SymmetricSignatureAlgorithm - HMAC-SHA2-256 -> SymmetricEncryptionAlgorithm - AES128-CBC -> AsymmetricSignatureAlgorithm - RSA-PKCS15-SHA2-256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256. -> AsymmetricKeyWrapAlgorithm - P-SHA2-256 -> AsymmetricEncryptionAlgorithm - RSA-OAEP-SHA1 http://www.w3.org/2001/04/xmlenc#rsa-oaep ... -> DerivedSignatureKeyLength - 256 -> MinAsymmetricKeyLength - 2048 -> MaxAsymmetricKeyLength - 4096 -> CertificateSignatureAlgorithm - Sha256
SymmetricSignatureAlgorithm - HMAC-SHA2-256 -> SymmetricEncryptionAlgorithm - AES256-CBC -> AsymmetricSignatureAlgorithm - RSA-PSS-SHA2-256 -> AsymmetricKeyWrapAlgorithm - P-SHA2-256 -> AsymmetricEncryptionAlgorithm - RSA-OAEP-SHA2-256
-> DerivedSignatureKeyLength - 256 bits -> MinAsymmetricKeyLength - 2048 bits -> MaxAsymmetricKeyLength - 4096 bits -> CertificateSignatureAlgorithm - RSA-PKCS15-SHA2-256 -> SecureChannelNonceLength - 32 bytes
A suite of algorithms that uses RSA15 as Key-Wrap-algorithm and 128-Bit for encryption algorithms. -> SymmetricSignatureAlgorithm - HmacSha1 -(http://www.w3.org/2000/09/xmldsig#hmac-sha1). -> SymmetricEncryptionAlgorithm - Aes128 -(http://www.w3.org/2001/04/xmlenc#aes128-cbc). -> AsymmetricSignatureAlgorithm - RsaSha1 -(http://www.w3.org/2000/09/xmldsig#rsa-sha1). -> AsymmetricKeyWrapAlgorithm - KwRsa15 -(http://www.w3.org/2001/04/xmlenc#rsa-1_5). -> AsymmetricEncryptionAlgorithm - Rsa15 -(http://www.w3.org/2001/04/xmlenc#rsa-1_5). -> KeyDerivationAlgorithm - PSha1 -(http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1). -> DerivedSignatureKeyLength - 128 -> MinAsymmetricKeyLength - 1024 -> MaxAsymmetricKeyLength - 2048 -> CertificateSignatureAlgorithm - Sha1
A suite of algorithms that are for 256-Bit encryption, algorithms include. -> SymmetricSignatureAlgorithm - Hmac_Sha256 -(http://www.w3.org/2000/09/xmldsig#hmac-sha256). -> SymmetricEncryptionAlgorithm - Aes256_CBC -(http://www.w3.org/2001/04/xmlenc#aes256-cbc). -> AsymmetricSignatureAlgorithm - Rsa_Sha256 -(http://www.w3.org/2001/04/xmldsig-more#rsa-sha256). -> AsymmetricKeyWrapAlgorithm - KwRsaOaep -(http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p). -> AsymmetricEncryptionAlgorithm - Rsa_Oaep -(http://www.w3.org/2001/04/xmlenc#rsa-oaep). -> KeyDerivationAlgorithm - PSHA256 -(http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha256). -> DerivedSignatureKeyLength - 256 -> MinAsymmetricKeyLength - 2048 -> MaxAsymmetricKeyLength - 4096 -> CertificateSignatureAlgorithm - Sha256
Support for this security profile may require support for a second application instance certificate, with a larger key size. Applications shall support multiple Application Instance Certificates if required by supported Security Polices and use the certificate that is required for a given security endpoint.
OPCUA Spec Release 1.02 page 15 OPC Unified Architecture, Part 7