13:56, EET
March 16, 2017
Hi,
I’ve seen that the class com.prosysopc.ua.stack.transport.security.SecurityMode provides following SecurityModes:
* SecurityMode.AES128_SIGN
* SecurityMode.AES128_SIGN_ENCRYPT
* SecurityMode.AES256_SIGN
* SecurityMode.AES256_SIGN_ENCRYPT
I wonder if this SecurityModes are somehow outdated?
I’ve checked the OpcUa reference, but I haven’t found any useful infomation about AES128, AES256 SecurityModes.
When taking a look at the Prosys Simulation Server there is also no option to configure an endpoint for this.
And I’ve checked also some other OpcUa Servers, but there wasn’t any possibility to configure an AES128 or AES256 endpoint.
Thank you for some information on this!
14:45, EET
April 3, 2012
Hi,
Those are actually the most up-to-date ones. Though, please note that the ‘com.prosysopc.ua.stack.transport.security.SecurityMode’ is our SDK-specific combination of com.prosysopc.ua.stack.core.MessageSecurityMode and com.prosysopc.ua.stack.transport.security.SecurityPolicy. The MessageSecurityMode is the None/Sign/signAndEncrypt and the SecurityPolicy are the policies for those (and the spec mostly talks about them separately).
The specification does specify SecurityPolicy. Related info used to be in Part 7 “Profiles”, though in later spec versions the actual data was moved unfortunately to be online only https://profiles.opcfoundation.org/ (there might be some document about these as pdf, but that is outside of this answer). If you navigate to the Security/SecurityPolicy ClientServer or use https://profiles.opcfoundation.org/profilefolder/474, you will see the
https://profiles.opcfoundation.org/profile/2058 for the Aes128 (full name is Aes128_Sha256_RsaOaep)
and
https://profiles.opcfoundation.org/profile/2060 for the Aes256 (full name is Aes256_Sha256_RsaPss)
you would see related details. Though mostly you do not need to care about that since the SDK com.prosysopc.ua.stack.transport.security.SecurityPolicy contains the relevant info (and it is mostly for SDKs e.g. bit lengths, algorithm names etc.).
Generally speaking the SecurityModes should be initialized like shown in the com.prosysopc.ua.samples.server.SampleConsoleServer.initialize(int, int, String), i.e. you will chose set of policies and messagesecurity modes and then do
server.getSecurityModes().addAll(SecurityMode.combinations(supportedMessageSecurityModes, supportedSecurityPolicies));
and the SDK will create valid combinations of them.
P.S.
Also as per the samples do note the comment
/*
* Per the 1.05 specification, only these policies should be supported and the older ones should
* be considered as deprecated. However, in practice this list only contains very new security
* policies, which most of the client applications as of today that are used might not be unable
* to (yet) use. Thus, you should build a way to select these in your application configuration.
*
* Note that the 1.05 list has the same contents as the 1.04 list.
*/
supportedSecurityPolicies.addAll(SecurityPolicy.ALL_SECURE_104);
supportedSecurityPolicies.addAll(SecurityPolicy.ALL_SECURE_105);
15:30, EET
March 16, 2017
Ahh, thank you, I see
so basically:
‘SecurityMode.AES128_SIGN_ENCRYPT’ is the same as ‘new SecurityMode(SecurityPolicy.AES128_SHA256_RSAOAEP, MessageSecurityMode.SignAndEncrypt)’
and
‘SecurityMode.AES256_SIGN_ENCRYPT’ is the same as ‘new SecurityMode(SecurityPolicy.AES256_SHA256_RSAPSS, MessageSecurityMode.SignAndEncrypt)’
correct?
Most Users Ever Online: 1919
Currently Online:
28 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 144
rocket science: 88
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 734
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1523
Posts: 6449
Newest Members:
christamcdowall, redaahern07571, nigelbdhmp, travistimmons, AnnelCib, dalenegettinger, howardkennerley, Thomassnism, biancacraft16, edgardo3518Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1026, Jimmy Ni: 26, Matti Siponen: 346, Lusetti: 0
Administrators: admin: 1