Search

25 result(s) for Signature

• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  3.1.50 X.509 Certificate
  entry: An X.509 Certificate contains a sequence of data items and has a Digital Signature computed on that sequence. OPC UA only uses
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.2.2 Parameters
  None, a Client shall prove possession by using the private key to create a Signature using the Nonce provided by the Server in the response. If the SecurityMode ... Server AddressSpace as defined in OPC 10000-5 . serverSignature SignatureData This is a signature calculated using the method in 6.1.8 . The SignatureData type is defined in 7.36 . The clientCertificate shall
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.1.8 Calculating Signatures used in CreateSession and ActivateSession
  Server applications may need to calculate when calling CreateSession and ActivateSession . The new Signature calculation algorithm, called channel bound Signatures , requires that the Certificates used to establish the SecureChannel ... with SecurityPolicies with SecureChannelEnhancements = TRUE. Otherwise, the legacy calculation method is used. The new Signature calculation method produces "channel bound" Signatures to indicate that they are only accepted
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.15 EphemeralKeyType
  EphemeralKeyType Name Type Description EphemeralKeyType Structure Specifies an ECC ephemeral Public Key and a signature created by the application that owns the associated Private Key . publicKey ByteString The Public ... size of the Public Key is specified by the current SecurityPolicyUri . signature ByteString The Signature calculated using the ApplicationInstanceCertificate used with the current SecureChannel .. The value of the Public
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.1 Overview
  passed to the Server . Other types of tokens allow the Client to create a signature with the secret associated with the Token . In these cases, the Client proves possession ... UserIdentityToken by creating a signature with the secret and passing it to the Server . Each UserIdentityToken allowed by an Endpoint shall have a UserTokenPolicy specified in the EndpointDescription . The UserTokenPolicy
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.3 EncryptedSecret Format
  required on the payload and append after the Secret; Encrypt the payload; Calculate a Signature; Append the Signature. Individual fields are serialized using the UA Binary encoding ... EncryptedSecret is deserilized and validated as follows : Deserialize the common header; Verify the Signature if the KeyData is not encrypted; Decrypt the KeyData and verify the Signature if the KeyData
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.4 RsaEncryptedSecret DataType
  lengths required by the SecurityPolicy . SigningKey ByteString The key used to compute the Signature . EncryptingKey ByteString The key used to encrypt payload. InitializationVector ByteString The initialization vector used with ... ByteString See Table 183 . PayloadPadding Byte[*] See Table 183 . PayloadPaddingSize UInt16 See Table 183 . Signature Byte[*] The Signature calculated with the SigningKey using the SymmetricEncryptionAlgorithm from the SecurityPolicy . The Signature
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.5 EccEncryptedSecret DataType
  ByteString See Table 183 PayloadPadding Byte [*] See Table 183 PayloadPaddingSize UInt16 See Table 183 Signature Byte [*] The Signature calculated using the Certificate and the AsymmetricSignatureAlgorithm . The data to sign
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.5 X509IdentityTokens
  which is issued by the user. This token shall always be accompanied by a Signature in the userTokenSignature parameter of ActivateSession if required by the SecurityPolicy . The Server should specify
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.1 Security Handshake and Security Policies
  SecurityPolicy Name Description PolicyUri The URI assigned to the SecurityPolicy . SymmetricSignatureAlgorithm The symmetric signature algorithm to use. SymmetricEncryptionAlgorithm The symmetric encryption algorithm to use. AsymmetricSignatureAlgorithm The asymmetric signature algorithm ... length in bits of the derived key used for Message authentication. CertificateSignatureAlgorithm The asymmetric signature algorithm used to sign certificates. CertificateKeyAlgorithm The algorithm used to create asymmetric key pairs used
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.7.2.1 Overview
  algorithms. For these SecurityPolicies any padding is appended to the message before appending the Signature . When using Sign mode, the Padding is not present. Figure 11 - MessageChunk when not using ... applied to the Message when using Authenticated Encryption algorithms. For these SecurityPolicies the Signature is calculated during encryption and appended after the encrypted data. Figure 12 - MessageChunk for Authenticated Encryption
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.7.5 ChannelThumbprint
  ChannelThumbprint When using SecurityPolicies with SecureChannelEnhancements = TRUE, the Signature on the OpenSecureChannel Response is calculated by appending the bytes of the Signature from the first OpenSecureChannel Request to the bytes ... first OpenSecureChannel Response . The ChannelThumbprint is the Signature on the OpenSecureChannel Response . This additional Signature calculation is not done when renewing a SecureChannel since the key derivation method described
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.8.3 ECC and RSA-DH Encrypted Secret
  EncryptionKeyLength and EncryptionBlockSize are specified by the Symmetric Encryption Algorithm for the SecurityPolicy . The Signature is created with the SigningCertificate and is calculated after encryption. Receivers shall validate the SigningCertificate ... signature before decrypting the Secret . The PayloadPadding calculated to ensure the encrypted data is a multiple of InitializationVectorLength when using block based symmetric encryption algorithms such as AES-CBC. When
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.9.11 CheckRevocationStatus
  Certificate before calling this Method . The CertificateManager shall check the Signature on the Certificate and may do additional validation. This Method shall be called from an authenticated SecureChannel . Signature CheckRevocationStatus
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.25 UserTokenSettingsDataType
  X509IdentityToken is trusted or by using a Certificate in the TrustList to verify the Signature on an IssuedIdentityToken . The CertificateGroup is not specified for UserName or Anonymous TokenTypes . The KeyCredentialName
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.6.4 AuthorizationServiceType
  AuthorizationServiceConfigurationType (see 9.7.4 ). The ServiceCertificate Property contains the Certificate required to check any Signature that is included with the AccessTokens. The ServiceCertificate may be a complete chain
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.6.7 FinishRequestToken
  SecureChannel and from a Client that has access to the AccessTokenRequestor Privilege (see 9.2 ) . Signature FinishRequestToken ( [in] Guid RequestId [in] String[] RequestedRoles [in] UserIdentityToken UserIdentityToken [in] SignatureData UserTokenSignature [out] String ... Roles are granted. UserIdentityToken The identity used to authorize the AccessToken request. UserTokenSignature The Signature used to prove possession of a Certificate provided with an X509IdentityToken AccessToken . Otherwise, the parameter
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  A.2.1.5 Header layout for NetworkMessages with integrity (signing)
  messages may be signed to ensure integrity. In this case the SecurityHeader and the Signature have to be added to the message. See clause 7.2.4.4.3 for a complete description
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  A.2.1.6 Header layout for NetworkMessages with integrity and confidentiality (signing and encryption)
  UADP messages may be signed and encrypted. In this case the SecurityHeader and the Signature have to be added to the message. See clause 7.2.4.4.3 for a complete description
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  A.2.2.6 Header layout for NetworkMessages with integrity and confidentiality (signing and encryption)
  UADP messages may be signed and encrypted. In this case the SecurityHeader and the Signature have to be added to the message. See clause 7.2.4.4.3 for a complete description
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  6.1 Tickets
  used for a document that describes one or more Devices and has a Digital Signature that can be used to verify that the contents of the document have not been ... physical control. The current owner of a Device validates the Ticket by choosing a Signature created by an authority it trusts. For example, a CompositeBuilder re-signs the Tickets
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  6.2 Ticket Distribution
  initially receives a Ticket, it may wish to validate them immediately and add a Signature with their own Certificate. A Signature shall only be applied to a Ticket that ... manage the issue of expiring Certificates by periodically re-validating and adding a new Signature before the previous Certificate that created the previous Signature expires. The re-signed Tickets should
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  6.4 Acquiring and Validating Tickets
  follows: Verify that a signing Certificate is valid and trusted; Verify the Signature is valid; Tickets that are not valid shall not be used. Tickets may have multiple signatures added ... different actors in the supply chain. The Registrar only needs to find one Signature created by a trusted authority. This assumes that actors in the supply chain only
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  7.4.2.1 Overview
  specification). The FDO Device identifies itself to the FDO Owner and creates a Signature with a PrivateKey preinstalled on the FDO Device. Then the FDO Owner verifies the Signature ... Owner . The FDO Owner presents the FDO Ownership Voucher for FDO Device with a Signature created by the FDO Owner. The FDO then allows communication to continue
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  8.1 Signed Ticket Encoding
  encoded as JSON documents. These JSON documents secured with digital signature applied to the general serialization described by RFC 7515 . The structure of an RFC 7515 document is as follows ... BASE64URL(UTF8(JSON encoded protected header))", "header": JSON encoded header, "signature":" BASE64URL(JWS Signature)"}, ... {"protected":"BASE64URL(UTF8(JSON encoded protected