.NET Based OPC UA Client/Server SDK
Implementing security

Common Notes

This documentation is not complete and will be updated later.


  • The ISecurityProvider is reponsible for
    • creating a CertificateFactory
    • creating certificate validators
    • creating certifcate stores
    • creating secure channels
    • creating the crypto provider
  • The SDK contains a default implementation of ISecurityProvider (DefaultSecurityProvider).
  • You can implement the whole interface or override single methods of the default implementation to implement own security functions.
  • By overriding ApplicationInstanceBase.CreateDefaultSecurityProvider you can set the custom SecurityProvider.

Create Certificate

  • There are two default certificate factories provided by the sdk:
    • WindowsCertificateFactory in UaBase.Windows using Opc.Ua.CertificateGenerator.exe
    • BouncyCastleCertificateFactory in UaBase.BouncyCastle using the external package BouncyCastle
  • To implement own certificate creation you need to
    • implement ICertificateFactory
    • implement ISecurityProvider.CreateCertificateFactory

Encryption and decryption

  • Encryption and decryption is done by the CryptoProvider returned by ISecurityProvider.CreateCryptoProvider
  • You can implement ICryptoProvider or override single methods of DefaultRsaCryptoProvider