2.2.9.1.2.2.2 Encrypted Data

The second part of the message payload contains the SOAP encrypted message. It MUST have the following layout:

Tokens

Content-Type: Contains the media type of the encrypted message.

 Content-Type = HT"Content-Type"":" 1#(contenttype)

HT: The horizontal tab character. It MUST precede the literal constant "Content-Type".

contenttype: Contains the encrypted message content type, and MUST be set to the following:

 application/octet-stream

Length-Field: The Length-Field MUST follow immediately after the previous token. It MUST be a 32-bit unsigned integer that specifies the length of the per-message token, as specified in [RFC4121], portion of the Message field.

Message: The encrypted message. This is an octet stream of the encrypted SOAP message, which is encrypted and integrity-protected by using the framework as specified in [RFC4121].

The initial bytes of the Message MUST be the per-message token portion, whose length MUST be given in the Length-Field value. The remaining bytes MUST be the encrypted data, whose original length MUST be equal to the lengthvalue field as defined in section 2.2.9.1.2.2.1.

Note: No padding is added irrespective of the type of cipher used for encryption.