2.2.9.1.2.2.2 Encrypted Data
The second part of the message payload contains the SOAP encrypted message. It MUST have the following layout:
Tokens
Content-Type: Contains the media type of the encrypted message.
-
Content-Type = HT"Content-Type"":" 1#(contenttype)
HT: The horizontal tab character. It MUST precede the literal constant "Content-Type".
contenttype: Contains the encrypted message content type, and MUST be set to the following:
-
application/octet-stream
Length-Field: The Length-Field MUST follow immediately after the previous token. It MUST be a 32-bit unsigned integer that specifies the length of the per-message token, as specified in [RFC4121], portion of the Message field.
Message: The encrypted message. This is an octet stream of the encrypted SOAP message, which is encrypted and integrity-protected by using the framework as specified in [RFC4121].
-
The initial bytes of the Message MUST be the per-message token portion, whose length MUST be given in the Length-Field value. The remaining bytes MUST be the encrypted data, whose original length MUST be equal to the lengthvalue field as defined in section 2.2.9.1.2.2.1.
-
Note: No padding is added irrespective of the type of cipher used for encryption.