Skip to main content

Order of Security Header Elements

Order of Security Header Elements

In general, you should add security elements to the security header in the order in which you perform the processing. The message recipient should be able to process the message from beginning to end without having any forward references.

The following table lists the resulting order of security header elements when you use asymmetric keys (these scenarios use asymmetric key bindings):

Signing and then encrypting Encrypting and then signing
  1. Other header elements

  2. <EncryptedKey>

  3. <Signature>

  1. Other header elements

  2. <EncryptedKey>

  3. <Signature>

  4. <ReferenceList>

The following table lists the resulting order of security header elements when you use symmetric keys (these scenarios use symmetric key bindings):

Signing and then encrypting Encrypting and then signing
  1. Other header elements

  2. <EncryptedKey>

  3. <DerivedKeyToken>

  4. <DerivedKeyToken>

  5. <ReferenceList>

  6. <Signature>

  1. Other header elements

  2. <EncryptedKey>

  3. <DerivedKeyToken>

  4. <DerivedKeyToken>

  5. <Signature>

  6. <ReferenceList>

FeedbackOpens in a new tab