defined in Table 42. Asymmetric algorithms are used to secure the OpenSecureChannel Messages. PKCS #1 defines a set of asymmetric algorithms that may be used by UASC implementations. The AsymmetricKeyWrapAlgorithm element of the SecurityPolicy structure defined in Table 35 is not used by UASC implementations.

Table 42 – Asymmetric algorithm Security header

Name

Data Type

Description

SecurityPolicyUriLength

Int32

The length of the SecurityPolicyUri in bytes.

This value shall not exceed 255 bytes.

If a URI is not specified this value may be 0 or -1.

Other negative values are invalid.

SecurityPolicyUri

Byte [*]

The URI of the Security Policy used to secure the Message.

This field is encoded as a UTF-8 string without a null terminator.

SenderCertificateLength

Int32

The length of the SenderCertificate in bytes.

This value shall not exceed MaxSenderCertificateSize bytes.

If a certificate is not specified this value may be 0 or -1.

Other negative values are invalid.

SenderCertificate

Byte [*]

The X.509 v3 Certificate assigned to the sending application Instance.

This is a DER encoded blob.

The structure of an X.509 v3 Certificate is defined in X.509 v3.

The DER format for a Certificate is defined in X690

This indicates what Private Key was used to sign the MessageChunk.

The Stack shall close the channel and report an error to the application if the SenderCertificate is too large for the buffer size supported by the transport layer.

This field shall be null if the Message is not signed.

If the Certificate is signed by a CA, the DER encoded CA Certificate may be appended after the Certificate in the byte array. If the CA Certificate is also signed by another CA this process is repeated until the entire Certificate chain is in the buffer or if MaxSenderCertificateSize limit is reached (the process stops after the last whole Certificate that can be added without exceeding the MaxSenderCertificateSize limit).

Receivers can extract the Certificates from the byte array by using the Certificate size contained in DER header (see X.509 v3).

Receivers that do not handle Certificate chains shall ignore the extra bytes.

ReceiverCertificateThumbprintLength

Int32

The length of the ReceiverCertificateThumbprint in bytes.

If encrypted the length of this field is 20 bytes.

If not encrypted the value may be 0 or -1.

Other negative values are invalid.

ReceiverCertificateThumbprint

Byte [*]

The thumbprint of the X.509 v3 Certificate assigned to the receiving application Instance.

The thumbprint is the CertificateDigest of the DER encoded form of the Certificate.

This indicates what public key was used to encrypt the MessageChunk.

This field shall be null if the Message is not encrypted.

The receiver shall close the communication channel if any of the fields in the security header have invalid lengths.

The SenderCertificate, including any chains, shall be small enough to fit into a single MessageChunk and leave room for at least one byte of body information. The maximum size for the SenderCertificate can be calculated with this formula:

MaxSenderCertificateSize =

MessageChunkSize –

12 - // Header size

4 - // SecurityPolicyUriLength

SecurityPolicyUri -// UTF-8 encoded string

4 - // SenderCertificateLength

4 - // ReceiverCertificateThumbprintLength

20 - // ReceiverCertificateThumbprint

8 - // SequenceHeader size

1 - // Minimum body size

1 - // PaddingSize if present

Padding - // Padding if present

ExtraPadding - // ExtraPadding if present

AsymmetricSignatureSize// If present

The MessageChunkSize depends on the transport protocol but shall be at least 8 192 bytes. The AsymmetricSignatureSize depends on the number of bits in the public key for the SenderCertificate. The Int32FieldLength is the length of an encoded Int32 value and it is always 4 bytes.

The security header used for symmetric algorithms defined in Table 43. Symmetric algorithms are used to secure all Messages other than the OpenSecureChannel Messages. FIPS 197 define symmetric encryption algorithms that UASC implementations may use. FIPS 180-2 and HMAC define some symmetric signature algorithms.

Table 43 – Symmetric algorithm Security header

Name

Data Type

Description

TokenId

UInt32

A unique identifier for the SecureChannel SecurityToken used to secure the Message.

This identifier is returned by the Server in an OpenSecureChannel response Message. If a Server receives a TokenId which it does not recognize it shall return an appropriate transport layer error.