Search

29 result(s) for PrivateKey

• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  3.1.35 Private Key
  Private Key secret component of a pair of cryptographic keys used for Asymmetric Cryptography Note 1 to entry:  Public Key and Private Key are always generated as a pair
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  3.1.6 Asymmetric Cryptography
  Cryptography Cryptography method that uses a pair of keys, one that is designated the Private Key and kept secret, the other called the Public Key that is generally made available ... provided by entity "B". Only entity "B" has the matching Private Key that is needed to decrypt the data. In an asymmetric Digital Signature algorithm when
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  3.1.7 Asymmetric Encryption
  with the Public Key of an entity and for decrypting data with the associated Private Key
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  3.1.8 Asymmetric Signature
  Asymmetric Signature mechanism used by Asymmetric Cryptography for signing data with the Private Key of an entity and for verifying the data's signature with the associated Public Key
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  3.1.16 Certificate Authority
  This allows others (relying parties) to rely upon signatures or assertions made by the Private Key that corresponds to the Public Key that is certified. In this model of trust ... relying upon the Certificate . CAs are characteristic of many Public Key infrastructure (PKI) schemes Note 2 to entry: A private CA system (or a private sub-CA) could be used
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  3.1.37 Public Key Infrastructure
  generated by a Certificate authority (CA); but it is better to have the Private Key owner generate the key pair locally, provided they have a trusted key generation capability, since ... improves security because the Private Key is never transmitted to the CA. See PKI and X509 for more details on Public Key Infrastructures
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.13 OPC UA security related Services
  Server's Public Key and by generating Asymmetric Signatures with the Client 's Private Key. However, the Certificate is sent unencrypted so that the receiver can use it to verify ... Asymmetric Signature . The Server decrypts the Message with its Private Key and verifies the Asymmetric Signature with the Client 's Public Key . The secret information of the OPC UA Client
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.1.10 Rogue Server or Publisher
  from a trusted OPC UA Server , but since it does not possess the appropriate Private Key (because this will never be distributed) to decrypt Message s secured with the correct ... able to read and misuse secured data sent by a Client . Also, without the Private Key the Server would never be able to sign a response message to a Client
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  9.1 Overview
  Certificate . This Digital Signature can be self-signed (the signature is generated by the Private Key associated with X.509 v3 Certificate that is the ApplicationInstanceCertificate ) or can be signed ... Certificate Authority (The signature is generated by the Private Key associated the X.509 v3 Certificate of the CA). Both types of Certificates provide the same level of security
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  9.4.2 Certificate management for developers
  identify itself when connecting to other OPC UA Applications (the Public Key and Private Key ). Each ApplicationInstance has a globally unique URI which identifies it. The OPC UA Application will ... unique key that is used to verify Digital Signatures created with the associated Private Key . The syntax of these Certificates conforms to the X.509 specification and as a result these
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.15 EphemeralKeyType
  ephemeral Public Key and a signature created by the application that owns the associated Private Key . publicKey ByteString The Public Key associated with an EphemeralKey created by the sender
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.7.2.3 Security Header
  format for a Certificate is defined in X.690 This indicates what Private Key was used to sign the MessageChunk . The Stack shall close the channel and report an error
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.8.1 Secure Channel Handshake
  Figure 15 . Figure 15 - ECC Key Negotiation Certificate s for ECC have a public-private key pair that are used to create and verify a digital signature. To negotiate ... used each time a SecureChannel is negotiated and they are called EphemeralKeys . ECC public-private key pairs are always based on a specific elliptic curve function which is used
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.9 Diffie-Hellman Key Agreement (RSA)
  Finite Field Group Selection RSA PublicKey Length (bits) Finite Group Nonce Length (bytes) DH PrivateKey (bits) 2048-4096 ffdhe3072 384 275 The RSA PublicKey Length is the minimum key length ... which are constants defined in IETF RFC 7919 ). The DH PrivateKey length from Table 72 is used to generate a random number (a) of that length. The Client then calculates
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.7.4 Update Single Certificate Workflow
  CreateSigningRequest This Method creates a new CertificateRequest that is signed with a PrivateKey owned by the Server . If requested, the Server generates a new PrivateKey but uses the field values ... Issuer. The CertificateManager requests a new Certificate from the Issuer . The CertificateManager generates a PrivateKey on behalf the Server if the Server cannot generate its own PrivateKeys. UpdateCertificate This Method
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.9.2 CertificateDirectoryType
  managed by the CertificateManager . This Method is recommended when the caller already has a private key. The StartNewKeyPairRequest Method is used to request a new Certificate that is signed ... managed by the CertificateManager along with a new private key. This Method is used only when the caller does not have a private key and cannot generate one. The FinishRequest
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.9.3 StartSigningRequest
  Method is used to initiate a request to create a Certificate which uses the private key which the caller currently has. The new Certificate is returned in the FinishRequest response ... value of the CertificateGroupId argument. CertificateRequest A CertificateRequest used to prove possession of the Private Key . It is a PKCS #10 encoded blob in DER format. If the CertificateRequest
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.9.4 StartNewKeyPairRequest
  StartNewKeyPairRequest Method is used to start a request for a new Certificate and Private Key . The Certificate and Private Key . are returned in the FinishRequest response. Signature StartNewKeyPairRequest( [in] NodeId ... specified the DiscoveryUrls are used to create suitable defaults. PrivateKeyFormat The format of the private key. The following values are always supported: PFX PKCS #12 encoded PEM PKCS #8 Base64
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.3 ServerConfigurationType
  LocalDiscoveryServer when the Server calls the RegisterServer2 Service . The SupportedPrivateKeyFormats specifies the PrivateKey formats supported by the Server . Possible values include ... array is empty if the Server does not allow external Clients to update the PrivateKey . The MaxTrustListSize is the maximum size of the TrustList in bytes. 0 means no limit
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.5 UpdateCertificate
  update a Certificate . There are the following two use cases for this Method : The PrivateKey is already known to the Server (i.e. it was created with the CreateSigningRequest ... CreateSelfSignedCertificate (see 7.10.6 ) Method ). The PrivateKey was created outside the Server and is updated with this Method . The Purpose of the associated CertificateGroup determines the validation rules for Certificate being
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.6 CreateSelfSignedCertificate
  transaction if an existing transaction does not exist. The Server may use an existing PrivateKey or create a new PrivateKey . If a Server cannot generate PrivateKeys for the specified CertificateType ... prior to calling this Method . keySizeInBits The size of the PublicKey and PrivateKey in bits. The CertificateTypeId limits the values that may be set. A value of 0 indicates that
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.7 DeleteCertificate
  with the Certificate . When the Certificate is deleted, the Server should delete the associated PrivateKey if no longer needed. This Method shall be called from an authenticated SecureChannel and from
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.10 CreateSigningRequest
  PKCS #10 DER encoded Certificate Request that is signed with the Server's private key. The Certificate Request can be then used to request a Certificate from a CA. Servers ... SubjectName is defined in 7.9.4 . RegeneratePrivateKey If TRUE the Server shall create a new Private Key which it stores until the matching signed Certificate is uploaded with the UpdateCertificate Method
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.26 CertificateUpdateRequestedAuditEventType
  CertificateUpdateRequestedAuditEventType This event is raised when the UpdateCertificate Method is called. If a PrivateKey was one of the InputArguments then that argument is set to NULL before generating this Event
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  G.3 Setting Permissions
  Setting Permissions If a Private Key is stored on a regular file system it shall be protected from unauthorized access. This is best done by setting operating system permissions ... private key file that deny read/write access to anyone who is not using an account authorized to run the application. In some cases, additional protection can be added by protecting
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  4.2.2 Firmware and Applications
  storage cannot be backed up nor is it affect by a firmware update. The Private Key of DeviceIdentity Certificates (IDevID and LDevID) shall be placed in this storage. A Device
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  5.1 Device Identity
  used to prove the origin of the Device . This identity shall include a Private Key and an X.509v3 Certificate . IDevID Certificate should have the ProductInstanceUri (see 5.2 ) as a uniformResourceIdentifier ... Device . The LDevID Certificate may use the same keypair as the IDevID Certificate . The Private Key should be placed in SecureElement storage on the Device . The ProductInstanceUri should also
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  7.1 Overview
  EndpointDescription that uses that Certificate. This provides proof that the Device possesses the PrivateKey associated with the Certificate . The Registrar uses the SecureChannel to provide an Application Instance Certificate ... SecureChannel with the selected Certificate which provides proof that the Device possesses the PrivateKey associated with the Certificate. The DCA uses the SecureChannel to request a new Application Instance Certificate
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  7.4.2.1 Overview
  Device identifies itself to the FDO Owner and creates a Signature with a PrivateKey preinstalled on the FDO Device. Then the FDO Owner verifies the Signature and determines