2.2.2.3 Protector

The Protector structure is the cryptographically authenticated collection of different wrappings of the transport key, signed by the Guardian.

<xs:element name="Protector" type="Protector_T" />
   <xs:complexType name="Protector_T">
      <xs:annotation>
         <xs:documentation>A protector contains a list of wrappings of the transport  key.</xs:documentation>
      </xs:annotation>
      <xs:sequence>
         <xs:element name="Wrappings" type="WrappingCollection_T" />
         <xs:element name="TransportKeySignature" type="TransportKeySignature_T" />
         <xs:element name="GuardianSignature" type="GuardianSignature_T" />
      </xs:sequence>
      <xs:attribute name="MaxOfflineUnwraps" type="xs:unsignedInt" default="0" />
  </xs:complexType>

Wrappings: A list of wrappings of the transport key to be included in the new protector of the type defined in section 2.2.2.4.

TransportKeySignature: A UTF-8 converted signature computed by using a key derived from the actual transport key over the entire Wrappings element of the type defined in section 2.2.2.7.

GuardianSignature: A UTF-8 converted signature computed by using the signing certificate specified by WrappingId over the entire Wrappings element as defined in section 2.2.2.8.

MaxOfflineUnwraps: A 32-bit unsigned integer when set to a non-zero value indicates that offline unwrapping of the protector is allowed.<1>