5.4.3 UAFX OfflineEngineering Descriptor Security
Table 11 describes UAFX OfflineEngineering Security ConformanceUnits which describe the security policies for signing Descriptors. For additional information about these items, please refer to OPC 10000‑83.
| Category | Title | Description |
|---|---|---|
| UAFX OfflineEngineering Signing – Limits | ||
| Offline | UAFX Offline Rsa-Sha256 Limits | -> MinAsymmetricKeyLength: 2048 bits -> MaxAsymmetricKeyLength: 4096 bits |
| Offline | UAFX Offline Rsa-Sha384 Limits | -> MinAsymmetricKeyLength: 3072 bits -> MaxAsymmetricKeyLength: 4096 bits |
| Offline | UAFX Offline Rsa-Sha512Limits | -> MinAsymmetricKeyLength: 4096 bits -> MaxAsymmetricKeyLength: 8192 bits |
| Offline | UAFX Offline ECC‑nistP256 Limits | -> MinAsymmetricKeyLength: 256 bits (ECC) -> MaxAsymmetricKeyLength: 384 bits (ECC for CA Only) |
| Offline | UAFX Offline ECC‑nistP384 Limits | -> MinAsymmetricKeyLength: 384 bits (ECC) -> MaxAsymmetricKeyLength: 521 bits (ECC for CA Only) |
| Offline | UAFX Offline ECC‑nistP521 Limits | -> MinAsymmetricKeyLength: 521 bits (ECC) -> MaxAsymmetricKeyLength: 521 bits (ECC) |
| UAFX OfflineEngineering Signing - Algorithms | ||
|---|---|---|
| Offline | UAFX Offline CertificateSignatureAlgorithm_ RSA-PKCS15-SHA2-256 | The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 256 bits, 384 bits, or 512 bits. It is described in https://tools.ietf.org/html/rfc6234. |
| Offline | UAFX Offline AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-384 | The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 384 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#rsa-sha384. |
| Offline | UAFX Offline CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-384 | The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 384 bits or 512 bits. It is described in https://tools.ietf.org/html/rfc6234. |
| Offline | UAFX Offline AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-512 | The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 512 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#rsa-sha512. |
| Offline | UAFX Offline CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-512 | The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASSA-PKCS1-v1_5 scheme is used. The hash algorithm is SHA2 with 512 bits. It is described in https://tools.ietf.org/html/rfc6234. |
| Offline | UAFX Offline AsymmetricSignatureAlgorithm_ECDSA-SHA2-256 | The ECC digital signature algorithm described in https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 256 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256. |
| Offline | UAFX Offline CertificateKeyAlgorithm_ECC-nistP256 | The P-256 or P-384 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. ECC public key compression is not used. ECC coordinates are encoded as big-endian integers padded with zeros. An end entity Certificate shall use P-256. A CA that issues end entity Certificates shall use P-256. Other CAs may use P-384. |
| Offline | UAFX Offline CertificateSignatureAlgorithm_ECDSA-SHA2-256 | ECC digital signature algorithm described in https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The SHA2 algorithm is described in http://tools.ietf.org/html/rfc6234. The SHA2 algorithm length depends on the public key. The length shall be 256 bits if the P-256 curve is used. The length shall be 384 bits if the P-384 curve is used. |
| Offline | UAFX Offline AsymmetricSignatureAlgorithm_ECDSA-SHA2-384 | The ECC digital signature algorithm described in https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 384 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384. |
| Offline | UAFX Offline CertificateKeyAlgorithm_ECC-nistP384 | The P-384 or P-521 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. ECC public key compression is not used. ECC coordinates are encoded as big-endian integers padded with zeros. An end entity Certificate shall use P-384. A CA that issues end entity Certificates shall use P-384. Other CAs may use P-521. |
| Offline | UAFX Offline CertificateSignatureAlgorithm_ECDSA-SHA2-384 | ECC digital signature algorithm described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The SHA2 algorithm is described in http://tools.ietf.org/html/rfc6234. The SHA2 algorithm length depends on the public key. The length shall be 384 bits if the P-384 curve is used. The length shall be 512 bits if the P-521 curve is used. |
| Offline | UAFX Offline AsymmetricSignatureAlgorithm_ECDSA-SHA2-512 | The ECC digital signature algorithm described in https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 512 bits and is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512. |
| Offline | UAFX Offline CertificateKeyAlgorithm_ECC-nistP521 | The P-521 curve described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. ECC public key compression is not used. ECC coordinates are encoded as big-endian integers padded with zeros. |
| Offline | UAFX Offline CertificateSignatureAlgorithm_ECDSA-SHA2-512 | ECC digital signature algorithm described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. The hash algorithm is SHA2 with 512 bits and is described in https://tools.ietf.org/html/rfc6234. |
| Offline | UAFX Offline CertificateSignatureAlgorithm_ RSASAA_PSS-SHA2-256 | The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASAA-PSS scheme is used. The hash algorithm is SHA2 with 256 bits, 384 bits, or 512 bits. It is described in https://tools.ietf.org/html/rfc6234. |
| Offline | UAFX Offline AsymmetricSignatureAlgorithm_RSASAA_PSS-SHA2-384 | The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASAA-PSS scheme is used. The hash algorithm is SHA2 with 384 bits. It is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#rsa-sha384. |
| Offline | UAFX Offline CertificateSignatureAlgorithm_RSASAA_PSS-SHA2-384 | The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASAA-PSS scheme is used. The hash algorithm is SHA2 with 384 bits or 512 bits. It is described in https://tools.ietf.org/html/rfc6234. |
| Offline | UAFX Offline AsymmetricSignatureAlgorithm_RSASAA_PSS-SHA2-512 | The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447. The RSASAA-PSS scheme is used. The hash algorithm is SHA2 with 512 bits. It is described in https://tools.ietf.org/html/rfc6234. The URI is http://www.w3.org/2001/04/xmldsig-more#rsa-sha512. |
| Offline | UAFX Offline CertificateSignatureAlgorithm_RSASAA_PSS-SHA2-512 | The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447 The RSASAA-PSS scheme is used. The hash algorithm is SHA2 with 512 bits. It is described in https://tools.ietf.org/html/rfc6234. |