Security Policies...

Questions regarding the use of the C++ SDK for Server or Client development or integration into customer products ...

Moderator: uasdkcpp

Post Reply
tommys
Hero Member
Hero Member
Posts: 29
Joined: 03 Oct 2023, 16:42

Security Policies...

Post by tommys »

Hi,

in our system it is possible to generate new self-signed rootCA and/or OPC UA AICs. This is in principle fine. But... Since it seems that Unified Automation SDK only supports SecurityPolicies based on RSA it is unfortunately a problem in practice. This particular system does not have a lot of CPU processing capabilities and the RSA key generation takes many minutes! In contrast, ECC key generation just takes a couple of seconds on the same hardware with the same level of cryptographical strength.

Therefore, do you plan to support a SecurityPolicy based on ECC in near future? Why don't you already support it, if I may ask?

Regards,
/Tommy

User avatar
Support Team
Hero Member
Hero Member
Posts: 3163
Joined: 18 Mar 2011, 15:09

Re: Security Policies...

Post by Support Team »

Hi,

the ECC is "optional" and if supported by very small embedded device, you will be (more or less) alone as of today. It will take many years to have support of ECC in the vast mayority of UA products on the market, our estimate is 10 to 15 years.

Yes we plan to support the ECC in the future, and yes the expensive RSA crypto operation takes CPU load. However, the RSA can be "outsourced" into a specialized crypto chip and secondly is only required in the very beginning, but not at runtime (OPC UA uses symetric AES, which is much faster, and less CPU consuming). If your device is so weak that it can not calculate the RSA, you will have many other restrictions when operating OPC UA technology features.

Our first SDK getting support for ECC will be the High Performance SDK, which is specially designed for "low ressource" embedded devices.
Best regards
Unified Automation Support Team

Post Reply