EccEncryptedSecret DataType – OPC Unified Architecture

7.40.2.5 EccEncryptedSecret DataType

The EccEncryptedSecret uses ECC based Asymmetric Cryptography.

Additional semantics for the fields in the EncryptedSecret layout for the EccEncryptedSecret Structure are described in Table 186.

The EccEncryptedSecret uses ECC or RSA Diffie-Hellman (RSA-DH) Finite Field Group EphemeralKeys to create the symmetric key used to encrypt the Secret. The handshake required to create and use the EphemeralKeys is described in OPC 10000-6.

Table 186 – EccEncryptedSecret Layout

Name	Type	Description
TypeId	NodeId	The NodeId of the EccEncryptedSecret DataType Node.
EncodingMask	Byte	See Table 183
Length	UInt32	See Table 183
SecurityPolicyUri	String	See Table 183
Certificate	ByteString	The signing Certificate encoded in DER form. The value shall include the entire chain. This value may be null or empty if the SigningCertificate is known to the receiver. This is true if the structure is used to provide a UserIdentityToken to a Server over a SecureChannel and the SigningCertificate is the Client ApplicationInstance Certificate.
SigningTime	DateTime	See Table 183
KeyDataLength	UInt16	The length of the KeyData without encryption.
KeyData		The KeyData is not encrypted.
SenderPublicKey	ByteString	The Public Key for the EphemeralKey created by the sender.
ReceiverPublicKey	ByteString	The Public Key for the EphemeralKey created by the receiver.
Nonce	ByteString	A Nonce. This is the last ServerNonce returned in the CreateSession or ActivateSession Response when proving a UserIdentityToken passed in the ActivateSession Request. In other contexts, this is a Nonce created by the sender with a length between 32 and 128 bytes inclusive and it is not checked by the receiver.
Secret	ByteString	See Table 183
PayloadPadding	Byte [*]	See Table 183
PayloadPaddingSize	UInt16	See Table 183
Signature	Byte [*]	The Signature calculated using the Certificate and the AsymmetricSignatureAlgorithm. The data to sign is shown in Figure 39.