Header layout for NetworkMessages with integrity and confidentiality (signing and encryption) – OPC Unified Architecture

A.2.1.6 Header layout for NetworkMessages with integrity and confidentiality (signing and encryption)

UADP messages may be signed and encrypted. In this case the SecurityHeader and the Signature have to be added to the message. See clause 7.2.4.4.3 for a complete description of the security mechanisms.

This header layout is basically the same as the header layout defined in A.2.1.4 but with additional security level ‘signing and encryption’.

The NetworkMessage header layout with signing is shown in Figure A.3.

Figure A.3 – UADP NetworkMessage header layout with integrity and confidentiality

Table A.4 shows the configuration for the NetworkMessage header with signing and encryption. The table contains only the added or modified rows from Table A.1.

Table A.4 – UADP NetworkMessage header layout with integrity and confidentiality

Name	Type	Restrictions
ExtendedFlags1	Byte	Bit 4: SecurityHeader enabled = 1
SecurityHeader
SecurityFlags	Byte	Bit 0: NetworkMessage Signed enabled = 1 Bit 1: NetworkMessage Encryption enabled = 1 Bit 2: SecurityFooter enabled = 0 Bit 3: Force key reset enabled = 0 Bit range 4-7: Reserved
SecurityTokenId	IntegerId	The ID of the security token that identifies the security key in a SecurityGroup.
NonceLength	Byte	8
MessageNonce	Byte[8]	A number used exactly once for a given security key.