OPC 10000-4defines the layout of EccEncryptedSecretstructure which is used to protect secrets with ECC SecurityPolicies. Applying security with ECC requires two EphemeralKeysgenerated by the sender and the receiver which are used create the symmetric keys need for encryption.

6.8.2defines a mechanism to allows the sender to acquire the receiver EphemeralKeywhen using a Session. Using the EccEncryptedSecret in other contexts requires a different mechanism.

Once the sender has the receiver EphemeralKey, it creates its own EphemeralKey. The ECC curve and key length for the EphemeralKeys are specified by the SecurityPolicyUri.

The encryption uses the symmetric encryption algorithm specified by the SecurityPolicyUri. The encrypting key and initialization vector are generated by using the EphemeralKeys to create the shared secret and then derive keys using the algorithm defined in 6.8.2. Step 1 is slightly different and defined as follows:

Step 1: Calculate Salt

SecretSalt = L | UTF8(opcua-secret) | SenderPublicKey | ReceiverPublicKey


  • L is the length of derived key material needed encoded as a 16-bit little endian integer;
  • UTF8(opcua-secret) is the UTF8 encoding of the string literal ‘opcua-secret’;
  • SenderPublicKey and ReceiverPublicKeyare from the PolicyHeader;
  • | concatenates sequences of bytes;

Salt is a sequence of bytes.

The encryption keys are extracted from the keying material created with IKM=shared secret, Salt=SecretSalt and Info=SecretSalt as shown in Table 64.

Table 64– Deriving Keys from Keying Material










The EncryptionKeyLengthand EncryptionBlockSizeare specified by the Symmetric Encryption Algorithmfor the SecurityPolicy. The Signatureis created with the SigningCertificateand is calculated after encryption. Receivers shall validate the SigningCertificate and signature before decrypting the Secret.