Internal version number: 5.82

Key changes:

• Elliptic Curve Cryptography (ECC)

Targeting

• .NET 6 is no longer supported (Microsoft end of support November 12, 2024). Use .NET 8 instead.
• The tools that come with OPC Studio (such as Connectivity Explorer and OpcCmd) are built for .NET 8.0 instead of .NET 6.0.
• Windows 11 version 24H2 (x64) added to the list of supported operating systems.

Component Improvements

OPC UA Client-Server

• The static UACertificateTypeIds class now contains new properties for certificate type Ids related to ECC.
• The new UACommunicationProfile class holds information about protocol name, OPC UA transport profile, message security mode, security policy, and data encoding. This object is then used at various places where this information is needed.
• New properties on the UAClientServerEngineParameters class allow to selectively turn on or off subsets of certificate types used by the application. The properties are: AllowEccSecurityPolicies, AllowObsoleteSecurityPolicies, AllowRsaSecurityPolicies.

OPC UA Client

• OPC UA security policies with Elliptic Curve Cryptography (ECC) can now be used for communication by the client. Supported new security policies are ECC_nistP256, ECC_nistP384, ECC_brainpoolP256r1 and ECC_brainpoolP384r1.
• Multiple client instance certificates are now auto-generated: One for each certificate type associated with supported security policies.
• A new Differentiator property has been added to the UAEndpointDescriptor class. It contains a string that you can use to make the endpoint descriptor look different from other endpoint descriptor(s) with otherwise the same properties, causing the client component to use and maintain separate connections for them.
• The EasyUAServerConditionChangedEventArgs class, which is used for operation monitoring, has an additional ConnectionProfile property, which contains the OPC UA communication profile used by the connection to the server.

OPC UA Server

• OPC UA security policies with Elliptic Curve Cryptography (ECC) can now be used for communication by the server. Supported new security policies are ECC_nistP256, ECC_nistP384, ECC_brainpoolP256r1 and ECC_brainpoolP384r1.
• Multiple server instance certificates are now auto-generated: One for each certificate type associated with supported security policies.
• The new SecureLdsRegistration property on the EasyUAServer class controls whether the server developed with OPC Wizard will use OPC UA security when registering with the LDS.
• The EasyUAClientSessionConnectionEventArgs class, which is used for operation monitoring, has an additional ConnectionProfile property, which contains the OPC UA communication profile actually used by the connection.

User Interface

• The Application Certificates tab in the Administer OPC UA Application dialog now has multiple sub-tabs, one for each certificate type, and one additional for operations that work on the whole application certificate pack.
• A hollow "X" icon on certificate tabs in the Administer OPC UA Application dialog now indicates a missing certificate.
• New column in the list of trusted certificates in the Administer OPC UA Application dialog: "Public Key Type".
• When the component asks the user for acceptance of a peer OPC UA certificate (on Console, or on Windows desktop), it now includes a type of the public key of the certificate, indicating either RSA and the size of the key in bits, or ECDSA and the name of the elliptic curve used.

OPC UA Administration and PKI

• Consistently allowed certificate type Id be specified with each certificate-related operation.
• Introduced a concept of certificate packs, which is a set of certificates with different certificate types, grouped together for a single purpose. This way, most certificate operations can be performed on multiple certificates in a certificate pack, without having to iterate over multiple certificates. Certificate operations (methods) that operate on a single certificate are distinguished from those that work on a certificate pack by a consistent naming convention. Methods that support both approaches use a certificate type Id parameter, which can be set to a null reference for a certificate pack.
• The type Ids of the certificates included in the application instance certificate pack can be obtained from the new IEasyUAClientServerApplication.PackCertificateTypeIds property. This information is derived from the effective OPC UA security policies of the application, depending on their declaration in the OPC UA Application Manifest.
• The new SecurityPolicyUriStrings property in the UAApplicationManifest class contains URI strings of the OPC UA security policies supported by the application. The default contents is fairly wide to assure the best OPC UA interoperability. The developer can, however, modify this collection in order to have the application support precisely the OPC UA security policies needed. When the UAApplicationManifestAttribute is used for the application manifest, the security policy URIs can be specified with the SecurityPolicyUriStringArray named argument.
• The static UACertificateTypeIds class contains properties that contain the standard certificate type Ids.

Component Refactorings

OPC UA Client

• In the UAEndpointSelectionPolicy class, the properties related to the OPC UA communication have been factored out to the CommunicationProfile property.

Tools and Online Services

OpcCmd Utility

OPC UA Client-Server

• Some sub-command names under the uaClientServerApplication command have changed to reflect the fact that the operation can work either with a single certificate or a certificate pack. A --certificateTypeId command option has been added to several commands to allow selecting the certificate type to work with.