Table 11 describes UAFX OfflineEngineering Security ConformanceUnits which describe the security policies for signing Descriptors. For additional information about these items, please refer to OPC 1000083.
Table 11 – OfflineEngineering Descriptor Security
UAFX OfflineEngineering Signing – Limits |
||
Offline |
UAFX Offline Rsa-Sha256 Limits |
-> MinAsymmetricKeyLength: 2048 bits -> MaxAsymmetricKeyLength: 4096 bits |
Offline |
UAFX Offline Rsa-Sha384 Limits |
-> MinAsymmetricKeyLength: 3072 bits -> MaxAsymmetricKeyLength: 4096 bits |
Offline |
UAFX Offline Rsa-Sha512Limits |
-> MinAsymmetricKeyLength: 4096 bits -> MaxAsymmetricKeyLength: 8192 bits |
Offline |
UAFX Offline ECCnistP256 Limits |
-> MinAsymmetricKeyLength: 256 bits (ECC) -> MaxAsymmetricKeyLength: 384 bits (ECC for CA Only) |
Offline |
UAFX Offline ECCnistP384 Limits |
-> MinAsymmetricKeyLength: 384 bits (ECC) -> MaxAsymmetricKeyLength: 521 bits (ECC for CA Only) |
Offline |
UAFX Offline ECCnistP521 Limits |
-> MinAsymmetricKeyLength: 521 bits (ECC) -> MaxAsymmetricKeyLength: 521 bits (ECC) |
UAFX OfflineEngineering Signing - Algorithms |
||
Offline |
UAFX Offline CertificateSignatureAlgorithm_ RSA-PKCS15-SHA2-256 |
The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 256 bits, 384 bits, or 512 bits. It is described in https://tools.ietf.org/html/rfc6234. |
Offline |
UAFX Offline AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-384 |
The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 384 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#rsa-sha384. |
Offline |
UAFX Offline CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-384 |
The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 384 bits or 512 bits. It is described in https://tools.ietf.org/html/rfc6234. |
Offline |
UAFX Offline AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-512 |
The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 512 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#rsa-sha512. |
Offline |
UAFX Offline CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-512 |
The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 512 bits. It is described in https://tools.ietf.org/html/rfc6234. |
Offline |
UAFX Offline AsymmetricSignatureAlgorithm_ECDSA-SHA2-256 |
The ECC digital signature algorithm described in https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 256 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256. |
Offline |
UAFX Offline CertificateKeyAlgorithm_ECC-nistP256 |
The P-256 or P-384 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. ECC public key compression is not used. ECC coordinates are encoded as big-endian integers padded with zeros. An end entity Certificate shall use P-256. A CA that issues end entity Certificates shall use P-256. Other CAs may use P-384. |
Offline |
UAFX Offline CertificateSignatureAlgorithm_ECDSA-SHA2-256 |
ECC digital signature algorithm described in https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The SHA2 algorithm is described in http://tools.ietf.org/html/rfc6234. The SHA2 algorithm length depends on the public key. The length shall be 256 bits if the P-256 curve is used. The length shall be 384 bits if the P-384 curve is used. |
Offline |
UAFX Offline AsymmetricSignatureAlgorithm_ECDSA-SHA2-384 |
The ECC digital signature algorithm described in https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 384 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384. |
Offline |
UAFX Offline CertificateKeyAlgorithm_ECC-nistP384 |
The P-384 or P-521 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. ECC public key compression is not used. ECC coordinates are encoded as big-endian integers padded with zeros. An end entity Certificate shall use P-384. A CA that issues end entity Certificates shall use P-384. Other CAs may use P-521. |
Offline |
UAFX Offline CertificateSignatureAlgorithm_ECDSA-SHA2-384 |
ECC digital signature algorithm described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The SHA2 algorithm is described in http://tools.ietf.org/html/rfc6234. The SHA2 algorithm length depends on the public key. The length shall be 384 bits if the P-384 curve is used. The length shall be 512 bits if the P-521 curve is used. |
Offline |
UAFX Offline AsymmetricSignatureAlgorithm_ECDSA-SHA2-512 |
The ECC digital signature algorithm described in https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 512 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512. |
Offline |
UAFX Offline CertificateKeyAlgorithm_ECC-nistP521 |
The P-521 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. ECC public key compression is not used. ECC coordinates are encoded as big-endian integers padded with zeros. |
Offline |
UAFX Offline CertificateSignatureAlgorithm_ECDSA-SHA2-512 |
ECC digital signature algorithm described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 512 bits and is described in https://tools.ietf.org/html/rfc6234. |