UAFX Part 84: Profiles - 5.4.3 UAFX OfflineEngineering Descriptor Security

5.4.3 UAFX OfflineEngineering Descriptor Security

Table 11 describes UAFX OfflineEngineering Security ConformanceUnits which describe the security policies for signing Descriptors. For additional information about these items, please refer to OPC 1000083.

Table 11 – OfflineEngineering Descriptor Security

UAFX OfflineEngineering Signing – Limits
Offline	UAFX Offline Rsa-Sha256 Limits	-> MinAsymmetricKeyLength: 2048 bits -> MaxAsymmetricKeyLength: 4096 bits
Offline	UAFX Offline Rsa-Sha384 Limits	-> MinAsymmetricKeyLength: 3072 bits -> MaxAsymmetricKeyLength: 4096 bits
Offline	UAFX Offline Rsa-Sha512Limits	-> MinAsymmetricKeyLength: 4096 bits -> MaxAsymmetricKeyLength: 8192 bits
Offline	UAFX Offline ECCnistP256 Limits	-> MinAsymmetricKeyLength: 256 bits (ECC) -> MaxAsymmetricKeyLength: 384 bits (ECC for CA Only)
Offline	UAFX Offline ECCnistP384 Limits	-> MinAsymmetricKeyLength: 384 bits (ECC) -> MaxAsymmetricKeyLength: 521 bits (ECC for CA Only)
Offline	UAFX Offline ECCnistP521 Limits	-> MinAsymmetricKeyLength: 521 bits (ECC) -> MaxAsymmetricKeyLength: 521 bits (ECC)
UAFX OfflineEngineering Signing - Algorithms
Offline	UAFX Offline CertificateSignatureAlgorithm_ RSA-PKCS15-SHA2-256	The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 256 bits, 384 bits, or 512 bits. It is described in https://tools.ietf.org/html/rfc6234.
Offline	UAFX Offline AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-384	The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 384 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#rsa-sha384.
Offline	UAFX Offline CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-384	The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 384 bits or 512 bits. It is described in https://tools.ietf.org/html/rfc6234.
Offline	UAFX Offline AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-512	The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 512 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#rsa-sha512.
Offline	UAFX Offline CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-512	The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 512 bits. It is described in https://tools.ietf.org/html/rfc6234.
Offline	UAFX Offline AsymmetricSignatureAlgorithm_ECDSA-SHA2-256	The ECC digital signature algorithm described in https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 256 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256.
Offline	UAFX Offline CertificateKeyAlgorithm_ECC-nistP256	The P-256 or P-384 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. ECC public key compression is not used. ECC coordinates are encoded as big-endian integers padded with zeros. An end entity Certificate shall use P-256. A CA that issues end entity Certificates shall use P-256. Other CAs may use P-384.
Offline	UAFX Offline CertificateSignatureAlgorithm_ECDSA-SHA2-256	ECC digital signature algorithm described in https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The SHA2 algorithm is described in http://tools.ietf.org/html/rfc6234. The SHA2 algorithm length depends on the public key. The length shall be 256 bits if the P-256 curve is used. The length shall be 384 bits if the P-384 curve is used.
Offline	UAFX Offline AsymmetricSignatureAlgorithm_ECDSA-SHA2-384	The ECC digital signature algorithm described in https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 384 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384.
Offline	UAFX Offline CertificateKeyAlgorithm_ECC-nistP384	The P-384 or P-521 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. ECC public key compression is not used. ECC coordinates are encoded as big-endian integers padded with zeros. An end entity Certificate shall use P-384. A CA that issues end entity Certificates shall use P-384. Other CAs may use P-521.
Offline	UAFX Offline CertificateSignatureAlgorithm_ECDSA-SHA2-384	ECC digital signature algorithm described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The SHA2 algorithm is described in http://tools.ietf.org/html/rfc6234. The SHA2 algorithm length depends on the public key. The length shall be 384 bits if the P-384 curve is used. The length shall be 512 bits if the P-521 curve is used.
Offline	UAFX Offline AsymmetricSignatureAlgorithm_ECDSA-SHA2-512	The ECC digital signature algorithm described in https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 512 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512.
Offline	UAFX Offline CertificateKeyAlgorithm_ECC-nistP521	The P-521 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. ECC public key compression is not used. ECC coordinates are encoded as big-endian integers padded with zeros.
Offline	UAFX Offline CertificateSignatureAlgorithm_ECDSA-SHA2-512	ECC digital signature algorithm described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 512 bits and is described in https://tools.ietf.org/html/rfc6234.