From 688e2b892ca54accc4da19b80599ebcbf4f1539f Mon Sep 17 00:00:00 2001
From: mrsuciu <Mircea-Adrian.Suciu@Softing.com>
Date: Wed, 19 Nov 2025 16:23:30 +0200
Subject: [PATCH 01/15] merged security changes

---
 .../Security/Certificates/EccUtils.cs         | 977 +++++++-----------
 .../Security/Certificates/EncryptedSecret.cs  | 784 ++++++++++++++
 .../Security/Constants/SecurityPolicies.cs    |  57 +
 .../Security/Constants/SecurityPolicyInfo.cs  | 706 +++++++++++++
 Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs   |  53 +-
 .../Stack/Tcp/UaSCBinaryChannel.Symmetric.cs  | 495 +++------
 6 files changed, 2029 insertions(+), 1043 deletions(-)
 create mode 100644 Stack/Opc.Ua.Core/Security/Certificates/EncryptedSecret.cs
 create mode 100644 Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs

diff --git a/Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs b/Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs
index 29dc0e7d55..93d7b07e29 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs
@@ -66,18 +66,7 @@ public static bool IsEccPolicy(string securityPolicyUri)
         {
             if (securityPolicyUri != null)
             {
-                switch (securityPolicyUri)
-                {
-                    case SecurityPolicies.ECC_nistP256:
-                    case SecurityPolicies.ECC_nistP384:
-                    case SecurityPolicies.ECC_brainpoolP256r1:
-                    case SecurityPolicies.ECC_brainpoolP384r1:
-                    case SecurityPolicies.ECC_curve25519:
-                    case SecurityPolicies.ECC_curve448:
-                        return true;
-                    default:
-                        return false;
-                }
+                return securityPolicyUri.Contains("#ECC_", StringComparison.Ordinal);
             }
 
             return false;
@@ -497,767 +486,505 @@ public static bool Verify(
                 signature,
                 algorithm);
         }
-    }
 
-    /// <summary>
-    /// Utility class for encrypting and decrypting secrets using Elliptic Curve Cryptography (ECC).
-    /// </summary>
-    public class EncryptedSecret
-    {
         /// <summary>
-        /// Create secret
+        /// Adds padding to a buffer. Input: buffer with unencrypted data starting at 0; plaintext data starting at offset; no padding.
         /// </summary>
-        public EncryptedSecret(
-            IServiceMessageContext context,
-            string securityPolicyUri,
-            X509Certificate2Collection senderIssuerCertificates,
-            X509Certificate2 receiverCertificate,
-            Nonce receiverNonce,
-            X509Certificate2 senderCertificate,
-            Nonce senderNonce,
-            CertificateValidator validator = null,
-            bool doNotEncodeSenderCertificate = false)
+        /// <param name="data">buffer with unencrypted data starting at 0; plaintext data starting at offset; no padding.</param>
+        /// <param name="blockSize"></param>
+        /// <returns>Output: buffer with unencrypted data starting at 0; plaintext data starting at offset; padding added.</returns>
+        private static ArraySegment<byte> AddPadding(ArraySegment<byte> data, int blockSize)
         {
-            SenderCertificate = senderCertificate;
-            SenderIssuerCertificates = senderIssuerCertificates;
-            DoNotEncodeSenderCertificate = doNotEncodeSenderCertificate;
-            SenderNonce = senderNonce;
-            ReceiverNonce = receiverNonce;
-            ReceiverCertificate = receiverCertificate;
-            Validator = validator;
-            SecurityPolicyUri = securityPolicyUri;
-            Context = context;
-        }
-
-        /// <summary>
-        /// Gets or sets the X.509 certificate of the sender.
-        /// </summary>
-        public X509Certificate2 SenderCertificate { get; private set; }
-
-        /// <summary>
-        /// Gets or sets the collection of X.509 certificates of the sender's issuer.
-        /// </summary>
-        public X509Certificate2Collection SenderIssuerCertificates { get; private set; }
-
-        /// <summary>
-        /// Gets or sets a value indicating whether the sender's certificate should not be encoded.
-        /// </summary>
-        public bool DoNotEncodeSenderCertificate { get; }
+            int paddingByteSize = blockSize > byte.MaxValue ? 2 : 1;
+            int paddingSize = blockSize - ((data.Count + paddingByteSize) % blockSize);
+            paddingSize %= blockSize;
 
-        /// <summary>
-        /// Gets or sets the nonce of the sender.
-        /// </summary>
-        public Nonce SenderNonce { get; private set; }
-
-        /// <summary>
-        /// Gets or sets the nonce of the receiver.
-        /// </summary>
-        public Nonce ReceiverNonce { get; }
-
-        /// <summary>
-        /// Gets or sets the X.509 certificate of the receiver.
-        /// </summary>
-        public X509Certificate2 ReceiverCertificate { get; }
-
-        /// <summary>
-        /// Gets or sets the certificate validator.
-        /// </summary>
-        public CertificateValidator Validator { get; }
-
-        /// <summary>
-        /// Gets or sets the security policy URI.
-        /// </summary>
-        public string SecurityPolicyUri { get; private set; }
-
-        /// <summary>
-        /// Service message context to use
-        /// </summary>
-        public IServiceMessageContext Context { get; }
+            int endOfData = data.Offset + data.Count;
+            int endOfPaddedData = data.Offset + data.Count + paddingSize + paddingByteSize;
 
-        /// <summary>
-        /// Encrypts a secret using the specified nonce, encrypting key, and initialization vector (IV).
-        /// </summary>
-        /// <param name="secret">The secret to encrypt.</param>
-        /// <param name="nonce">The nonce to use for encryption.</param>
-        /// <param name="encryptingKey">The key to use for encryption.</param>
-        /// <param name="iv">The initialization vector to use for encryption.</param>
-        /// <returns>The encrypted secret.</returns>
-        /// <exception cref="ServiceResultException"></exception>
-        private byte[] EncryptSecret(
-            byte[] secret,
-            byte[] nonce,
-            byte[] encryptingKey,
-            byte[] iv)
-        {
-#if CURVE25519
-            bool useAuthenticatedEncryption = false;
-            if (SenderCertificate.BcCertificate.GetPublicKey() is Ed25519PublicKeyParameters
-                || SenderCertificate.BcCertificate.GetPublicKey() is Ed448PublicKeyParameters)
+            for (int ii = endOfData; ii < endOfPaddedData - paddingByteSize && ii < data.Array.Length; ii++)
             {
-                useAuthenticatedEncryption = true;
+                data.Array[ii] = (byte)(paddingSize & 0xFF);
             }
-#endif
-            byte[] dataToEncrypt = null;
 
-            using (var encoder = new BinaryEncoder(Context))
-            {
-                encoder.WriteByteString(null, nonce);
-                encoder.WriteByteString(null, secret);
-
-                // add padding.
-                int paddingSize = iv.Length - ((encoder.Position + 2) % iv.Length);
-                paddingSize %= iv.Length;
-
-                if (secret.Length + paddingSize < iv.Length)
-                {
-                    paddingSize += iv.Length;
-                }
-
-                for (int ii = 0; ii < paddingSize; ii++)
-                {
-                    encoder.WriteByte(null, (byte)(paddingSize & 0xFF));
-                }
+            data.Array[endOfData + paddingSize] = (byte)(paddingSize & 0xFF);
 
-                encoder.WriteUInt16(null, (ushort)paddingSize);
-
-                dataToEncrypt = encoder.CloseAndReturnBuffer();
-            }
-#if CURVE25519
-            if (useAuthenticatedEncryption)
-            {
-                return EncryptWithChaCha20Poly1305(encryptingKey, iv, dataToEncrypt);
-            }
-#endif
-            using (var aes = Aes.Create())
+            if (blockSize > byte.MaxValue)
             {
-                aes.Mode = CipherMode.CBC;
-                aes.Padding = PaddingMode.None;
-                aes.Key = encryptingKey;
-                aes.IV = iv;
-
-#pragma warning disable CA5401 // Symmetric encryption uses non-default initialization vector, which could be potentially repeatable
-                using ICryptoTransform encryptor = aes.CreateEncryptor();
-#pragma warning restore CA5401 // Symmetric encryption uses non-default initialization vector, which could be potentially repeatable
-                if (dataToEncrypt.Length % encryptor.InputBlockSize != 0)
-                {
-                    throw ServiceResultException.Create(
-                        StatusCodes.BadSecurityChecksFailed,
-                        "Input data is not an even number of encryption blocks.");
-                }
-
-                encryptor.TransformBlock(dataToEncrypt, 0, dataToEncrypt.Length, dataToEncrypt, 0);
+                data.Array[endOfData + paddingSize + 1] = (byte)((paddingSize & 0xFF) >> 8);
             }
 
-            return dataToEncrypt;
+            return new ArraySegment<byte>(data.Array, data.Offset, data.Count + paddingSize + paddingByteSize);
         }
 
-#if CURVE25519
         /// <summary>
-        /// Encrypts the given data using the ChaCha20Poly1305 algorithm with the provided key and initialization vector (IV).
+        /// Removes padding from a buffer. Input: buffer with unencrypted data starting at 0; plaintext including padding starting at offset; signature removed.
         /// </summary>
-        /// <param name="encryptingKey">The key used for encryption.</param>
-        /// <param name="iv">The initialization vector used for encryption.</param>
-        /// <param name="dataToEncrypt">The data to be encrypted.</param>
-        /// <returns>The encrypted data.</returns>
-        private static byte[] EncryptWithChaCha20Poly1305(byte[] encryptingKey, byte[] iv, byte[] dataToEncrypt)
+        /// <param name="data">Input: buffer with unencrypted data starting at 0; plaintext including padding starting at offset; signature removed.</param>
+        /// <param name="blockSize"></param>
+        /// <returns>Output: buffer with unencrypted data starting at 0; plaintext starting at offset; padding excluded.</returns>
+        /// <exception cref="CryptographicException"></exception>
+        private static ArraySegment<byte> RemovePadding(ArraySegment<byte> data, int blockSize)
         {
-            Utils.Trace($"EncryptKey={Utils.ToHexString(encryptingKey)}");
-            Utils.Trace($"EncryptIV={Utils.ToHexString(iv)}");
+            int paddingSize = data.Array[data.Offset + data.Count - 1];
+            int paddingByteSize = 1;
 
-            int signatureLength = 16;
+            if (blockSize > byte.MaxValue)
+            {
+                paddingSize <<= 8;
+                paddingSize += data.Array[data.Offset + data.Count - 2];
+                paddingByteSize = 2;
+            }
 
-            AeadParameters parameters = new AeadParameters(
-                new KeyParameter(encryptingKey),
-                signatureLength * 8,
-                iv,
-                null);
+            int notvalid = paddingSize < data.Count ? 0 : 1;
+            int start = data.Offset + data.Count - paddingSize - paddingByteSize;
 
-            ChaCha20Poly1305 encryptor = new ChaCha20Poly1305();
-            encryptor.Init(true, parameters);
+            for (int ii = data.Offset; ii < data.Count - paddingByteSize && ii < paddingSize; ii++)
+            {
+                if (start < 0 || start + ii >= data.Count)
+                {
+                    notvalid |= 1;
+                    continue;
+                }
 
-            byte[] ciphertext = new byte[encryptor.GetOutputSize(dataToEncrypt.Length)];
-            int length = encryptor.ProcessBytes(dataToEncrypt, 0, dataToEncrypt.Length, ciphertext, 0);
-            length += encryptor.DoFinal(ciphertext, length);
+                notvalid |= data.Array[start + ii] ^ (paddingSize & 0xFF);
+            }
 
-            if (ciphertext.Length != length)
+            if (notvalid != 0)
             {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    $"CipherText not the expected size. [{ciphertext.Length} != {length}]");
+                throw new CryptographicException("Invalid padding.");
             }
 
-            return ciphertext;
+            return new ArraySegment<byte>(data.Array, 0, data.Offset + data.Count - paddingSize - paddingByteSize);
         }
 
         /// <summary>
-        /// Decrypts the given data using the ChaCha20Poly1305 algorithm with the provided key and initialization vector (IV).
+        /// Encrypts the buffer using the algorithm specified by the security policy.
         /// </summary>
-        /// <param name="encryptingKey">The key used for encryption.</param>
-        /// <param name="iv">The initialization vector used for encryption.</param>
-        /// <param name="dataToDecrypt">The data to be decrypted.</param>
-        /// <param name="offset">The offset in the data to start decrypting from.</param>
-        /// <param name="count">The number of bytes to decrypt.</param>
-        /// <returns>An <see cref="ArraySegment{T}"/> containing the decrypted data.</returns>
-        /// <exception cref="ServiceResultException">Thrown if the plaintext is not the expected size or too short, or if the nonce is invalid.</exception>
-        private ArraySegment<byte> DecryptWithChaCha20Poly1305(
+        /// <param name="data">The data to encrypt.</param>
+        /// <param name="securityPolicy">The security policy to use.</param>
+        /// <param name="encryptingKey">The key to use for encryption.</param>
+        /// <param name="iv">The initialization vector to use for encryption.</param>
+        /// <param name="signingKey">The key to use for signing.</param>
+        /// <param name="signOnly">If TRUE, the data is not encrypted.</param>
+        /// <returns>The encrypted buffer.</returns>
+        /// <exception cref="NotSupportedException"></exception>
+        public static ArraySegment<byte> SymmetricEncryptAndSign(
+            ArraySegment<byte> data,
+            SecurityPolicyInfo securityPolicy,
             byte[] encryptingKey,
             byte[] iv,
-            byte[] dataToDecrypt,
-            int offset,
-            int count)
+            byte[] signingKey = null,
+            bool signOnly = false)
         {
-            Utils.Trace($"EncryptKey={Utils.ToHexString(encryptingKey)}");
-            Utils.Trace($"EncryptIV={Utils.ToHexString(iv)}");
-
-            int signatureLength = 16;
-
-            AeadParameters parameters = new AeadParameters(
-                new KeyParameter(encryptingKey),
-                signatureLength * 8,
-                iv,
-                null);
+            SymmetricEncryptionAlgorithm algorithm = securityPolicy.SymmetricEncryptionAlgorithm;
 
-            ChaCha20Poly1305 decryptor = new ChaCha20Poly1305();
-            decryptor.Init(false, parameters);
-
-            byte[] plaintext = new byte[decryptor.GetOutputSize(count)];
-            int length = decryptor.ProcessBytes(dataToDecrypt, offset, count, plaintext, 0);
-            length += decryptor.DoFinal(plaintext, length);
-
-            if (plaintext.Length != length || plaintext.Length < iv.Length)
+            if (algorithm == SymmetricEncryptionAlgorithm.None)
             {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    $"PlainText not the expected size or too short. [{count} != {length}]");
+                return data;
             }
 
-            ushort paddingSize = plaintext[length - 1];
-            paddingSize <<= 8;
-            paddingSize += plaintext[length - 2];
-
-            int notvalid = (paddingSize < length) ? 0 : 1;
-            int start = length - paddingSize - 2;
-
-            for (int ii = 0; ii < length - 2 && ii < paddingSize; ii++)
+            if (algorithm is SymmetricEncryptionAlgorithm.Aes128Gcm or SymmetricEncryptionAlgorithm.Aes256Gcm)
             {
-                if (start < 0 || start + ii >= plaintext.Length)
-                {
-                    notvalid |= 1;
-                    continue;
-                }
-
-                notvalid |= plaintext[start + ii] ^ (paddingSize & 0xFF);
+#if NET8_0_OR_GREATER
+                return EncryptWithAesGcm(encryptingKey, iv, signOnly, data);
+#else
+                throw new NotSupportedException("AES-GCM requires .NET 8 or greater.");
+#endif
             }
 
-            if (notvalid != 0)
+            if (algorithm == SymmetricEncryptionAlgorithm.ChaCha20Poly1305)
             {
-                throw new ServiceResultException(StatusCodes.BadNonceInvalid);
-            }
-
-            return new ArraySegment<byte>(plaintext, 0, start);
-        }
+#if NET8_0_OR_GREATER
+                return EncryptWithChaCha20Poly1305(
+                    data,
+                    encryptingKey,
+                    iv,
+                    signOnly,
+                    true);
+#else
+                throw new NotSupportedException("ChaCha20Poly1305 requires .NET 8 or greater.");
 #endif
+            }
 
-        /// <summary>
-        /// Decrypts the specified data using the provided encrypting key and initialization vector (IV).
-        /// </summary>
-        /// <param name="dataToDecrypt">The data to decrypt.</param>
-        /// <param name="offset">The offset in the data to start decrypting from.</param>
-        /// <param name="count">The number of bytes to decrypt.</param>
-        /// <param name="encryptingKey">The key to use for decryption.</param>
-        /// <param name="iv">The initialization vector to use for decryption.</param>
-        /// <returns>The decrypted data.</returns>
-        /// <exception cref="ServiceResultException">Thrown if the input data is not an even number of encryption blocks or if the nonce is invalid.</exception>
-        private static ArraySegment<byte> DecryptSecret(
-            byte[] dataToDecrypt,
-            int offset,
-            int count,
-            byte[] encryptingKey,
-            byte[] iv)
-        {
-#if CURVE25519
-            bool useAuthenticatedEncryption = false;
-            if (SenderCertificate.BcCertificate.GetPublicKey() is Ed25519PublicKeyParameters
-                || SenderCertificate.BcCertificate.GetPublicKey() is Ed448PublicKeyParameters)
+            if (!signOnly)
             {
-                useAuthenticatedEncryption = true;
+                data = AddPadding(data, iv.Length);
             }
-            if (useAuthenticatedEncryption)
+
+            if (signingKey != null)
             {
-                return DecryptWithChaCha20Poly1305(encryptingKey, iv, dataToDecrypt, offset, count);
+                using HMAC hmac = securityPolicy.CreateSignatureHmac(signingKey);
+                byte[] hash = hmac.ComputeHash(data.Array, 0, data.Offset + data.Count);
+
+                Buffer.BlockCopy(
+                    hash,
+                    0,
+                    data.Array,
+                    data.Offset + data.Count,
+                    hash.Length);
+
+                data = new ArraySegment<byte>(
+                    data.Array,
+                    data.Offset,
+                    data.Count + hash.Length);
             }
-#endif
-            using (var aes = Aes.Create())
+
+            if (!signOnly)
             {
+                using var aes = Aes.Create();
+
                 aes.Mode = CipherMode.CBC;
                 aes.Padding = PaddingMode.None;
                 aes.Key = encryptingKey;
                 aes.IV = iv;
 
-                using ICryptoTransform decryptor = aes.CreateDecryptor();
-                if (count % decryptor.InputBlockSize != 0)
-                {
-                    throw ServiceResultException.Create(
-                        StatusCodes.BadSecurityChecksFailed,
-                        "Input data is not an even number of encryption blocks.");
-                }
+                using ICryptoTransform encryptor = aes.CreateEncryptor();
 
-                decryptor.TransformBlock(dataToDecrypt, offset, count, dataToDecrypt, offset);
+                encryptor.TransformBlock(
+                    data.Array,
+                    data.Offset,
+                    data.Count,
+                    data.Array,
+                    data.Offset);
             }
 
-            ushort paddingSize = dataToDecrypt[offset + count - 1];
-            paddingSize <<= 8;
-            paddingSize += dataToDecrypt[offset + count - 2];
+            return new ArraySegment<byte>(data.Array, 0, data.Offset + data.Count);
+        }
 
-            int notvalid = paddingSize < count ? 0 : 1;
-            int start = offset + count - paddingSize - 2;
+#if NET8_0_OR_GREATER
+        private const int kChaChaPolyIvLength = 12;
+        private const int kChaChaPolyTagLength = 16;
 
-            for (int ii = 0; ii < count - 2 && ii < paddingSize; ii++)
+        private static ArraySegment<byte> EncryptWithChaCha20Poly1305(
+            ArraySegment<byte> data,
+            byte[] encryptingKey,
+            byte[] iv,
+            bool signOnly,
+            bool noPadding)
+        {
+            if (encryptingKey == null || encryptingKey.Length != 32)
             {
-                if (start < 0 || start + ii >= dataToDecrypt.Length)
-                {
-                    notvalid |= 1;
-                    continue;
-                }
+                throw new ArgumentException("ChaCha20-Poly1305 requires a 256-bit (32-byte) key.", nameof(encryptingKey));
+            }
 
-                notvalid |= dataToDecrypt[start + ii] ^ (paddingSize & 0xFF);
+            if (iv == null || iv.Length != kChaChaPolyIvLength)
+            {
+                throw new ArgumentException("ChaCha20-Poly1305 requires a 96-bit (12-byte) nonce.", nameof(iv));
             }
 
-            if (notvalid != 0)
+            if (!noPadding && !signOnly)
             {
-                throw new ServiceResultException(StatusCodes.BadNonceInvalid);
+                data = AddPadding(data, iv.Length);
             }
 
-            return new ArraySegment<byte>(dataToDecrypt, offset, count - paddingSize);
-        }
+            byte[] ciphertext = new byte[signOnly ? 0 : data.Count];
+            byte[] tag = new byte[kChaChaPolyTagLength]; // ChaCha20-Poly1305/AES-GCM uses 128-bit authentication tag
 
-        private static readonly byte[] s_label = System.Text.Encoding.UTF8.GetBytes("opcua-secret");
+            var extraData = new ReadOnlySpan<byte>(
+                data.Array,
+                0,
+                signOnly ? data.Offset + data.Count : data.Offset);
 
-        /// <summary>
-        /// Creates the encrypting key and initialization vector (IV) for Elliptic Curve Cryptography (ECC) encryption or decryption.
-        /// </summary>
-        /// <param name="securityPolicyUri">The security policy URI.</param>
-        /// <param name="senderNonce">The sender nonce.</param>
-        /// <param name="receiverNonce">The receiver nonce.</param>
-        /// <param name="forDecryption">if set to <c>true</c>, creates the keys for decryption; otherwise, creates the keys for encryption.</param>
-        /// <param name="encryptingKey">The encrypting key.</param>
-        /// <param name="iv">The initialization vector (IV).</param>
-        private static void CreateKeysForEcc(
-            string securityPolicyUri,
-            Nonce senderNonce,
-            Nonce receiverNonce,
-            bool forDecryption,
-            out byte[] encryptingKey,
-            out byte[] iv)
-        {
-            int encryptingKeySize;
-            int blockSize;
-            HashAlgorithmName algorithmName;
+            using var chacha = new ChaCha20Poly1305(encryptingKey);
 
-            switch (securityPolicyUri)
+            chacha.Encrypt(
+                iv,
+                signOnly ? Array.Empty<byte>() : data,
+                ciphertext,
+                tag,
+                extraData);
+
+            // Return layout: [associated data | ciphertext | tag]
+            if (!signOnly)
             {
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                    blockSize = 16;
-                    encryptingKeySize = 16;
-                    algorithmName = HashAlgorithmName.SHA256;
-                    break;
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    encryptingKeySize = 32;
-                    blockSize = 16;
-                    algorithmName = HashAlgorithmName.SHA384;
-                    break;
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                    encryptingKeySize = 32;
-                    blockSize = 12;
-                    algorithmName = HashAlgorithmName.SHA256;
-                    break;
-                default:
-                    encryptingKeySize = 32;
-                    blockSize = 16;
-                    algorithmName = HashAlgorithmName.SHA256;
-                    break;
+                Buffer.BlockCopy(ciphertext, 0, data.Array, data.Offset, ciphertext.Length);
             }
 
-            encryptingKey = new byte[encryptingKeySize];
-            iv = new byte[blockSize];
+            Buffer.BlockCopy(tag, 0, data.Array, data.Offset + data.Count, tag.Length);
 
-            byte[] keyLength = BitConverter.GetBytes((ushort)(encryptingKeySize + blockSize));
-            byte[] salt = Utils.Append(keyLength, s_label, senderNonce.Data, receiverNonce.Data);
+            return new ArraySegment<byte>(
+                data.Array,
+                0,
+                data.Offset + data.Count + kChaChaPolyTagLength);
+        }
+#endif
 
-            byte[] keyData;
-            if (forDecryption)
+#if NET8_0_OR_GREATER
+        private static ArraySegment<byte> DecryptWithChaCha20Poly1305(
+           ArraySegment<byte> data,
+           byte[] encryptingKey,
+           byte[] iv,
+           bool signOnly,
+           bool noPadding)
+        {
+            if (encryptingKey == null || encryptingKey.Length != 32)
             {
-                keyData = receiverNonce.DeriveKey(
-                    senderNonce,
-                    salt,
-                    algorithmName,
-                    encryptingKeySize + blockSize);
+                throw new ArgumentException("ChaCha20-Poly1305 requires a 256-bit (32-byte) key.", nameof(encryptingKey));
             }
-            else
+
+            if (iv == null || iv.Length != kChaChaPolyIvLength)
             {
-                keyData = senderNonce.DeriveKey(
-                    receiverNonce,
-                    salt,
-                    algorithmName,
-                    encryptingKeySize + blockSize);
+                throw new ArgumentException("ChaCha20-Poly1305 requires a 96-bit (12-byte) nonce.", nameof(iv));
             }
 
-            Buffer.BlockCopy(keyData, 0, encryptingKey, 0, encryptingKey.Length);
-            Buffer.BlockCopy(keyData, encryptingKeySize, iv, 0, iv.Length);
-        }
-
-        /// <summary>
-        /// Encrypts a secret using the specified nonce.
-        /// </summary>
-        /// <param name="secret">The secret to encrypt.</param>
-        /// <param name="nonce">The nonce to use for encryption.</param>
-        /// <returns>The encrypted secret.</returns>
-        public byte[] Encrypt(byte[] secret, byte[] nonce)
-        {
-            byte[] encryptingKey = null;
-            byte[] iv = null;
-            byte[] message = null;
-            int lengthPosition = 0;
-
-            int signatureLength = EccUtils.GetSignatureLength(SenderCertificate);
-
-            using (var encoder = new BinaryEncoder(Context))
+            if (data.Count < kChaChaPolyTagLength) // Must at least contain tag
             {
-                // write header.
-                encoder.WriteNodeId(null, DataTypeIds.EccEncryptedSecret);
-                encoder.WriteByte(null, (byte)ExtensionObjectEncoding.Binary);
-
-                lengthPosition = encoder.Position;
-                encoder.WriteUInt32(null, 0);
-
-                encoder.WriteString(null, SecurityPolicyUri);
-
-                byte[] senderCertificate = null;
+                throw new ArgumentException("Ciphertext too short.", nameof(data));
+            }
 
-                if (!DoNotEncodeSenderCertificate)
-                {
-                    senderCertificate = SenderCertificate.RawData;
+            byte[] plaintext = new byte[data.Count - kChaChaPolyTagLength];
 
-                    if (SenderIssuerCertificates != null && SenderIssuerCertificates.Count > 0)
-                    {
-                        int blobSize = senderCertificate.Length;
+            var encryptedData = new ArraySegment<byte>(
+                data.Array,
+                data.Offset,
+                signOnly ? 0 : data.Count - kChaChaPolyTagLength);
 
-                        foreach (X509Certificate2 issuer in SenderIssuerCertificates)
-                        {
-                            blobSize += issuer.RawData.Length;
-                        }
+            var tag = new ArraySegment<byte>(
+                data.Array,
+                data.Offset + data.Count - kChaChaPolyTagLength,
+                kChaChaPolyTagLength);
 
-                        byte[] blob = new byte[blobSize];
-                        Buffer.BlockCopy(senderCertificate, 0, blob, 0, senderCertificate.Length);
+            var extraData = new ReadOnlySpan<byte>(
+                data.Array,
+                0,
+                signOnly ? data.Offset + data.Count - kChaChaPolyTagLength : data.Offset);
 
-                        int pos = senderCertificate.Length;
+            using var chacha = new ChaCha20Poly1305(encryptingKey);
 
-                        foreach (X509Certificate2 issuer in SenderIssuerCertificates)
-                        {
-                            byte[] data = issuer.RawData;
-                            Buffer.BlockCopy(data, 0, blob, pos, data.Length);
-                            pos += data.Length;
-                        }
+            chacha.Decrypt(
+                iv,
+                encryptedData,
+                tag,
+                signOnly ? [] : plaintext,
+                extraData);
 
-                        senderCertificate = blob;
-                    }
-                }
+            // Return layout: [associated data | plaintext]
+            if (!signOnly)
+            {
+                Buffer.BlockCopy(plaintext, 0, data.Array, data.Offset, encryptedData.Count);
+            }
 
-                encoder.WriteByteString(null, senderCertificate);
-                encoder.WriteDateTime(null, DateTime.UtcNow);
+            if (!noPadding && !signOnly)
+            {
+                return RemovePadding(new ArraySegment<byte>(data.Array, data.Offset, data.Count - kChaChaPolyTagLength), iv.Length);
+            }
 
-                byte[] senderNonce = SenderNonce.Data;
-                byte[] receiverNonce = ReceiverNonce.Data;
+            return new ArraySegment<byte>(data.Array, 0, data.Offset + data.Count - kChaChaPolyTagLength);
+        }
+#endif
 
-                encoder.WriteUInt16(null, (ushort)(senderNonce.Length + receiverNonce.Length + 8));
-                encoder.WriteByteString(null, senderNonce);
-                encoder.WriteByteString(null, receiverNonce);
+#if NET8_0_OR_GREATER
+        private const int kAesGcmIvLength = 12;
+        private const int kAesGcmTagLength = 16;
 
-                // create keys.
-                if (EccUtils.IsEccPolicy(SecurityPolicyUri))
-                {
-                    CreateKeysForEcc(
-                        SecurityPolicyUri,
-                        SenderNonce,
-                        ReceiverNonce,
-                        false,
-                        out encryptingKey,
-                        out iv);
-                }
+        private static ArraySegment<byte> EncryptWithAesGcm(
+            byte[] encryptingKey,
+            byte[] iv,
+            bool signOnly,
+            ArraySegment<byte> data)
+        {
+            if (encryptingKey == null)
+            {
+                throw new ArgumentNullException(nameof(encryptingKey));
+            }
 
-                // encrypt  secret,
-                byte[] encryptedData = EncryptSecret(secret, nonce, encryptingKey, iv);
+            if (iv == null || iv.Length != kAesGcmIvLength)
+            {
+                throw new ArgumentException("AES-GCM requires a 96-bit (12-byte) IV/nonce.", nameof(iv));
+            }
 
-                // append encrypted secret.
-                for (int ii = 0; ii < encryptedData.Length; ii++)
-                {
-                    encoder.WriteByte(null, encryptedData[ii]);
-                }
+            if (!signOnly)
+            {
+                data = AddPadding(data, iv.Length);
+            }
 
-                // save space for signature.
-                for (int ii = 0; ii < signatureLength; ii++)
-                {
-                    encoder.WriteByte(null, 0);
-                }
+            byte[] ciphertext = new byte[signOnly ? 0 : data.Count];
+            byte[] tag = new byte[kAesGcmTagLength]; // AES-GCM uses 128-bit authentication tag
 
-                message = encoder.CloseAndReturnBuffer();
-            }
+            var extraData = new ReadOnlySpan<byte>(
+                data.Array,
+                0,
+                signOnly ? data.Offset + data.Count : data.Offset);
 
-            int length = message.Length - lengthPosition - 4;
+            using var aesGcm = new AesGcm(encryptingKey, kAesGcmTagLength);
 
-            message[lengthPosition++] = (byte)(length & 0xFF);
-            message[lengthPosition++] = (byte)((length & 0xFF00) >> 8);
-            message[lengthPosition++] = (byte)((length & 0xFF0000) >> 16);
-            message[lengthPosition++] = (byte)((length & 0xFF000000) >> 24);
+            aesGcm.Encrypt(
+                iv,
+                signOnly ? Array.Empty<byte>() : data,
+                ciphertext,
+                tag,
+                extraData);
 
-            // get the algorithm used for the signature.
-            HashAlgorithmName signatureAlgorithm;
-            switch (SecurityPolicyUri)
+            // Return layout: [associated data | ciphertext | tag]
+            if (!signOnly)
             {
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    signatureAlgorithm = HashAlgorithmName.SHA384;
-                    break;
-                default:
-                    signatureAlgorithm = HashAlgorithmName.SHA256;
-                    break;
+                Buffer.BlockCopy(ciphertext, 0, data.Array, data.Offset, ciphertext.Length);
             }
 
-            var dataToSign = new ArraySegment<byte>(message, 0, message.Length - signatureLength);
-            byte[] signature = EccUtils.Sign(dataToSign, SenderCertificate, signatureAlgorithm);
-            Buffer.BlockCopy(
-                signature,
+            Buffer.BlockCopy(tag, 0, data.Array, data.Offset + data.Count, tag.Length);
+
+            return new ArraySegment<byte>(
+                data.Array,
                 0,
-                message,
-                message.Length - signatureLength,
-                signatureLength);
-            return message;
+                data.Offset + data.Count + kAesGcmTagLength);
         }
+#endif
 
-        /// <summary>
-        /// Verifies the header for an ECC encrypted message and returns the encrypted data.
-        /// </summary>
-        /// <param name="dataToDecrypt">The data to decrypt.</param>
-        /// <param name="earliestTime">The earliest time allowed for the message signing time.</param>
-        /// <param name="telemetry">The telemetry context to use to create obvservability instruments</param>
-        /// <returns>The encrypted data.</returns>
-        /// <exception cref="ServiceResultException"></exception>
-        private ArraySegment<byte> VerifyHeaderForEcc(
-            ArraySegment<byte> dataToDecrypt,
-            DateTime earliestTime,
-            ITelemetryContext telemetry)
+#if NET8_0_OR_GREATER
+        private static ArraySegment<byte> DecryptWithAesGcm(
+            ArraySegment<byte> data,
+            byte[] encryptingKey,
+            byte[] iv,
+            bool signOnly)
         {
-            using var decoder = new BinaryDecoder(
-                dataToDecrypt.Array,
-                dataToDecrypt.Offset,
-                dataToDecrypt.Count,
-                Context);
-            NodeId typeId = decoder.ReadNodeId(null);
-
-            if (typeId != DataTypeIds.EccEncryptedSecret)
+            if (encryptingKey == null)
             {
-                throw new ServiceResultException(StatusCodes.BadDataTypeIdUnknown);
+                throw new ArgumentNullException(nameof(encryptingKey));
             }
 
-            var encoding = (ExtensionObjectEncoding)decoder.ReadByte(null);
+            if (iv == null || iv.Length != kAesGcmIvLength)
+            {
+                throw new ArgumentException("AES-GCM requires a 96-bit (12-byte) IV/nonce.", nameof(iv));
+            }
 
-            if (encoding != ExtensionObjectEncoding.Binary)
+            if (data.Count < kAesGcmTagLength) // Must at least contain tag
             {
-                throw new ServiceResultException(StatusCodes.BadDataEncodingUnsupported);
+                throw new ArgumentException("Ciphertext too short.", nameof(data));
             }
 
-            uint length = decoder.ReadUInt32(null);
+            byte[] plaintext = new byte[data.Count - kAesGcmTagLength];
 
-            // get the start of data.
-            int startOfData = decoder.Position + dataToDecrypt.Offset;
+            var encryptedData = new ArraySegment<byte>(
+                data.Array,
+                data.Offset,
+                signOnly ? 0 : data.Count - kAesGcmTagLength);
 
-            SecurityPolicyUri = decoder.ReadString(null);
+            var tag = new ArraySegment<byte>(
+                data.Array,
+                data.Offset + data.Count - kAesGcmTagLength,
+                kAesGcmTagLength);
 
-            if (!EccUtils.IsEccPolicy(SecurityPolicyUri))
-            {
-                throw new ServiceResultException(StatusCodes.BadSecurityPolicyRejected);
-            }
+            var extraData = new ReadOnlySpan<byte>(
+                data.Array,
+                0,
+                signOnly ? data.Offset + data.Count - kAesGcmTagLength : data.Offset);
 
-            // get the algorithm used for the signature.
-            HashAlgorithmName signatureAlgorithm;
+            using var aesGcm = new AesGcm(encryptingKey, kAesGcmTagLength);
 
-            switch (SecurityPolicyUri)
+            aesGcm.Decrypt(
+                iv,
+                encryptedData,
+                tag,
+                signOnly ? [] : plaintext,
+                extraData);
+
+            // Return layout: [associated data | plaintext]
+            if (!signOnly)
             {
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    signatureAlgorithm = HashAlgorithmName.SHA384;
-                    break;
-                default:
-                    signatureAlgorithm = HashAlgorithmName.SHA256;
-                    break;
+                Buffer.BlockCopy(plaintext, 0, data.Array, data.Offset, encryptedData.Count);
             }
 
-            // extract the send certificate and any chain.
-            byte[] senderCertificate = decoder.ReadByteString(null);
-
-            if (senderCertificate == null || senderCertificate.Length == 0)
+            if (!signOnly)
             {
-                if (SenderCertificate == null)
-                {
-                    throw new ServiceResultException(StatusCodes.BadCertificateInvalid);
-                }
+                return RemovePadding(new ArraySegment<byte>(data.Array, data.Offset, data.Count - kAesGcmTagLength), iv.Length);
             }
-            else
-            {
-                X509Certificate2Collection senderCertificateChain = Utils.ParseCertificateChainBlob(
-                    senderCertificate,
-                    telemetry);
 
-                SenderCertificate = senderCertificateChain[0];
-                SenderIssuerCertificates = [];
+            return new ArraySegment<byte>(data.Array, 0, data.Offset + data.Count - kAesGcmTagLength);
+        }
+#endif
 
-                for (int ii = 1; ii < senderCertificateChain.Count; ii++)
-                {
-                    SenderIssuerCertificates.Add(senderCertificateChain[ii]);
-                }
+        /// <summary>
+        /// Decrypts the buffer using the algorithm specified by the security policy.
+        /// </summary>
+        /// <exception cref="CryptographicException"></exception>
+        /// <exception cref="NotSupportedException"></exception>
+        public static ArraySegment<byte> SymmetricDecryptAndVerify(
+           ArraySegment<byte> data,
+           SecurityPolicyInfo securityPolicy,
+           byte[] encryptingKey,
+           byte[] iv,
+           byte[] signingKey = null,
+           bool signOnly = false)
+        {
+            SymmetricEncryptionAlgorithm algorithm = securityPolicy.SymmetricEncryptionAlgorithm;
 
-                // validate the sender.
-                Validator?.ValidateAsync(senderCertificateChain, default).GetAwaiter().GetResult();
+            if (algorithm == SymmetricEncryptionAlgorithm.None)
+            {
+                return data;
             }
 
-            // extract the send certificate and any chain.
-            DateTime signingTime = decoder.ReadDateTime(null);
-
-            if (signingTime < earliestTime)
+            if (algorithm is SymmetricEncryptionAlgorithm.Aes128Gcm or SymmetricEncryptionAlgorithm.Aes256Gcm)
             {
-                throw new ServiceResultException(StatusCodes.BadInvalidTimestamp);
+#if NET8_0_OR_GREATER
+                return DecryptWithAesGcm(data, encryptingKey, iv, signOnly);
+#else
+                throw new NotSupportedException("AES-GCM requires .NET 8 or greater.");
+#endif
             }
 
-            // extract the policy header.
-            ushort headerLength = decoder.ReadUInt16(null);
-
-            if (headerLength == 0 || headerLength > length)
+            if (algorithm == SymmetricEncryptionAlgorithm.ChaCha20Poly1305)
             {
-                throw new ServiceResultException(StatusCodes.BadDecodingError);
+#if NET8_0_OR_GREATER
+                return DecryptWithChaCha20Poly1305(
+                    data,
+                    encryptingKey,
+                    iv,
+                    signOnly,
+                    true);
+#else
+                throw new NotSupportedException("ChaCha20Poly1305 requires .NET 8 or greater.");
+#endif
             }
 
-            // read the policy header.
-            byte[] senderPublicKey = decoder.ReadByteString(null);
-            byte[] receiverPublicKey = decoder.ReadByteString(null);
-
-            if (headerLength != senderPublicKey.Length + receiverPublicKey.Length + 8)
+            if (!signOnly)
             {
-                throw new ServiceResultException(
-                    StatusCodes.BadDecodingError,
-                    "Unexpected policy header length");
-            }
+                using var aes = Aes.Create();
 
-            int startOfEncryption = decoder.Position;
+                aes.Mode = CipherMode.CBC;
+                aes.Padding = PaddingMode.None;
+                aes.Key = encryptingKey;
+                aes.IV = iv;
 
-            SenderNonce = Nonce.CreateNonce(SecurityPolicyUri, senderPublicKey);
+                using ICryptoTransform decryptor = aes.CreateDecryptor();
 
-            if (!Utils.IsEqual(receiverPublicKey, ReceiverNonce.Data))
-            {
-                throw new ServiceResultException(
-                    StatusCodes.BadDecodingError,
-                    "Unexpected receiver nonce.");
+                decryptor.TransformBlock(
+                    data.Array,
+                    data.Offset,
+                    data.Count,
+                    data.Array,
+                    data.Offset);
             }
 
-            // check the signature.
-            int signatureLength = EccUtils.GetSignatureLength(SenderCertificate);
+            int isNotValid = 0;
 
-            if (signatureLength >= length)
+            if (signingKey != null)
             {
-                throw new ServiceResultException(StatusCodes.BadDecodingError);
-            }
-
-            byte[] signature = new byte[signatureLength];
-            Buffer.BlockCopy(
-                dataToDecrypt.Array,
-                startOfData + (int)length - signatureLength,
-                signature,
-                0,
-                signatureLength);
+                using HMAC hmac = securityPolicy.CreateSignatureHmac(signingKey);
+                byte[] hash = hmac.ComputeHash(data.Array, 0, data.Offset + data.Count - (hmac.HashSize / 8));
+                for (int ii = 0; ii < hash.Length; ii++)
+                {
+                    int index = data.Offset + data.Count - hash.Length + ii;
+                    isNotValid |= data.Array[index] != hash[ii] ? 1 : 0;
+                }
 
-            var dataToSign = new ArraySegment<byte>(
-                dataToDecrypt.Array,
-                0,
-                startOfData + (int)length - signatureLength);
+                data = new ArraySegment<byte>(
+                    data.Array,
+                    data.Offset,
+                    data.Count - hash.Length);
+            }
 
-            if (!EccUtils.Verify(dataToSign, signature, SenderCertificate, signatureAlgorithm))
+            if (!signOnly)
             {
-                throw new ServiceResultException(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "Could not verify signature.");
+                data = RemovePadding(data, iv.Length);
             }
 
-            // extract the encrypted data.
-            return new ArraySegment<byte>(
-                dataToDecrypt.Array,
-                startOfEncryption,
-                (int)length - (startOfEncryption - startOfData + signatureLength));
-        }
-
-        /// <summary>
-        /// Decrypts the specified data using the ECC algorithm.
-        /// </summary>
-        /// <param name="earliestTime">The earliest time allowed for the message.</param>
-        /// <param name="expectedNonce">The expected nonce value.</param>
-        /// <param name="data">The data to decrypt.</param>
-        /// <param name="offset">The offset of the data to decrypt.</param>
-        /// <param name="count">The number of bytes to decrypt.</param>
-        /// <param name="telemetry">The telemetry context to use to create obvservability instruments</param>
-        /// <returns>The decrypted data.</returns>
-        /// <exception cref="ServiceResultException"></exception>
-        public byte[] Decrypt(
-            DateTime earliestTime,
-            byte[] expectedNonce,
-            byte[] data,
-            int offset,
-            int count,
-            ITelemetryContext telemetry)
-        {
-            ArraySegment<byte> dataToDecrypt = VerifyHeaderForEcc(
-                new ArraySegment<byte>(data, offset, count),
-                earliestTime,
-                telemetry);
-
-            CreateKeysForEcc(
-                SecurityPolicyUri,
-                SenderNonce,
-                ReceiverNonce,
-                true,
-                out byte[] encryptingKey,
-                out byte[] iv);
-
-            ArraySegment<byte> plainText = DecryptSecret(
-                dataToDecrypt.Array,
-                dataToDecrypt.Offset,
-                dataToDecrypt.Count,
-                encryptingKey,
-                iv);
-
-            using var decoder = new BinaryDecoder(
-                plainText.Array,
-                plainText.Offset,
-                plainText.Count,
-                Context);
-            byte[] actualNonce = decoder.ReadByteString(null);
-
-            if (expectedNonce != null && expectedNonce.Length > 0)
+            if (isNotValid != 0)
             {
-                int notvalid = expectedNonce.Length == actualNonce.Length ? 0 : 1;
-
-                for (int ii = 0; ii < expectedNonce.Length && ii < actualNonce.Length; ii++)
-                {
-                    notvalid |= expectedNonce[ii] ^ actualNonce[ii];
-                }
-
-                if (notvalid != 0)
-                {
-                    throw new ServiceResultException(StatusCodes.BadNonceInvalid);
-                }
+                throw new CryptographicException("Invalid signature.");
             }
 
-            return decoder.ReadByteString(null);
+            return new ArraySegment<byte>(data.Array, 0, data.Offset + data.Count);
         }
     }
 }
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/EncryptedSecret.cs b/Stack/Opc.Ua.Core/Security/Certificates/EncryptedSecret.cs
new file mode 100644
index 0000000000..049c97af01
--- /dev/null
+++ b/Stack/Opc.Ua.Core/Security/Certificates/EncryptedSecret.cs
@@ -0,0 +1,784 @@
+/* Copyright (c) 1996-2022 The OPC Foundation. All rights reserved.
+   The source code in this file is covered under a dual-license scenario:
+     - RCL: for OPC Foundation Corporate Members in good-standing
+     - GPL V2: everybody else
+   RCL license terms accompanied with this source code. See http://opcfoundation.org/License/RCL/1.00/
+   GNU General Public License as published by the Free Software Foundation;
+   version 2 of the License are accompanied with this source code. See http://opcfoundation.org/License/GPLv2
+   This source code is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+*/
+
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+#if CURVE25519
+using Org.BouncyCastle.Crypto.Modes;
+using Org.BouncyCastle.Crypto.Parameters;
+#endif
+
+namespace Opc.Ua
+{
+    /// <summary>
+    /// Utility class for encrypting and decrypting secrets using Elliptic Curve Cryptography (ECC).
+    /// </summary>
+    public class EncryptedSecret
+    {
+        /// <summary>
+        /// Create secret
+        /// </summary>
+        public EncryptedSecret(
+            IServiceMessageContext context,
+            string securityPolicyUri,
+            X509Certificate2Collection senderIssuerCertificates,
+            X509Certificate2 receiverCertificate,
+            Nonce receiverNonce,
+            X509Certificate2 senderCertificate,
+            Nonce senderNonce,
+            CertificateValidator validator = null,
+            bool doNotEncodeSenderCertificate = false)
+        {
+            SenderCertificate = senderCertificate;
+            SenderIssuerCertificates = senderIssuerCertificates;
+            DoNotEncodeSenderCertificate = doNotEncodeSenderCertificate;
+            SenderNonce = senderNonce;
+            ReceiverNonce = receiverNonce;
+            ReceiverCertificate = receiverCertificate;
+            Validator = validator;
+            SecurityPolicyUri = securityPolicyUri;
+            Context = context;
+        }
+
+        /// <summary>
+        /// Gets or sets the X.509 certificate of the sender.
+        /// </summary>
+        public X509Certificate2 SenderCertificate { get; private set; }
+
+        /// <summary>
+        /// Gets or sets the collection of X.509 certificates of the sender's issuer.
+        /// </summary>
+        public X509Certificate2Collection SenderIssuerCertificates { get; private set; }
+
+        /// <summary>
+        /// Gets or sets a value indicating whether the sender's certificate should not be encoded.
+        /// </summary>
+        public bool DoNotEncodeSenderCertificate { get; }
+
+        /// <summary>
+        /// Gets or sets the nonce of the sender.
+        /// </summary>
+        public Nonce SenderNonce { get; private set; }
+
+        /// <summary>
+        /// Gets or sets the nonce of the receiver.
+        /// </summary>
+        public Nonce ReceiverNonce { get; }
+
+        /// <summary>
+        /// Gets or sets the X.509 certificate of the receiver.
+        /// </summary>
+        public X509Certificate2 ReceiverCertificate { get; }
+
+        /// <summary>
+        /// Gets or sets the certificate validator.
+        /// </summary>
+        public CertificateValidator Validator { get; }
+
+        /// <summary>
+        /// Gets or sets the security policy URI.
+        /// </summary>
+        public string SecurityPolicyUri { get; private set; }
+
+        /// <summary>
+        /// Service message context to use
+        /// </summary>
+        public IServiceMessageContext Context { get; }
+
+        /// <summary>
+        /// Encrypts a secret using the specified nonce, encrypting key, and initialization vector (IV).
+        /// </summary>
+        /// <param name="secret">The secret to encrypt.</param>
+        /// <param name="nonce">The nonce to use for encryption.</param>
+        /// <param name="encryptingKey">The key to use for encryption.</param>
+        /// <param name="iv">The initialization vector to use for encryption.</param>
+        /// <returns>The encrypted secret.</returns>
+        /// <exception cref="ServiceResultException"></exception>
+        private byte[] EncryptSecret(
+            byte[] secret,
+            byte[] nonce,
+            byte[] encryptingKey,
+            byte[] iv)
+        {
+#if CURVE25519
+            bool useAuthenticatedEncryption = false;
+            if (SenderCertificate.BcCertificate.GetPublicKey() is Ed25519PublicKeyParameters
+                || SenderCertificate.BcCertificate.GetPublicKey() is Ed448PublicKeyParameters)
+            {
+                useAuthenticatedEncryption = true;
+            }
+#endif
+            byte[] dataToEncrypt = null;
+
+            using (var encoder = new BinaryEncoder(Context))
+            {
+                encoder.WriteByteString(null, nonce);
+                encoder.WriteByteString(null, secret);
+
+                // add padding.
+                int paddingSize = iv.Length - ((encoder.Position + 2) % iv.Length);
+                paddingSize %= iv.Length;
+
+                if (secret.Length + paddingSize < iv.Length)
+                {
+                    paddingSize += iv.Length;
+                }
+
+                for (int ii = 0; ii < paddingSize; ii++)
+                {
+                    encoder.WriteByte(null, (byte)(paddingSize & 0xFF));
+                }
+
+                encoder.WriteUInt16(null, (ushort)paddingSize);
+
+                dataToEncrypt = encoder.CloseAndReturnBuffer();
+            }
+#if CURVE25519
+            if (useAuthenticatedEncryption)
+            {
+                return EncryptWithChaCha20Poly1305(encryptingKey, iv, dataToEncrypt);
+            }
+#endif
+            using (var aes = Aes.Create())
+            {
+                aes.Mode = CipherMode.CBC;
+                aes.Padding = PaddingMode.None;
+                aes.Key = encryptingKey;
+                aes.IV = iv;
+
+#pragma warning disable CA5401 // Symmetric encryption uses non-default initialization vector, which could be potentially repeatable
+                using ICryptoTransform encryptor = aes.CreateEncryptor();
+#pragma warning restore CA5401 // Symmetric encryption uses non-default initialization vector, which could be potentially repeatable
+                if (dataToEncrypt.Length % encryptor.InputBlockSize != 0)
+                {
+                    throw ServiceResultException.Create(
+                        StatusCodes.BadSecurityChecksFailed,
+                        "Input data is not an even number of encryption blocks.");
+                }
+
+                encryptor.TransformBlock(dataToEncrypt, 0, dataToEncrypt.Length, dataToEncrypt, 0);
+            }
+
+            return dataToEncrypt;
+        }
+
+#if CURVE25519
+        /// <summary>
+        /// Encrypts the given data using the ChaCha20Poly1305 algorithm with the provided key and initialization vector (IV).
+        /// </summary>
+        /// <param name="encryptingKey">The key used for encryption.</param>
+        /// <param name="iv">The initialization vector used for encryption.</param>
+        /// <param name="dataToEncrypt">The data to be encrypted.</param>
+        /// <returns>The encrypted data.</returns>
+        private static byte[] EncryptWithChaCha20Poly1305(byte[] encryptingKey, byte[] iv, byte[] dataToEncrypt)
+        {
+            Utils.Trace($"EncryptKey={Utils.ToHexString(encryptingKey)}");
+            Utils.Trace($"EncryptIV={Utils.ToHexString(iv)}");
+
+            int signatureLength = 16;
+
+            AeadParameters parameters = new AeadParameters(
+                new KeyParameter(encryptingKey),
+                signatureLength * 8,
+                iv,
+                null);
+
+            ChaCha20Poly1305 encryptor = new ChaCha20Poly1305();
+            encryptor.Init(true, parameters);
+
+            byte[] ciphertext = new byte[encryptor.GetOutputSize(dataToEncrypt.Length)];
+            int length = encryptor.ProcessBytes(dataToEncrypt, 0, dataToEncrypt.Length, ciphertext, 0);
+            length += encryptor.DoFinal(ciphertext, length);
+
+            if (ciphertext.Length != length)
+            {
+                throw ServiceResultException.Create(
+                    StatusCodes.BadSecurityChecksFailed,
+                    $"CipherText not the expected size. [{ciphertext.Length} != {length}]");
+            }
+
+            return ciphertext;
+        }
+
+        /// <summary>
+        /// Decrypts the given data using the ChaCha20Poly1305 algorithm with the provided key and initialization vector (IV).
+        /// </summary>
+        /// <param name="encryptingKey">The key used for encryption.</param>
+        /// <param name="iv">The initialization vector used for encryption.</param>
+        /// <param name="dataToDecrypt">The data to be decrypted.</param>
+        /// <param name="offset">The offset in the data to start decrypting from.</param>
+        /// <param name="count">The number of bytes to decrypt.</param>
+        /// <returns>An <see cref="ArraySegment{T}"/> containing the decrypted data.</returns>
+        /// <exception cref="ServiceResultException">Thrown if the plaintext is not the expected size or too short, or if the nonce is invalid.</exception>
+        private ArraySegment<byte> DecryptWithChaCha20Poly1305(
+            byte[] encryptingKey,
+            byte[] iv,
+            byte[] dataToDecrypt,
+            int offset,
+            int count)
+        {
+            Utils.Trace($"EncryptKey={Utils.ToHexString(encryptingKey)}");
+            Utils.Trace($"EncryptIV={Utils.ToHexString(iv)}");
+
+            int signatureLength = 16;
+
+            AeadParameters parameters = new AeadParameters(
+                new KeyParameter(encryptingKey),
+                signatureLength * 8,
+                iv,
+                null);
+
+            ChaCha20Poly1305 decryptor = new ChaCha20Poly1305();
+            decryptor.Init(false, parameters);
+
+            byte[] plaintext = new byte[decryptor.GetOutputSize(count)];
+            int length = decryptor.ProcessBytes(dataToDecrypt, offset, count, plaintext, 0);
+            length += decryptor.DoFinal(plaintext, length);
+
+            if (plaintext.Length != length || plaintext.Length < iv.Length)
+            {
+                throw ServiceResultException.Create(
+                    StatusCodes.BadSecurityChecksFailed,
+                    $"PlainText not the expected size or too short. [{count} != {length}]");
+            }
+
+            ushort paddingSize = plaintext[length - 1];
+            paddingSize <<= 8;
+            paddingSize += plaintext[length - 2];
+
+            int notvalid = (paddingSize < length) ? 0 : 1;
+            int start = length - paddingSize - 2;
+
+            for (int ii = 0; ii < length - 2 && ii < paddingSize; ii++)
+            {
+                if (start < 0 || start + ii >= plaintext.Length)
+                {
+                    notvalid |= 1;
+                    continue;
+                }
+
+                notvalid |= plaintext[start + ii] ^ (paddingSize & 0xFF);
+            }
+
+            if (notvalid != 0)
+            {
+                throw new ServiceResultException(StatusCodes.BadNonceInvalid);
+            }
+
+            return new ArraySegment<byte>(plaintext, 0, start);
+        }
+#endif
+
+        /// <summary>
+        /// Decrypts the specified data using the provided encrypting key and initialization vector (IV).
+        /// </summary>
+        /// <param name="dataToDecrypt">The data to decrypt.</param>
+        /// <param name="offset">The offset in the data to start decrypting from.</param>
+        /// <param name="count">The number of bytes to decrypt.</param>
+        /// <param name="encryptingKey">The key to use for decryption.</param>
+        /// <param name="iv">The initialization vector to use for decryption.</param>
+        /// <returns>The decrypted data.</returns>
+        /// <exception cref="ServiceResultException">Thrown if the input data is not an even number of encryption blocks or if the nonce is invalid.</exception>
+        private ArraySegment<byte> DecryptSecret(
+            byte[] dataToDecrypt,
+            int offset,
+            int count,
+            byte[] encryptingKey,
+            byte[] iv)
+        {
+#if CURVE25519
+            bool useAuthenticatedEncryption = false;
+            if (SenderCertificate.BcCertificate.GetPublicKey() is Ed25519PublicKeyParameters
+                || SenderCertificate.BcCertificate.GetPublicKey() is Ed448PublicKeyParameters)
+            {
+                useAuthenticatedEncryption = true;
+            }
+            if (useAuthenticatedEncryption)
+            {
+                return DecryptWithChaCha20Poly1305(encryptingKey, iv, dataToDecrypt, offset, count);
+            }
+#endif
+            using (var aes = Aes.Create())
+            {
+                aes.Mode = CipherMode.CBC;
+                aes.Padding = PaddingMode.None;
+                aes.Key = encryptingKey;
+                aes.IV = iv;
+
+                using ICryptoTransform decryptor = aes.CreateDecryptor();
+                if (count % decryptor.InputBlockSize != 0)
+                {
+                    throw ServiceResultException.Create(
+                        StatusCodes.BadSecurityChecksFailed,
+                        "Input data is not an even number of encryption blocks.");
+                }
+
+                decryptor.TransformBlock(dataToDecrypt, offset, count, dataToDecrypt, offset);
+            }
+
+            ushort paddingSize = dataToDecrypt[offset + count - 1];
+            paddingSize <<= 8;
+            paddingSize += dataToDecrypt[offset + count - 2];
+
+            int notvalid = paddingSize < count ? 0 : 1;
+            int start = offset + count - paddingSize - 2;
+
+            for (int ii = 0; ii < count - 2 && ii < paddingSize; ii++)
+            {
+                if (start < 0 || start + ii >= dataToDecrypt.Length)
+                {
+                    notvalid |= 1;
+                    continue;
+                }
+
+                notvalid |= dataToDecrypt[start + ii] ^ (paddingSize & 0xFF);
+            }
+
+            if (notvalid != 0)
+            {
+                throw new ServiceResultException(StatusCodes.BadNonceInvalid);
+            }
+
+            return new ArraySegment<byte>(dataToDecrypt, offset, count - paddingSize);
+        }
+
+        private static readonly byte[] s_label = System.Text.Encoding.UTF8.GetBytes("opcua-secret");
+
+        /// <summary>
+        /// Creates the encrypting key and initialization vector (IV) for Elliptic Curve Cryptography (ECC) encryption or decryption.
+        /// </summary>
+        /// <param name="securityPolicyUri">The security policy URI.</param>
+        /// <param name="senderNonce">The sender nonce.</param>
+        /// <param name="receiverNonce">The receiver nonce.</param>
+        /// <param name="forDecryption">if set to <c>true</c>, creates the keys for decryption; otherwise, creates the keys for encryption.</param>
+        /// <param name="encryptingKey">The encrypting key.</param>
+        /// <param name="iv">The initialization vector (IV).</param>
+        private static void CreateKeysForEcc(
+            string securityPolicyUri,
+            Nonce senderNonce,
+            Nonce receiverNonce,
+            bool forDecryption,
+            out byte[] encryptingKey,
+            out byte[] iv)
+        {
+            int encryptingKeySize;
+            int blockSize;
+            HashAlgorithmName algorithmName;
+
+            switch (securityPolicyUri)
+            {
+                case SecurityPolicies.ECC_nistP256:
+                case SecurityPolicies.ECC_brainpoolP256r1:
+                    blockSize = 16;
+                    encryptingKeySize = 16;
+                    algorithmName = HashAlgorithmName.SHA256;
+                    break;
+                case SecurityPolicies.ECC_nistP384:
+                case SecurityPolicies.ECC_brainpoolP384r1:
+                    encryptingKeySize = 32;
+                    blockSize = 16;
+                    algorithmName = HashAlgorithmName.SHA384;
+                    break;
+                case SecurityPolicies.ECC_curve25519:
+                case SecurityPolicies.ECC_curve448:
+                    encryptingKeySize = 32;
+                    blockSize = 12;
+                    algorithmName = HashAlgorithmName.SHA256;
+                    break;
+                default:
+                    encryptingKeySize = 32;
+                    blockSize = 16;
+                    algorithmName = HashAlgorithmName.SHA256;
+                    break;
+            }
+
+            encryptingKey = new byte[encryptingKeySize];
+            iv = new byte[blockSize];
+
+            byte[] keyLength = BitConverter.GetBytes((ushort)(encryptingKeySize + blockSize));
+            byte[] salt = Utils.Append(keyLength, s_label, senderNonce.Data, receiverNonce.Data);
+
+            byte[] keyData;
+            if (forDecryption)
+            {
+                keyData = receiverNonce.DeriveKey(
+                    senderNonce,
+                    salt,
+                    algorithmName,
+                    encryptingKeySize + blockSize);
+            }
+            else
+            {
+                keyData = senderNonce.DeriveKey(
+                    receiverNonce,
+                    salt,
+                    algorithmName,
+                    encryptingKeySize + blockSize);
+            }
+
+            Buffer.BlockCopy(keyData, 0, encryptingKey, 0, encryptingKey.Length);
+            Buffer.BlockCopy(keyData, encryptingKeySize, iv, 0, iv.Length);
+        }
+
+        /// <summary>
+        /// Encrypts a secret using the specified nonce.
+        /// </summary>
+        /// <param name="secret">The secret to encrypt.</param>
+        /// <param name="nonce">The nonce to use for encryption.</param>
+        /// <returns>The encrypted secret.</returns>
+        public byte[] Encrypt(byte[] secret, byte[] nonce)
+        {
+            byte[] encryptingKey = null;
+            byte[] iv = null;
+            byte[] message = null;
+            int lengthPosition = 0;
+
+            int signatureLength = EccUtils.GetSignatureLength(SenderCertificate);
+
+            using (var encoder = new BinaryEncoder(Context))
+            {
+                // write header.
+                encoder.WriteNodeId(null, DataTypeIds.EccEncryptedSecret);
+                encoder.WriteByte(null, (byte)ExtensionObjectEncoding.Binary);
+
+                lengthPosition = encoder.Position;
+                encoder.WriteUInt32(null, 0);
+
+                encoder.WriteString(null, SecurityPolicyUri);
+
+                byte[] senderCertificate = null;
+
+                if (!DoNotEncodeSenderCertificate)
+                {
+                    senderCertificate = SenderCertificate.RawData;
+
+                    if (SenderIssuerCertificates != null && SenderIssuerCertificates.Count > 0)
+                    {
+                        int blobSize = senderCertificate.Length;
+
+                        foreach (X509Certificate2 issuer in SenderIssuerCertificates)
+                        {
+                            blobSize += issuer.RawData.Length;
+                        }
+
+                        byte[] blob = new byte[blobSize];
+                        Buffer.BlockCopy(senderCertificate, 0, blob, 0, senderCertificate.Length);
+
+                        int pos = senderCertificate.Length;
+
+                        foreach (X509Certificate2 issuer in SenderIssuerCertificates)
+                        {
+                            byte[] data = issuer.RawData;
+                            Buffer.BlockCopy(data, 0, blob, pos, data.Length);
+                            pos += data.Length;
+                        }
+
+                        senderCertificate = blob;
+                    }
+                }
+
+                encoder.WriteByteString(null, senderCertificate);
+                encoder.WriteDateTime(null, DateTime.UtcNow);
+
+                byte[] senderNonce = SenderNonce.Data;
+                byte[] receiverNonce = ReceiverNonce.Data;
+
+                encoder.WriteUInt16(null, (ushort)(senderNonce.Length + receiverNonce.Length + 8));
+                encoder.WriteByteString(null, senderNonce);
+                encoder.WriteByteString(null, receiverNonce);
+
+                // create keys.
+                if (EccUtils.IsEccPolicy(SecurityPolicyUri))
+                {
+                    CreateKeysForEcc(
+                        SecurityPolicyUri,
+                        SenderNonce,
+                        ReceiverNonce,
+                        false,
+                        out encryptingKey,
+                        out iv);
+                }
+
+                // encrypt  secret,
+                byte[] encryptedData = EncryptSecret(secret, nonce, encryptingKey, iv);
+
+                // append encrypted secret.
+                for (int ii = 0; ii < encryptedData.Length; ii++)
+                {
+                    encoder.WriteByte(null, encryptedData[ii]);
+                }
+
+                // save space for signature.
+                for (int ii = 0; ii < signatureLength; ii++)
+                {
+                    encoder.WriteByte(null, 0);
+                }
+
+                message = encoder.CloseAndReturnBuffer();
+            }
+
+            int length = message.Length - lengthPosition - 4;
+
+            message[lengthPosition++] = (byte)(length & 0xFF);
+            message[lengthPosition++] = (byte)((length & 0xFF00) >> 8);
+            message[lengthPosition++] = (byte)((length & 0xFF0000) >> 16);
+            message[lengthPosition++] = (byte)((length & 0xFF000000) >> 24);
+
+            // get the algorithm used for the signature.
+            HashAlgorithmName signatureAlgorithm;
+            switch (SecurityPolicyUri)
+            {
+                case SecurityPolicies.ECC_nistP384:
+                case SecurityPolicies.ECC_brainpoolP384r1:
+                    signatureAlgorithm = HashAlgorithmName.SHA384;
+                    break;
+                default:
+                    signatureAlgorithm = HashAlgorithmName.SHA256;
+                    break;
+            }
+
+            var dataToSign = new ArraySegment<byte>(message, 0, message.Length - signatureLength);
+            byte[] signature = EccUtils.Sign(dataToSign, SenderCertificate, signatureAlgorithm);
+            Buffer.BlockCopy(
+                signature,
+                0,
+                message,
+                message.Length - signatureLength,
+                signatureLength);
+            return message;
+        }
+
+        /// <summary>
+        /// Verifies the header for an ECC encrypted message and returns the encrypted data.
+        /// </summary>
+        /// <param name="dataToDecrypt">The data to decrypt.</param>
+        /// <param name="earliestTime">The earliest time allowed for the message signing time.</param>
+        /// <param name="telemetry">The telemetry context to use to create obvservability instruments</param>
+        /// <returns>The encrypted data.</returns>
+        /// <exception cref="ServiceResultException"></exception>
+        private ArraySegment<byte> VerifyHeaderForEcc(
+            ArraySegment<byte> dataToDecrypt,
+            DateTime earliestTime,
+            ITelemetryContext telemetry)
+        {
+            using var decoder = new BinaryDecoder(
+                dataToDecrypt.Array,
+                dataToDecrypt.Offset,
+                dataToDecrypt.Count,
+                Context);
+            NodeId typeId = decoder.ReadNodeId(null);
+
+            if (typeId != DataTypeIds.EccEncryptedSecret)
+            {
+                throw new ServiceResultException(StatusCodes.BadDataTypeIdUnknown);
+            }
+
+            var encoding = (ExtensionObjectEncoding)decoder.ReadByte(null);
+
+            if (encoding != ExtensionObjectEncoding.Binary)
+            {
+                throw new ServiceResultException(StatusCodes.BadDataEncodingUnsupported);
+            }
+
+            uint length = decoder.ReadUInt32(null);
+
+            // get the start of data.
+            int startOfData = decoder.Position + dataToDecrypt.Offset;
+
+            SecurityPolicyUri = decoder.ReadString(null);
+
+            if (!EccUtils.IsEccPolicy(SecurityPolicyUri))
+            {
+                throw new ServiceResultException(StatusCodes.BadSecurityPolicyRejected);
+            }
+
+            // get the algorithm used for the signature.
+            HashAlgorithmName signatureAlgorithm;
+
+            switch (SecurityPolicyUri)
+            {
+                case SecurityPolicies.ECC_nistP384:
+                case SecurityPolicies.ECC_brainpoolP384r1:
+                    signatureAlgorithm = HashAlgorithmName.SHA384;
+                    break;
+                default:
+                    signatureAlgorithm = HashAlgorithmName.SHA256;
+                    break;
+            }
+
+            // extract the send certificate and any chain.
+            byte[] senderCertificate = decoder.ReadByteString(null);
+
+            if (senderCertificate == null || senderCertificate.Length == 0)
+            {
+                if (SenderCertificate == null)
+                {
+                    throw new ServiceResultException(StatusCodes.BadCertificateInvalid);
+                }
+            }
+            else
+            {
+                X509Certificate2Collection senderCertificateChain = Utils.ParseCertificateChainBlob(
+                    senderCertificate,
+                    telemetry);
+
+                SenderCertificate = senderCertificateChain[0];
+                SenderIssuerCertificates = [];
+
+                for (int ii = 1; ii < senderCertificateChain.Count; ii++)
+                {
+                    SenderIssuerCertificates.Add(senderCertificateChain[ii]);
+                }
+
+                // validate the sender.
+                Validator?.ValidateAsync(senderCertificateChain, default).GetAwaiter().GetResult();
+            }
+
+            // extract the send certificate and any chain.
+            DateTime signingTime = decoder.ReadDateTime(null);
+
+            if (signingTime < earliestTime)
+            {
+                throw new ServiceResultException(StatusCodes.BadInvalidTimestamp);
+            }
+
+            // extract the policy header.
+            ushort headerLength = decoder.ReadUInt16(null);
+
+            if (headerLength == 0 || headerLength > length)
+            {
+                throw new ServiceResultException(StatusCodes.BadDecodingError);
+            }
+
+            // read the policy header.
+            byte[] senderPublicKey = decoder.ReadByteString(null);
+            byte[] receiverPublicKey = decoder.ReadByteString(null);
+
+            if (headerLength != senderPublicKey.Length + receiverPublicKey.Length + 8)
+            {
+                throw new ServiceResultException(
+                    StatusCodes.BadDecodingError,
+                    "Unexpected policy header length");
+            }
+
+            int startOfEncryption = decoder.Position;
+
+            SenderNonce = Nonce.CreateNonce(SecurityPolicyUri, senderPublicKey);
+
+            if (!Utils.IsEqual(receiverPublicKey, ReceiverNonce.Data))
+            {
+                throw new ServiceResultException(
+                    StatusCodes.BadDecodingError,
+                    "Unexpected receiver nonce.");
+            }
+
+            // check the signature.
+            int signatureLength = EccUtils.GetSignatureLength(SenderCertificate);
+
+            if (signatureLength >= length)
+            {
+                throw new ServiceResultException(StatusCodes.BadDecodingError);
+            }
+
+            byte[] signature = new byte[signatureLength];
+            Buffer.BlockCopy(
+                dataToDecrypt.Array,
+                startOfData + (int)length - signatureLength,
+                signature,
+                0,
+                signatureLength);
+
+            var dataToSign = new ArraySegment<byte>(
+                dataToDecrypt.Array,
+                0,
+                startOfData + (int)length - signatureLength);
+
+            if (!EccUtils.Verify(dataToSign, signature, SenderCertificate, signatureAlgorithm))
+            {
+                throw new ServiceResultException(
+                    StatusCodes.BadSecurityChecksFailed,
+                    "Could not verify signature.");
+            }
+
+            // extract the encrypted data.
+            return new ArraySegment<byte>(
+                dataToDecrypt.Array,
+                startOfEncryption,
+                (int)length - (startOfEncryption - startOfData + signatureLength));
+        }
+
+        /// <summary>
+        /// Decrypts the specified data using the ECC algorithm.
+        /// </summary>
+        /// <param name="earliestTime">The earliest time allowed for the message.</param>
+        /// <param name="expectedNonce">The expected nonce value.</param>
+        /// <param name="data">The data to decrypt.</param>
+        /// <param name="offset">The offset of the data to decrypt.</param>
+        /// <param name="count">The number of bytes to decrypt.</param>
+        /// <param name="telemetry">The telemetry context to use to create obvservability instruments</param>
+        /// <returns>The decrypted data.</returns>
+        /// <exception cref="ServiceResultException"></exception>
+        public byte[] Decrypt(
+            DateTime earliestTime,
+            byte[] expectedNonce,
+            byte[] data,
+            int offset,
+            int count,
+            ITelemetryContext telemetry)
+        {
+            ArraySegment<byte> dataToDecrypt = VerifyHeaderForEcc(
+                new ArraySegment<byte>(data, offset, count),
+                earliestTime,
+                telemetry);
+
+            CreateKeysForEcc(
+                SecurityPolicyUri,
+                SenderNonce,
+                ReceiverNonce,
+                true,
+                out byte[] encryptingKey,
+                out byte[] iv);
+
+            ArraySegment<byte> plainText = DecryptSecret(
+                dataToDecrypt.Array,
+                dataToDecrypt.Offset,
+                dataToDecrypt.Count,
+                encryptingKey,
+                iv);
+
+            using var decoder = new BinaryDecoder(
+                plainText.Array,
+                plainText.Offset,
+                plainText.Count,
+                Context);
+            byte[] actualNonce = decoder.ReadByteString(null);
+
+            if (expectedNonce != null && expectedNonce.Length > 0)
+            {
+                int notvalid = expectedNonce.Length == actualNonce.Length ? 0 : 1;
+
+                for (int ii = 0; ii < expectedNonce.Length && ii < actualNonce.Length; ii++)
+                {
+                    notvalid |= expectedNonce[ii] ^ actualNonce[ii];
+                }
+
+                if (notvalid != 0)
+                {
+                    throw new ServiceResultException(StatusCodes.BadNonceInvalid);
+                }
+            }
+
+            return decoder.ReadByteString(null);
+        }
+    }
+}
\ No newline at end of file
diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
index c16dd613b5..a2526cab58 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
@@ -149,6 +149,20 @@ private static bool IsPlatformSupportedName(string name)
             return false;
         }
 
+        /// <summary>
+        /// Returns the info object associated with the SecurityPolicyUri.
+        /// </summary>
+        public static SecurityPolicyInfo GetInfo(string securityPolicyUri)
+        {
+            if (s_securityPolicyUriToInfo.Value.TryGetValue(securityPolicyUri, out SecurityPolicyInfo info) &&
+                IsPlatformSupportedName(info.Name))
+            {
+                return info;
+            }
+
+            return null;
+        }
+
         /// <summary>
         /// Returns the uri associated with the display name. This includes http and all
         /// other supported platform security policies.
@@ -652,6 +666,49 @@ public static bool Verify(
                 return keyValuePairs.ToFrozenDictionary();
 #else
                 return new ReadOnlyDictionary<string, string>(keyValuePairs);
+#endif
+            });
+
+        /// <summary>
+        /// Creates a dictionary of uris to SecurityPolicyInfo excluding base uri
+        /// </summary>
+        private static readonly Lazy<IReadOnlyDictionary<string, SecurityPolicyInfo>> s_securityPolicyUriToInfo =
+            new(() =>
+            {
+#if NET8_0_OR_GREATER
+                return s_securityPolicyNameToInfo.Value.ToFrozenDictionary(k => k.Value.Uri, k => k.Value);
+#else
+                return new ReadOnlyDictionary<string, SecurityPolicyInfo>(
+                    s_securityPolicyNameToInfo.Value.ToDictionary(k => k.Value.Uri, k => k.Value));
+#endif
+            });
+
+        /// <summary>
+        /// Creates a dictionary for names to SecurityPolicyInfo excluding base uri
+        /// </summary>
+        private static readonly Lazy<IReadOnlyDictionary<string, SecurityPolicyInfo>> s_securityPolicyNameToInfo =
+            new(() =>
+            {
+                FieldInfo[] fields = typeof(SecurityPolicies).GetFields(
+                    BindingFlags.Public | BindingFlags.Static);
+
+                var keyValuePairs = new Dictionary<string, SecurityPolicyInfo>();
+                foreach (FieldInfo field in fields)
+                {
+                    string policyUri = (string)field.GetValue(typeof(SecurityPolicies));
+                    if (field.Name == nameof(BaseUri) ||
+                        field.Name == nameof(Https) ||
+                        !policyUri.StartsWith(BaseUri, StringComparison.Ordinal))
+                    {
+                        continue;
+                    }
+
+                    keyValuePairs.Add(field.Name, new SecurityPolicyInfo(field.Name, policyUri));
+                }
+#if NET8_0_OR_GREATER
+                return keyValuePairs.ToFrozenDictionary();
+#else
+                return new ReadOnlyDictionary<string, SecurityPolicyInfo>(keyValuePairs);
 #endif
             });
     }
diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
new file mode 100644
index 0000000000..fcbb7f2712
--- /dev/null
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
@@ -0,0 +1,706 @@
+/* Copyright (c) 1996-2022 The OPC Foundation. All rights reserved.
+   The source code in this file is covered under a dual-license scenario:
+     - RCL: for OPC Foundation Corporate Members in good-standing
+     - GPL V2: everybody else
+   RCL license terms accompanied with this source code. See http://opcfoundation.org/License/RCL/1.00/
+   GNU General Public License as published by the Free Software Foundation;
+   version 2 of the License are accompanied with this source code. See http://opcfoundation.org/License/GPLv2
+   This source code is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+*/
+
+using System;
+using System.Security.Cryptography;
+
+namespace Opc.Ua
+{
+    /// <summary>
+    /// Defines constants for key security policies.
+    /// </summary>
+    public class SecurityPolicyInfo
+    {
+        /// <summary>
+        /// Creates a new instance of the <see cref="SecurityPolicyInfo"/> class.
+        /// </summary>
+        /// <param name="uri">The unique identifier.</param>
+        /// <param name="name">The display name.</param>
+        /// <exception cref="ArgumentNullException"></exception>
+        public SecurityPolicyInfo(string uri, string name = null)
+        {
+            if (string.IsNullOrEmpty(uri))
+            {
+                throw new ArgumentException("The URI is not a valid security policy.", nameof(uri));
+            }
+
+            Uri = uri;
+            Name = name ?? SecurityPolicies.GetDisplayName(uri) ?? uri;
+        }
+
+        /// <summary>
+        /// Short name for the policy.
+        /// </summary>
+        public string Name { get; }
+
+        /// <summary>
+        /// The unique identifier for the policy.
+        /// </summary>
+        public string Uri { get; }
+
+        /// <summary>
+        /// Returns true if the policy is considered deprecated and should not be used for new deployments.
+        /// </summary>
+        public bool IsDeprecated { get; private set; }
+
+        /// <summary>
+        /// The symmetric signature algorithm to use.
+        /// </summary>
+        public SymmetricSignatureAlgorithm SymmetricSignatureAlgorithm { get; private set; }
+
+        /// <summary>
+        /// The symmetric encryption algorithm to use.
+        /// </summary>
+        public SymmetricEncryptionAlgorithm SymmetricEncryptionAlgorithm { get; private set; }
+
+        /// <summary>
+        /// The asymmetric signature algorithm to use.
+        /// </summary>
+        public AsymmetricSignatureAlgorithm AsymmetricSignatureAlgorithm { get; private set; }
+
+        /// <summary>
+        /// The symmetric encryption algorithm to use.
+        /// </summary>
+        public AsymmetricEncryptionAlgorithm AsymmetricEncryptionAlgorithm { get; private set; }
+
+        /// <summary>
+        /// The minimum length, in bits, for an asymmetric key.
+        /// </summary>
+        public int MinAsymmetricKeyLength { get; private set; }
+
+        /// <summary>
+        /// The maximum length, in bits, for an asymmetric key.
+        /// </summary>
+        public int MaxAsymmetricKeyLength { get; private set; }
+
+        /// <summary>
+        /// The key derivation algorithm to use.
+        /// </summary>
+        public KeyDerivationAlgorithm KeyDerivationAlgorithm { get; private set; }
+
+        /// <summary>
+        /// The length in bytes of the derived key used for message authentication.
+        /// </summary>
+        public int DerivedSignatureKeyLength { get; private set; }
+
+        /// <summary>
+        /// The asymmetric signature algorithm used to sign certificates.
+        /// </summary>
+        public AsymmetricSignatureAlgorithm CertificateSignatureAlgorithm { get; private set; }
+
+        /// <summary>
+        /// The algorithm used to create asymmetric key pairs used with Certificates.
+        /// </summary>
+        public CertificateKeyAlgorithm CertificateKeyAlgorithm { get; private set; }
+
+        /// <summary>
+        /// The algorithm used to create asymmetric key pairs used for EphemeralKeys.
+        /// </summary>
+        public CertificateKeyAlgorithm EphemeralKeyAlgorithm { get; private set; }
+
+        /// <summary>
+        /// The length, in bytes, of the Nonces used when opening a SecureChannel.
+        /// </summary>
+        public int SecureChannelNonceLength { get; private set; }
+
+        /// <summary>
+        /// The length, in bytes, of the data used to initialize the symmetric algorithm.
+        /// </summary>
+        public int InitializationVectorLength { get; private set; }
+
+        /// <summary>
+        /// The length, in bytes, of the symmetric signature.
+        /// </summary>
+        public int SymmetricSignatureLength { get; private set; }
+
+        /// <summary>
+        /// The length, in bytes, of the symmetric encryption key.
+        /// </summary>
+        public int SymmetricEncryptionKeyLength { get; private set; }
+
+        /// <summary>
+        /// If TRUE, the 1024 based SequenceNumber rules apply to the SecurityPolicy.
+        /// If FALSE, the 0 based SequenceNumber rules apply.
+        /// </summary>
+        public bool LegacySequenceNumbers { get; private set; }
+
+        /// <summary>
+        /// Whether the padding is required with symmetric encryption.
+        /// </summary>
+        public bool NoSymmetricEncryptionPadding =>
+            SymmetricEncryptionAlgorithm == SymmetricEncryptionAlgorithm.ChaCha20Poly1305;
+
+        /// <summary>
+        /// Returns the derived key data length in bytes as a little endian UInt16.
+        /// </summary>
+        public byte[] KeyDataLength =>
+             BitConverter.GetBytes(DerivedSignatureKeyLength + SymmetricEncryptionKeyLength + InitializationVectorLength);
+
+        /// <summary>
+        /// Returns the derived key data length for an EncryptedSecret in bytes as a little endian UInt16.
+        /// </summary>
+        public byte[] KeyDataLengthForEncryptedSecret =>
+             BitConverter.GetBytes(SymmetricEncryptionKeyLength + InitializationVectorLength);
+
+        /// <summary>
+        /// Returns a HMAC based on the symmetric signature algorithm.
+        /// </summary>
+        public HMAC CreateSignatureHmac(byte[] signingKey)
+        {
+            return SymmetricSignatureAlgorithm switch
+            {
+                SymmetricSignatureAlgorithm.HmacSha1 => new HMACSHA1(signingKey),
+                SymmetricSignatureAlgorithm.HmacSha256 => new HMACSHA256(signingKey),
+                SymmetricSignatureAlgorithm.HmacSha384 => new HMACSHA384(signingKey),
+                _ => null
+            };
+        }
+
+        /// <summary>
+        /// Returns a HashAlgorithmName based on the KeyDerivationAlgorithm.
+        /// </summary>
+        public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
+        {
+            return KeyDerivationAlgorithm switch
+            {
+                KeyDerivationAlgorithm.PSha1 => HashAlgorithmName.SHA1,
+                KeyDerivationAlgorithm.PSha256 => HashAlgorithmName.SHA256,
+                KeyDerivationAlgorithm.HKDFSha256 => HashAlgorithmName.SHA256,
+                KeyDerivationAlgorithm.HKDFSha384 => HashAlgorithmName.SHA384,
+                _ => HashAlgorithmName.SHA256
+            };
+        }
+
+        /// <summary>
+        /// The security policy that does not provide any security.
+        /// </summary>
+        public static readonly SecurityPolicyInfo None = new(SecurityPolicies.None)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 0,
+            InitializationVectorLength = 0,
+            SymmetricSignatureLength = 0,
+            MinAsymmetricKeyLength = 0,
+            MaxAsymmetricKeyLength = 0,
+            SecureChannelNonceLength = 0,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.None,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.None,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.None,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.None,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.None,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.None,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.None
+        };
+
+        /// <summary>
+        /// The security policy that uses SHA1 and 128 bit encryption. This policy is considered insecure and should not be used for new deployments.
+        /// </summary>
+        public static readonly SecurityPolicyInfo Basic128Rsa15 = new(SecurityPolicies.Basic128Rsa15)
+        {
+            DerivedSignatureKeyLength = 128 / 8,
+            SymmetricEncryptionKeyLength = 128 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            InitializationVectorLength = 128 / 8,
+            MinAsymmetricKeyLength = 1024,
+            MaxAsymmetricKeyLength = 2048,
+            SecureChannelNonceLength = 16,
+            LegacySequenceNumbers = true,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.RsaOaepSha1,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha1,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha1,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.None,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.PSha1,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes128Cbc,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.HmacSha1,
+            IsDeprecated = true
+        };
+
+        /// <summary>
+        /// The security policy that uses SHA1 and 256 bit encryption. This policy is considered insecure and should not be used for new deployments.
+        /// </summary>
+        public static readonly SecurityPolicyInfo Basic256 = new(SecurityPolicies.Basic256)
+        {
+            DerivedSignatureKeyLength = 192 / 8,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            SymmetricSignatureLength = 256 / 8,
+            InitializationVectorLength = 128 / 8,
+            MinAsymmetricKeyLength = 1024,
+            MaxAsymmetricKeyLength = 2048,
+            SecureChannelNonceLength = 32,
+            LegacySequenceNumbers = true,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.RsaOaepSha1,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha1,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha1,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.None,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.PSha1,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes256Cbc,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.HmacSha1,
+            IsDeprecated = true
+        };
+
+        /// <summary>
+        /// Aes128_Sha256_RsaOaep is a required minimum security policy. It uses SHA256 and 128 bit encryption.
+        /// </summary>
+        public static readonly SecurityPolicyInfo Aes128_Sha256_RsaOaep = new(SecurityPolicies.Aes128_Sha256_RsaOaep)
+        {
+            DerivedSignatureKeyLength = 256 / 8,
+            SymmetricEncryptionKeyLength = 128 / 8,
+            SymmetricSignatureLength = 256 / 8,
+            InitializationVectorLength = 128 / 8,
+            MinAsymmetricKeyLength = 2048,
+            MaxAsymmetricKeyLength = 4096,
+            SecureChannelNonceLength = 32,
+            LegacySequenceNumbers = true,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.RsaOaepSha1,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.None,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.PSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes256Cbc,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.HmacSha256,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// Basic256Sha256 is a required minimum security policy. It uses SHA256 and 256 bit encryption.
+        /// </summary>
+        public static readonly SecurityPolicyInfo Basic256Sha256 = new(SecurityPolicies.Basic256Sha256)
+        {
+            DerivedSignatureKeyLength = 256 / 8,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            SymmetricSignatureLength = 256 / 8,
+            InitializationVectorLength = 128 / 8,
+            MinAsymmetricKeyLength = 2048,
+            MaxAsymmetricKeyLength = 4096,
+            SecureChannelNonceLength = 32,
+            LegacySequenceNumbers = true,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.RsaOaepSha1,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.PSha256,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.None,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes256Cbc,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.HmacSha256,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// Aes256_Sha256_RsaPss is a optional high security policy. It uses SHA256 and 256 bit encryption.
+        /// </summary>
+        public static readonly SecurityPolicyInfo Aes256_Sha256_RsaPss = new(SecurityPolicies.Aes256_Sha256_RsaPss)
+        {
+            DerivedSignatureKeyLength = 256 / 8,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            MinAsymmetricKeyLength = 2048,
+            MaxAsymmetricKeyLength = 4096,
+            SecureChannelNonceLength = 32,
+            LegacySequenceNumbers = true,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.RsaOaepSha256,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPssSha256,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.None,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.PSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes256Cbc,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.HmacSha256,
+            InitializationVectorLength = 128 / 8,
+            SymmetricSignatureLength = 256 / 8,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// ECC_curve25519 is a required minimum security policy. It uses ChaChaPoly and 256 bit encryption.
+        /// </summary>
+        public static readonly SecurityPolicyInfo ECC_curve25519 = new(SecurityPolicies.ECC_curve25519)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 256,
+            MaxAsymmetricKeyLength = 256,
+            SecureChannelNonceLength = 32,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure25519,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.Curve25519,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure25519,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.Curve25519,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.ChaCha20Poly1305,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.ChaCha20Poly1305,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// ECC_curve448 is a required minimum security policy. It uses ChaChaPoly and 256 bit encryption.
+        /// </summary>
+        public static readonly SecurityPolicyInfo ECC_curve448 = new(SecurityPolicies.ECC_curve448)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 456,
+            MaxAsymmetricKeyLength = 456,
+            SecureChannelNonceLength = 56,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure448,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.Curve448,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure448,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.Curve448,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.ChaCha20Poly1305,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.ChaCha20Poly1305,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// ECC nistP256 is a required minimum security policy.
+        /// </summary>
+        public static readonly SecurityPolicyInfo ECC_nistP256 = new(SecurityPolicies.ECC_nistP256)
+        {
+            DerivedSignatureKeyLength = 256 / 8,
+            SymmetricEncryptionKeyLength = 128 / 8,
+            InitializationVectorLength = 128 / 8,
+            SymmetricSignatureLength = 256 / 8,
+            MinAsymmetricKeyLength = 256,
+            MaxAsymmetricKeyLength = 256,
+            SecureChannelNonceLength = 64,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.NistP256,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.NistP256,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes128Cbc,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.HmacSha256,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// ECC nistP384 is an optional high security policy.
+        /// </summary>
+        public static readonly SecurityPolicyInfo ECC_nistP384 = new(SecurityPolicies.ECC_nistP384)
+        {
+            DerivedSignatureKeyLength = 384 / 8,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 128 / 8,
+            SymmetricSignatureLength = 384 / 8,
+            MinAsymmetricKeyLength = 384,
+            MaxAsymmetricKeyLength = 384,
+            SecureChannelNonceLength = 96,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.NistP384,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.NistP384,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha384,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes256Cbc,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.HmacSha384,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// ECC brainpoolP256r1 is a required minimum security policy.
+        /// </summary>
+        public static readonly SecurityPolicyInfo ECC_brainpoolP256r1 = new(SecurityPolicies.ECC_brainpoolP256r1)
+        {
+            DerivedSignatureKeyLength = 256 / 8,
+            SymmetricEncryptionKeyLength = 128 / 8,
+            InitializationVectorLength = 128 / 8,
+            SymmetricSignatureLength = 256 / 8,
+            MinAsymmetricKeyLength = 256,
+            MaxAsymmetricKeyLength = 256,
+            SecureChannelNonceLength = 64,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.NistP256,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP256r1,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes128Cbc,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.HmacSha256,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// ECC brainpoolP384r1 is an optional high security policy.
+        /// </summary>
+        public static readonly SecurityPolicyInfo ECC_brainpoolP384r1 = new(SecurityPolicies.ECC_brainpoolP384r1)
+        {
+            DerivedSignatureKeyLength = 384 / 8,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 128 / 8,
+            SymmetricSignatureLength = 384 / 8,
+            MinAsymmetricKeyLength = 384,
+            MaxAsymmetricKeyLength = 384,
+            SecureChannelNonceLength = 96,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP384r1,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP384r1,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha384,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes256Cbc,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.HmacSha384,
+            IsDeprecated = false
+        };
+    }
+
+    /// <summary>
+    /// The algorithm used to generate key pairs.
+    /// </summary>
+    public enum CertificateKeyAlgorithm
+    {
+        /// <summary>
+        /// Does not apply.
+        /// </summary>
+        None,
+
+        /// <summary>
+        /// The RSA algorithm.
+        /// </summary>
+        RSA,
+
+        /// <summary>
+        /// The Diffie-Hellman algorith with RSA public keys.
+        /// </summary>
+        RSADH,
+
+        /// <summary>
+        /// The NIST P-256 ellipic curve algorithm.
+        /// </summary>
+        NistP256,
+
+        /// <summary>
+        /// The NIST P-384 ellipic curve algorithm.
+        /// </summary>
+        NistP384,
+
+        /// <summary>
+        /// The non-twisted Brainpool P-256 ellipic curve algorithm.
+        /// </summary>
+        BrainpoolP256r1,
+
+        /// <summary>
+        /// The non-twisted Brainpool P-384 ellipic curve algorithm.
+        /// </summary>
+        BrainpoolP384r1,
+
+        /// <summary>
+        /// The Edward Curve25519 ellipic curve algorithm.
+        /// </summary>
+        Curve25519,
+
+        /// <summary>
+        /// The Edward Curve25519 ellipic curve algorithm.
+        /// </summary>
+        Curve448
+    }
+
+    /// <summary>
+    /// The symmetric key derivation algorithm used to create shared keys.
+    /// </summary>
+    public enum KeyDerivationAlgorithm
+    {
+        /// <summary>
+        /// Does not apply.
+        /// </summary>
+        None,
+
+        /// <summary>
+        /// The P_SHA pseudo-random function with SHA1. This algorithm is considered insecure.
+        /// </summary>
+        PSha1,
+
+        /// <summary>
+        /// The P_SHA pseudo-random function with SHA256.
+        /// </summary>
+        PSha256,
+
+        /// <summary>
+        /// The HKDF pseudo-random function with SHA256.
+        /// </summary>
+        HKDFSha256,
+
+        /// <summary>
+        /// The HKDF pseudo-random function with SHA384.
+        /// </summary>
+        HKDFSha384
+    }
+
+    /// <summary>
+    /// The asymmetric encryption algorithm used to encrypt messages.
+    /// </summary>
+    public enum AsymmetricEncryptionAlgorithm
+    {
+        /// <summary>
+        /// Does not apply.
+        /// </summary>
+        None,
+
+        /// <summary>
+        /// RSA PKCS #1 v1.5. This algorithm is considered insecure.
+        /// </summary>
+        RsaPkcs15Sha1,
+
+        /// <summary>
+        /// RSA with OAEP padding with SHA1. This algorithm is considered insecure.
+        /// </summary>
+        RsaOaepSha1,
+
+        /// <summary>
+        /// RSA with OAEP padding with SHA256 .
+        /// </summary>
+        RsaOaepSha256
+    }
+
+    /// <summary>
+    /// The asymmetric signature algorithm used to sign messages.
+    /// </summary>
+    public enum AsymmetricSignatureAlgorithm
+    {
+        /// <summary>
+        /// Does not apply.
+        /// </summary>
+        None,
+
+        /// <summary>
+        /// RSA PKCS #1 v1.5 with SHA1. This algorithm is considered insecure.
+        /// </summary>
+        RsaPkcs15Sha1,
+
+        /// <summary>
+        /// RSA PKCS #1 v1.5 with SHA256.
+        /// </summary>
+        RsaPkcs15Sha256,
+
+        /// <summary>
+        /// RSA PSS with SHA256.
+        /// </summary>
+        RsaPssSha256,
+
+        /// <summary>
+        /// ECDSA with SHA256.
+        /// </summary>
+        EcdsaSha256,
+
+        /// <summary>
+        /// ECDSA with SHA384.
+        /// </summary>
+        EcdsaSha384,
+
+        /// <summary>
+        /// ECDSA with Curve 25519.
+        /// </summary>
+        EcdsaPure25519,
+
+        /// <summary>
+        /// ECDSA with Curve 448.
+        /// </summary>
+        EcdsaPure448
+    }
+
+    /// <summary>
+    /// The symmetric signature algorithm used to sign messages.
+    /// </summary>
+    public enum SymmetricSignatureAlgorithm
+    {
+        /// <summary>
+        /// Does not apply.
+        /// </summary>
+        None,
+
+        /// <summary>
+        /// HMAC with SHA1
+        /// </summary>
+        HmacSha1,
+
+        /// <summary>
+        /// HMAC with SHA256
+        /// </summary>
+        HmacSha256,
+
+        /// <summary>
+        /// HMAC with SHA384
+        /// </summary>
+        HmacSha384,
+
+        /// <summary>
+        /// ChaCha20Poly1305
+        /// </summary>
+        ChaCha20Poly1305,
+
+        /// <summary>
+        /// AES GCM with 128 bit tag
+        /// </summary>
+        Aes128Gcm
+    }
+
+    /// <summary>
+    /// The symmetric ecryption algorithm used to encrypt messages.
+    /// </summary>
+    public enum SymmetricEncryptionAlgorithm
+    {
+        /// <summary>
+        /// Does not apply.
+        /// </summary>
+        None,
+
+        /// <summary>
+        /// AES 128 bit in CBC mode
+        /// </summary>
+        Aes128Cbc,
+
+        /// <summary>
+        /// AES 256 bit in CBC mode
+        /// </summary>
+        Aes256Cbc,
+
+        /// <summary>
+        /// AES 128 bit in counter mode
+        /// </summary>
+        Aes128Ctr,
+
+        /// <summary>
+        /// AES 256 bit in counter mode
+        /// </summary>
+        Aes256Ctr,
+
+        /// <summary>
+        /// ChaCha20Poly1305
+        /// </summary>
+        ChaCha20Poly1305,
+
+        /// <summary>
+        /// AES 128 in GCM mode
+        /// </summary>
+        Aes128Gcm,
+
+        /// <summary>
+        /// AES 256 in GCM mode
+        /// </summary>
+        Aes256Gcm
+    }
+}
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs b/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs
index f60c516fec..e2e8cbf835 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs
@@ -11,7 +11,6 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */
 
 using System;
-using System.Security.Cryptography;
 
 namespace Opc.Ua.Bindings
 {
@@ -20,6 +19,8 @@ namespace Opc.Ua.Bindings
     /// </summary>
     public sealed class ChannelToken : IDisposable
     {
+        private bool m_disposed;
+
         /// <summary>
         /// Creates an object with default values.
         /// </summary>
@@ -34,17 +35,6 @@ private void Dispose(bool disposing)
         {
             if (!m_disposed)
             {
-                if (disposing)
-                {
-                    Utils.SilentDispose(ClientHmac);
-                    Utils.SilentDispose(ServerHmac);
-                    Utils.SilentDispose(ClientEncryptor);
-                    Utils.SilentDispose(ServerEncryptor);
-                }
-                ClientHmac = null;
-                ServerHmac = null;
-                ClientEncryptor = null;
-                ServerEncryptor = null;
                 m_disposed = true;
             }
         }
@@ -106,6 +96,11 @@ public void Dispose()
             (HiResClock.TickCount - CreatedAtTickCount) >
             (int)Math.Round(Lifetime * TcpMessageLimits.TokenActivationPeriod);
 
+        /// <summary>
+        /// The SecurityPolicy used to encrypt and sign the messages.
+        /// </summary>
+        public SecurityPolicyInfo SecurityPolicy { get; set; }
+
         /// <summary>
         /// The nonce provided by the client.
         /// </summary>
@@ -119,53 +114,31 @@ public void Dispose()
         /// <summary>
         /// The key used to sign messages sent by the client.
         /// </summary>
-        public byte[] ClientSigningKey { get; set; }
+        internal byte[] ClientSigningKey { get; set; }
 
         /// <summary>
         /// The key used to encrypt messages sent by the client.
         /// </summary>
-        public byte[] ClientEncryptingKey { get; set; }
+        internal byte[] ClientEncryptingKey { get; set; }
 
         /// <summary>
         /// The initialization vector by the client when encrypting a message.
         /// </summary>
-        public byte[] ClientInitializationVector { get; set; }
+        internal byte[] ClientInitializationVector { get; set; }
 
         /// <summary>
         /// The key used to sign messages sent by the server.
         /// </summary>
-        public byte[] ServerSigningKey { get; set; }
+        internal byte[] ServerSigningKey { get; set; }
 
         /// <summary>
         /// The key used to encrypt messages sent by the server.
         /// </summary>
-        public byte[] ServerEncryptingKey { get; set; }
+        internal byte[] ServerEncryptingKey { get; set; }
 
         /// <summary>
         /// The initialization vector by the server when encrypting a message.
         /// </summary>
-        public byte[] ServerInitializationVector { get; set; }
-
-        /// <summary>
-        /// The SymmetricAlgorithm object used by the client to encrypt messages.
-        /// </summary>
-        public SymmetricAlgorithm ClientEncryptor { get; set; }
-
-        /// <summary>
-        /// The SymmetricAlgorithm object used by the server to encrypt messages.
-        /// </summary>
-        public SymmetricAlgorithm ServerEncryptor { get; set; }
-
-        /// <summary>
-        /// The HMAC object used by the client to sign messages.
-        /// </summary>
-        public HMAC ClientHmac { get; set; }
-
-        /// <summary>
-        /// The HMAC object used by the server to sign messages.
-        /// </summary>
-        public HMAC ServerHmac { get; set; }
-
-        private bool m_disposed;
+        internal byte[] ServerInitializationVector { get; set; }
     }
 }
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
index 23751c8bb1..0abac6fd51 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
@@ -119,11 +119,6 @@ protected void DiscardTokens()
             OnTokenActivated?.Invoke(null, null);
         }
 
-        /// <summary>
-        /// Indicates that an explicit signature is not present.
-        /// </summary>
-        private bool AuthenticatedEncryption { get; set; }
-
         /// <summary>
         /// The byte length of the MAC (a.k.a signature) attached to each message.
         /// </summary>
@@ -137,71 +132,19 @@ protected void DiscardTokens()
         /// <summary>
         /// Calculates the symmetric key sizes based on the current security policy.
         /// </summary>
+        /// <exception cref="ServiceResultException"></exception>
         protected void CalculateSymmetricKeySizes()
         {
-            AuthenticatedEncryption = false;
-
-            switch (SecurityPolicyUri)
-            {
-                case SecurityPolicies.Basic128Rsa15:
-                    SymmetricSignatureSize = 20;
-                    m_signatureKeySize = 16;
-                    m_encryptionKeySize = 16;
-                    EncryptionBlockSize = 16;
-                    break;
-                case SecurityPolicies.Basic256:
-                    SymmetricSignatureSize = 20;
-                    m_signatureKeySize = 24;
-                    m_encryptionKeySize = 32;
-                    EncryptionBlockSize = 16;
-                    break;
-                case SecurityPolicies.Basic256Sha256:
-                    SymmetricSignatureSize = 32;
-                    m_signatureKeySize = 32;
-                    m_encryptionKeySize = 32;
-                    EncryptionBlockSize = 16;
-                    break;
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                    SymmetricSignatureSize = 32;
-                    m_signatureKeySize = 32;
-                    m_encryptionKeySize = 16;
-                    EncryptionBlockSize = 16;
-                    break;
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
-                    SymmetricSignatureSize = 32;
-                    m_signatureKeySize = 32;
-                    m_encryptionKeySize = 32;
-                    EncryptionBlockSize = 16;
-                    break;
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                    SymmetricSignatureSize = 32;
-                    m_signatureKeySize = 32;
-                    m_encryptionKeySize = 16;
-                    EncryptionBlockSize = 16;
-                    break;
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                    AuthenticatedEncryption = true;
-                    SymmetricSignatureSize = 16;
-                    m_signatureKeySize = 32;
-                    m_encryptionKeySize = 32;
-                    EncryptionBlockSize = 12;
-                    break;
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    SymmetricSignatureSize = 48;
-                    m_signatureKeySize = 48;
-                    m_encryptionKeySize = 32;
-                    EncryptionBlockSize = 16;
-                    break;
-                default:
-                    SymmetricSignatureSize = 0;
-                    m_signatureKeySize = 0;
-                    m_encryptionKeySize = 0;
-                    EncryptionBlockSize = 1;
-                    break;
-            }
+            SecurityPolicyInfo info = SecurityPolicies.GetInfo(SecurityPolicyUri)
+                ?? throw ServiceResultException.Create(
+                    StatusCodes.BadSecurityPolicyRejected,
+                    "Unsupported security policy: {0}",
+                    SecurityPolicyUri);
+
+            SymmetricSignatureSize = info.SymmetricSignatureLength;
+            m_signatureKeySize = info.DerivedSignatureKeyLength;
+            m_encryptionKeySize = info.SymmetricEncryptionKeyLength;
+            EncryptionBlockSize = info.InitializationVectorLength != 0 ? info.InitializationVectorLength : 1;
         }
 
         private void DeriveKeysWithPSHA(
@@ -239,22 +182,28 @@ private void DeriveKeysWithPSHA(
         }
 
         private void DeriveKeysWithHKDF(
-            HashAlgorithmName algorithmName,
-            byte[] salt,
             ChannelToken token,
+            byte[] salt,
             bool isServer)
         {
-            int length = m_signatureKeySize + m_encryptionKeySize + EncryptionBlockSize;
+            int length =
+                token.SecurityPolicy.DerivedSignatureKeyLength +
+                token.SecurityPolicy.SymmetricEncryptionKeyLength +
+                token.SecurityPolicy.InitializationVectorLength;
 
-            byte[] output = m_localNonce.DeriveKey(m_remoteNonce, salt, algorithmName, length);
+            byte[] prk = m_localNonce.DeriveKey(
+                m_remoteNonce,
+                salt,
+                token.SecurityPolicy.GetKeyDerivationHashAlgorithmName(),
+                length);
 
             byte[] signingKey = new byte[m_signatureKeySize];
             byte[] encryptingKey = new byte[m_encryptionKeySize];
             byte[] iv = new byte[EncryptionBlockSize];
 
-            Buffer.BlockCopy(output, 0, signingKey, 0, signingKey.Length);
-            Buffer.BlockCopy(output, m_signatureKeySize, encryptingKey, 0, encryptingKey.Length);
-            Buffer.BlockCopy(output, m_signatureKeySize + m_encryptionKeySize, iv, 0, iv.Length);
+            Buffer.BlockCopy(prk, 0, signingKey, 0, signingKey.Length);
+            Buffer.BlockCopy(prk, m_signatureKeySize, encryptingKey, 0, encryptingKey.Length);
+            Buffer.BlockCopy(prk, m_signatureKeySize + m_encryptionKeySize, iv, 0, iv.Length);
 
             if (isServer)
             {
@@ -280,172 +229,45 @@ protected void ComputeKeys(ChannelToken token)
                 return;
             }
 
+            token.SecurityPolicy = SecurityPolicies.GetInfo(SecurityPolicyUri);
+
             byte[] serverSecret = token.ServerNonce;
             byte[] clientSecret = token.ClientNonce;
 
-            HashAlgorithmName algorithmName = HashAlgorithmName.SHA256;
-            switch (SecurityPolicyUri)
+            if (token.SecurityPolicy.KeyDerivationAlgorithm == KeyDerivationAlgorithm.PSha1 ||
+                token.SecurityPolicy.KeyDerivationAlgorithm == KeyDerivationAlgorithm.PSha256)
             {
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                {
-                    algorithmName = HashAlgorithmName.SHA256;
-                    byte[] length =
-                        SecurityMode == MessageSecurityMode.Sign
-                            ? s_hkdfAes128SignOnlyKeyLength
-                            : s_hkdfAes128SignAndEncryptKeyLength;
-                    byte[] serverSalt = Utils.Append(
-                        length,
-                        s_hkdfServerLabel,
-                        serverSecret,
-                        clientSecret);
-                    byte[] clientSalt = Utils.Append(
-                        length,
-                        s_hkdfClientLabel,
-                        clientSecret,
-                        serverSecret);
-
-#if DEBUG
-                    m_logger.LogDebug("Length={Length}", Utils.ToHexString(length));
-                    m_logger.LogDebug("ClientSecret={ClientSecret}", Utils.ToHexString(clientSecret));
-                    m_logger.LogDebug("ServerSecret={ServerSecret}", Utils.ToHexString(clientSecret));
-                    m_logger.LogDebug("ServerSalt={ServerSalt}", Utils.ToHexString(serverSalt));
-                    m_logger.LogDebug("ClientSalt={ClientSalt}", Utils.ToHexString(clientSalt));
-#endif
-
-                    DeriveKeysWithHKDF(algorithmName, serverSalt, token, true);
-                    DeriveKeysWithHKDF(algorithmName, clientSalt, token, false);
-                    break;
-                }
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                {
-                    algorithmName = HashAlgorithmName.SHA384;
-                    byte[] length =
-                        SecurityMode == MessageSecurityMode.Sign
-                            ? s_hkdfAes256SignOnlyKeyLength
-                            : s_hkdfAes256SignAndEncryptKeyLength;
-                    byte[] serverSalt = Utils.Append(
-                        length,
-                        s_hkdfServerLabel,
-                        serverSecret,
-                        clientSecret);
-                    byte[] clientSalt = Utils.Append(
-                        length,
-                        s_hkdfClientLabel,
-                        clientSecret,
-                        serverSecret);
-
-#if DEBUG
-                    m_logger.LogDebug("Length={Length}", Utils.ToHexString(length));
-                    m_logger.LogDebug("ClientSecret={ClientSecret}", Utils.ToHexString(clientSecret));
-                    m_logger.LogDebug("ServerSecret={ServerSecret}", Utils.ToHexString(clientSecret));
-                    m_logger.LogDebug("ServerSalt={ServerSalt}", Utils.ToHexString(serverSalt));
-                    m_logger.LogDebug("ClientSalt={ClientSalt}", Utils.ToHexString(clientSalt));
-#endif
-
-                    DeriveKeysWithHKDF(algorithmName, serverSalt, token, true);
-                    DeriveKeysWithHKDF(algorithmName, clientSalt, token, false);
-                    break;
-                }
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                {
-                    algorithmName = HashAlgorithmName.SHA256;
-                    byte[] length = s_hkdfChaCha20Poly1305KeyLength;
-                    byte[] serverSalt = Utils.Append(
-                        length,
-                        s_hkdfServerLabel,
-                        serverSecret,
-                        clientSecret);
-                    byte[] clientSalt = Utils.Append(
-                        length,
-                        s_hkdfClientLabel,
-                        clientSecret,
-                        serverSecret);
+                HashAlgorithmName algorithmName = token.SecurityPolicy.GetKeyDerivationHashAlgorithmName();
+                DeriveKeysWithPSHA(algorithmName, serverSecret, clientSecret, token, false);
+                DeriveKeysWithPSHA(algorithmName, clientSecret, serverSecret, token, true);
+            }
+            else
+            {
+                byte[] keyData = SecurityMode == MessageSecurityMode.Sign
+                    ? token.SecurityPolicy.KeyDataLength
+                    : token.SecurityPolicy.KeyDataLength;
+
+                byte[] serverSalt = Utils.Append(
+                    keyData,
+                    s_hkdfServerLabel,
+                    serverSecret,
+                    clientSecret);
+                byte[] clientSalt = Utils.Append(
+                    keyData,
+                    s_hkdfClientLabel,
+                    clientSecret,
+                    serverSecret);
 
 #if DEBUG
-                    m_logger.LogDebug("Length={Length}", Utils.ToHexString(length));
-                    m_logger.LogDebug("ClientSecret={ClientSecret}", Utils.ToHexString(clientSecret));
-                    m_logger.LogDebug("ServerSecret={ServerSecret}", Utils.ToHexString(clientSecret));
-                    m_logger.LogDebug("ServerSalt={ServerSalt}", Utils.ToHexString(serverSalt));
-                    m_logger.LogDebug("ClientSalt={ClientSalt}", Utils.ToHexString(clientSalt));
+                m_logger.LogDebug("KeyData={KeyData}", Utils.ToHexString(keyData));
+                m_logger.LogDebug("ClientSecret={ClientSecret}", Utils.ToHexString(clientSecret));
+                m_logger.LogDebug("ServerSecret={ServerSecret}", Utils.ToHexString(serverSecret));
+                m_logger.LogDebug("ServerSalt={ServerSalt}", Utils.ToHexString(serverSalt));
+                m_logger.LogDebug("ClientSalt={ClientSalt}", Utils.ToHexString(clientSalt));
 #endif
 
-                    DeriveKeysWithHKDF(algorithmName, serverSalt, token, true);
-                    DeriveKeysWithHKDF(algorithmName, clientSalt, token, false);
-                    break;
-                }
-                case SecurityPolicies.Basic128Rsa15:
-                case SecurityPolicies.Basic256:
-                    algorithmName = HashAlgorithmName.SHA1;
-                    goto default;
-                default:
-                    DeriveKeysWithPSHA(algorithmName, serverSecret, clientSecret, token, false);
-                    DeriveKeysWithPSHA(algorithmName, clientSecret, serverSecret, token, true);
-                    break;
-            }
-
-            switch (SecurityPolicyUri)
-            {
-                case SecurityPolicies.Basic128Rsa15:
-                case SecurityPolicies.Basic256:
-                case SecurityPolicies.Basic256Sha256:
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    // create encryptors.
-                    var aesCbcEncryptorProvider = Aes.Create();
-                    aesCbcEncryptorProvider.Mode = CipherMode.CBC;
-                    aesCbcEncryptorProvider.Padding = PaddingMode.None;
-                    aesCbcEncryptorProvider.Key = token.ClientEncryptingKey;
-                    aesCbcEncryptorProvider.IV = token.ClientInitializationVector;
-                    token.ClientEncryptor = aesCbcEncryptorProvider;
-
-                    var aesCbcDecryptorProvider = Aes.Create();
-                    aesCbcDecryptorProvider.Mode = CipherMode.CBC;
-                    aesCbcDecryptorProvider.Padding = PaddingMode.None;
-                    aesCbcDecryptorProvider.Key = token.ServerEncryptingKey;
-                    aesCbcDecryptorProvider.IV = token.ServerInitializationVector;
-                    token.ServerEncryptor = aesCbcDecryptorProvider;
-                    break;
-                default:
-                    // TODO: is this even legal or should we throw? What are the implications
-                    token.ClientEncryptor = null;
-                    token.ServerEncryptor = null;
-                    break;
-            }
-
-            switch (SecurityPolicyUri)
-            {
-                case SecurityPolicies.Basic128Rsa15:
-                case SecurityPolicies.Basic256:
-#pragma warning disable CA5350 // Do Not Use Weak Cryptographic Algorithms
-                    token.ServerHmac = new HMACSHA1(token.ServerSigningKey);
-                    token.ClientHmac = new HMACSHA1(token.ClientSigningKey);
-#pragma warning restore CA5350 // Do Not Use Weak Cryptographic Algorithms
-                    break;
-                case SecurityPolicies.Basic256Sha256:
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                    token.ServerHmac = new HMACSHA256(token.ServerSigningKey);
-                    token.ClientHmac = new HMACSHA256(token.ClientSigningKey);
-                    break;
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    token.ServerHmac = new HMACSHA384(token.ServerSigningKey);
-                    token.ClientHmac = new HMACSHA384(token.ClientSigningKey);
-                    break;
-                default:
-                    // TODO: is this even legal or should we throw? What are the implications
-                    token.ServerHmac = null;
-                    token.ClientHmac = null;
-                    break;
+                DeriveKeysWithHKDF(token, serverSalt, true);
+                DeriveKeysWithHKDF(token, clientSalt, false);
             }
         }
 
@@ -478,8 +300,8 @@ protected BufferCollection WriteSymmetricMessage(
                 const int headerSize = TcpMessageLimits.SymmetricHeaderSize +
                     TcpMessageLimits.SequenceHeaderSize;
 
-                // no padding byte.
-                if (AuthenticatedEncryption)
+                // no padding byte for authenticated encryption.
+                if (token.SecurityPolicy.NoSymmetricEncryptionPadding)
                 {
                     maxPayloadSize++;
                 }
@@ -597,7 +419,7 @@ protected BufferCollection WriteSymmetricMessage(
                     int padding = 0;
 
                     if (SecurityMode == MessageSecurityMode.SignAndEncrypt &&
-                        !AuthenticatedEncryption)
+                        !token.SecurityPolicy.NoSymmetricEncryptionPadding)
                     {
                         // reserve one byte for the padding size.
                         count++;
@@ -631,7 +453,7 @@ protected BufferCollection WriteSymmetricMessage(
 
                     // write padding.
                     if (SecurityMode == MessageSecurityMode.SignAndEncrypt &&
-                        !AuthenticatedEncryption)
+                        !token.SecurityPolicy.NoSymmetricEncryptionPadding)
                     {
 #if NETSTANDARD2_1_OR_GREATER || NET6_0_OR_GREATER
                         if (padding > 1)
@@ -653,7 +475,7 @@ protected BufferCollection WriteSymmetricMessage(
                     // calculate and write signature.
                     if (SecurityMode != MessageSecurityMode.None)
                     {
-                        if (AuthenticatedEncryption)
+                        if (token.SecurityPolicy.NoSymmetricEncryptionPadding)
                         {
                             strm.Seek(SymmetricSignatureSize, SeekOrigin.Current);
                         }
@@ -672,8 +494,8 @@ protected BufferCollection WriteSymmetricMessage(
                     }
 
                     if ((SecurityMode == MessageSecurityMode.SignAndEncrypt &&
-                        !AuthenticatedEncryption) ||
-                        (SecurityMode != MessageSecurityMode.None && AuthenticatedEncryption))
+                        !token.SecurityPolicy.NoSymmetricEncryptionPadding) ||
+                        (SecurityMode != MessageSecurityMode.None && token.SecurityPolicy.NoSymmetricEncryptionPadding))
                     {
                         // encrypt the data.
                         var dataToEncrypt = new ArraySegment<byte>(
@@ -915,7 +737,7 @@ protected bool Verify(
         }
 
         /// <summary>
-        /// Decrypts the data in a buffer using symmetric encryption.
+        /// Encrypts and signs the data in a buffer using symmetric encryption.
         /// </summary>
         /// <exception cref="NotSupportedException"></exception>
         protected void Encrypt(
@@ -923,48 +745,34 @@ protected void Encrypt(
             ArraySegment<byte> dataToEncrypt,
             bool useClientKeys)
         {
-            switch (SecurityPolicyUri)
+            if (SecurityPolicyUri == SecurityPolicies.None)
             {
-                case SecurityPolicies.None:
-                    break;
-                case SecurityPolicies.Basic256:
-                case SecurityPolicies.Basic256Sha256:
-                case SecurityPolicies.Basic128Rsa15:
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    SymmetricEncrypt(token, dataToEncrypt, useClientKeys);
-                    break;
+                return;
+            }
 
-#if CURVE25519
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                {
-                    if (SecurityMode == MessageSecurityMode.SignAndEncrypt)
-                    {
-                        // narowing conversion can safely be done on m_localSequenceNumber
-                        SymmetricEncryptWithChaCha20Poly1305(
-                            token,
-                            (uint)m_localSequenceNumber,
-                            dataToEncrypt,
-                            useClientKeys);
-                        break;
-                    }
-                    // narowing conversion can safely be done on m_localSequenceNumber
-                    SymmetricSignWithPoly1305(token, (uint)m_localSequenceNumber, dataToEncrypt, useClientKeys);
-                    break;
-                }
-#endif
-                default:
-                    throw new NotSupportedException(SecurityPolicyUri);
+            byte[] encryptingKey = useClientKeys ? token.ClientEncryptingKey : token.ServerEncryptingKey;
+            byte[] iv = useClientKeys ? token.ClientInitializationVector : token.ServerInitializationVector;
+            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
+
+            bool signOnly = SecurityMode == MessageSecurityMode.Sign;
+
+            ArraySegment<byte> result = EccUtils.SymmetricEncryptAndSign(
+                dataToEncrypt,
+                token.SecurityPolicy,
+                encryptingKey,
+                iv,
+                signingKey,
+                signOnly);
+
+            // Copy result back to original buffer if different
+            if (result.Array != dataToEncrypt.Array || result.Offset != dataToEncrypt.Offset)
+            {
+                Buffer.BlockCopy(result.Array, result.Offset, dataToEncrypt.Array, dataToEncrypt.Offset, result.Count);
             }
         }
 
         /// <summary>
-        /// Decrypts the data in a buffer using symmetric encryption.
+        /// Decrypts and verifies the data in a buffer using symmetric encryption.
         /// </summary>
         /// <exception cref="NotSupportedException"></exception>
         protected void Decrypt(
@@ -972,43 +780,29 @@ protected void Decrypt(
             ArraySegment<byte> dataToDecrypt,
             bool useClientKeys)
         {
-            switch (SecurityPolicyUri)
+            if (SecurityPolicyUri == SecurityPolicies.None)
             {
-                case SecurityPolicies.None:
-                    break;
-                case SecurityPolicies.Basic256:
-                case SecurityPolicies.Basic256Sha256:
-                case SecurityPolicies.Basic128Rsa15:
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
-                    SymmetricDecrypt(token, dataToDecrypt, useClientKeys);
-                    break;
+                return;
+            }
 
-#if CURVE25519
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                {
-                    if (SecurityMode == MessageSecurityMode.SignAndEncrypt)
-                    {
-                        SymmetricDecryptWithChaCha20Poly1305(
-                            token,
-                            m_remoteSequenceNumber,
-                            dataToDecrypt,
-                            useClientKeys);
-                        break;
-                    }
+            byte[] encryptingKey = useClientKeys ? token.ClientEncryptingKey : token.ServerEncryptingKey;
+            byte[] iv = useClientKeys ? token.ClientInitializationVector : token.ServerInitializationVector;
+            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
 
-                    SymmetricVerifyWithPoly1305(token, m_remoteSequenceNumber, dataToDecrypt, useClientKeys);
-                    break;
-                }
-#endif
+            bool signOnly = SecurityMode == MessageSecurityMode.Sign;
 
-                default:
-                    throw new NotSupportedException(SecurityPolicyUri);
+            ArraySegment<byte> result = EccUtils.SymmetricDecryptAndVerify(
+                dataToDecrypt,
+                token.SecurityPolicy,
+                encryptingKey,
+                iv,
+                signingKey,
+                signOnly);
+
+            // Copy result back to original buffer if different
+            if (result.Array != dataToDecrypt.Array || result.Offset != dataToDecrypt.Offset)
+            {
+                Buffer.BlockCopy(result.Array, result.Offset, dataToDecrypt.Array, dataToDecrypt.Offset, result.Count);
             }
         }
 
@@ -1021,8 +815,9 @@ private static byte[] SymmetricSign(
             ReadOnlySpan<byte> dataToSign,
             bool useClientKeys)
         {
-            // get HMAC object.
-            HMAC hmac = useClientKeys ? token.ClientHmac : token.ServerHmac;
+            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
+
+            using HMAC hmac = token.SecurityPolicy.CreateSignatureHmac(signingKey);
 
             // compute hash.
             int hashSizeInBytes = hmac.HashSize >> 3;
@@ -1049,8 +844,10 @@ private static byte[] SymmetricSign(
             ArraySegment<byte> dataToSign,
             bool useClientKeys)
         {
-            // get HMAC object.
-            HMAC hmac = useClientKeys ? token.ClientHmac : token.ServerHmac;
+            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
+
+            using HMAC hmac = token.SecurityPolicy.CreateSignatureHmac(signingKey);
+            
             // compute hash.
             var istrm = new MemoryStream(
                 dataToSign.Array,
@@ -1075,8 +872,9 @@ private bool SymmetricVerify(
             ReadOnlySpan<byte> dataToVerify,
             bool useClientKeys)
         {
-            // get HMAC object.
-            HMAC hmac = useClientKeys ? token.ClientHmac : token.ServerHmac;
+            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
+
+            using HMAC hmac = token.SecurityPolicy.CreateSignatureHmac(signingKey);
 
             // compute hash.
             int hashSizeInBytes = hmac.HashSize >> 3;
@@ -1103,8 +901,9 @@ private bool SymmetricVerify(
             ArraySegment<byte> dataToVerify,
             bool useClientKeys)
         {
-            // get HMAC object.
-            HMAC hmac = useClientKeys ? token.ClientHmac : token.ServerHmac;
+            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
+
+            using HMAC hmac = token.SecurityPolicy.CreateSignatureHmac(signingKey);
 
             var istrm = new MemoryStream(
                 dataToVerify.Array,
@@ -1140,67 +939,7 @@ private bool SymmetricVerify(
             return true;
         }
 
-        /// <summary>
-        /// Encrypts a message using a symmetric algorithm.
-        /// </summary>
-        /// <exception cref="ServiceResultException"></exception>
-        private static void SymmetricEncrypt(
-            ChannelToken token,
-            ArraySegment<byte> dataToEncrypt,
-            bool useClientKeys)
-        {
-            SymmetricAlgorithm encryptingKey =
-                (useClientKeys ? token.ClientEncryptor : token.ServerEncryptor)
-                ?? throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "Token missing symmetric key object.");
-
-            using ICryptoTransform encryptor = encryptingKey.CreateEncryptor();
-            byte[] blockToEncrypt = dataToEncrypt.Array;
-
-            int start = dataToEncrypt.Offset;
-            int count = dataToEncrypt.Count;
-
-            if (count % encryptor.InputBlockSize != 0)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "Input data is not an even number of encryption blocks.");
-            }
-            encryptor.TransformBlock(blockToEncrypt, start, count, blockToEncrypt, start);
-        }
-
-        /// <summary>
-        /// Decrypts a message using a symmetric algorithm.
-        /// </summary>
-        /// <exception cref="ServiceResultException"></exception>
-        private static void SymmetricDecrypt(
-            ChannelToken token,
-            ArraySegment<byte> dataToDecrypt,
-            bool useClientKeys)
-        {
-            // get the decrypting key.
-            SymmetricAlgorithm decryptingKey =
-                (useClientKeys ? token.ClientEncryptor : token.ServerEncryptor)
-                ?? throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "Token missing symmetric key object.");
-
-            using ICryptoTransform decryptor = decryptingKey.CreateDecryptor();
-            byte[] blockToDecrypt = dataToDecrypt.Array;
-
-            int start = dataToDecrypt.Offset;
-            int count = dataToDecrypt.Count;
-
-            if (count % decryptor.InputBlockSize != 0)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "Input data is not an even number of encryption blocks.");
-            }
 
-            decryptor.TransformBlock(blockToDecrypt, start, count, blockToDecrypt, start);
-        }
 
 #if CURVE25519
         /// <summary>

From 45b07a224f6cd5f0d89f2f6ed7c4de125e57e03c Mon Sep 17 00:00:00 2001
From: mrsuciu <Mircea-Adrian.Suciu@softing.com>
Date: Thu, 20 Nov 2025 14:40:58 +0200
Subject: [PATCH 02/15] Tailor SecurityPolicyUri for format expected in
 s_securityPolicyUriToInfo

---
 Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs | 6 ++++++
 .../Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs | 8 +++++++-
 Stack/Opc.Ua.Core/Types/Utils/Utils.cs                   | 9 ++++++++-
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
index a2526cab58..77629234da 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
@@ -103,6 +103,12 @@ public static class SecurityPolicies
 
         private static bool IsPlatformSupportedName(string name)
         {
+            // If name contains BaseUri trim the BaseUri part
+            if (name.StartsWith(BaseUri, StringComparison.Ordinal))
+            {
+                name = name.Substring(BaseUri.Length);
+            }
+
             // all RSA
             if (name.Equals(nameof(None), StringComparison.Ordinal) ||
                 name.Equals(nameof(Basic256), StringComparison.Ordinal) ||
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
index 0abac6fd51..760f9c0163 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
@@ -135,7 +135,13 @@ protected void DiscardTokens()
         /// <exception cref="ServiceResultException"></exception>
         protected void CalculateSymmetricKeySizes()
         {
-            SecurityPolicyInfo info = SecurityPolicies.GetInfo(SecurityPolicyUri)
+            var securityPolicyUri = SecurityPolicyUri;
+            if (securityPolicyUri.StartsWith(SecurityPolicies.BaseUri, StringComparison.Ordinal))
+            {
+                securityPolicyUri = securityPolicyUri.Substring(SecurityPolicies.BaseUri.Length);
+            }
+
+            SecurityPolicyInfo info = SecurityPolicies.GetInfo(securityPolicyUri)
                 ?? throw ServiceResultException.Create(
                     StatusCodes.BadSecurityPolicyRejected,
                     "Unsupported security policy: {0}",
diff --git a/Stack/Opc.Ua.Core/Types/Utils/Utils.cs b/Stack/Opc.Ua.Core/Types/Utils/Utils.cs
index 07ccd2e251..6a95ecc2ae 100644
--- a/Stack/Opc.Ua.Core/Types/Utils/Utils.cs
+++ b/Stack/Opc.Ua.Core/Types/Utils/Utils.cs
@@ -655,7 +655,14 @@ public static IPAddress[] GetHostAddresses(string hostNameOrAddress)
         /// <remarks>If the platform returns a FQDN, only the host name is returned.</remarks>
         public static string GetHostName()
         {
-            return Dns.GetHostName().Split('.')[0].ToLowerInvariant();
+            var hostName = Dns.GetHostName();
+            // If platform returns an IPv4 or IPv6 address return it as is
+            if (IPAddress.TryParse(hostName, out _))
+            {
+                return hostName;
+            }
+
+            return hostName.Split('.')[0].ToLowerInvariant();
         }
 
         /// <summary>

From cfbebe7962c709bd8c462636c3da754485586134 Mon Sep 17 00:00:00 2001
From: mrsuciu <Mircea-Adrian.Suciu@Softing.com>
Date: Fri, 21 Nov 2025 20:12:00 +0200
Subject: [PATCH 03/15] Enhance security policy handling and key computation
 logic

---
 .../Security/Constants/SecurityPolicies.cs    |  29 ++++-
 .../Security/Constants/SecurityPolicyInfo.cs  |   6 +-
 .../Stack/Tcp/UaSCBinaryChannel.Symmetric.cs  | 116 +++++++++++++++---
 3 files changed, 131 insertions(+), 20 deletions(-)

diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
index 77629234da..a2920d6e80 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
@@ -157,15 +157,24 @@ private static bool IsPlatformSupportedName(string name)
 
         /// <summary>
         /// Returns the info object associated with the SecurityPolicyUri.
+        /// Supports both full URI and short name (without BaseUri prefix).
         /// </summary>
         public static SecurityPolicyInfo GetInfo(string securityPolicyUri)
         {
+            // Try full URI lookup first (e.g., "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256")
             if (s_securityPolicyUriToInfo.Value.TryGetValue(securityPolicyUri, out SecurityPolicyInfo info) &&
                 IsPlatformSupportedName(info.Name))
             {
                 return info;
             }
 
+            // Try short name lookup (e.g., "Basic256Sha256")
+            if (s_securityPolicyNameToInfo.Value.TryGetValue(securityPolicyUri, out info) &&
+                IsPlatformSupportedName(info.Name))
+            {
+                return info;
+            }
+
             return null;
         }
 
@@ -695,11 +704,14 @@ public static bool Verify(
         private static readonly Lazy<IReadOnlyDictionary<string, SecurityPolicyInfo>> s_securityPolicyNameToInfo =
             new(() =>
             {
-                FieldInfo[] fields = typeof(SecurityPolicies).GetFields(
+                FieldInfo[] policyFields = typeof(SecurityPolicies).GetFields(
+                    BindingFlags.Public | BindingFlags.Static);
+
+                FieldInfo[] infoFields = typeof(SecurityPolicyInfo).GetFields(
                     BindingFlags.Public | BindingFlags.Static);
 
                 var keyValuePairs = new Dictionary<string, SecurityPolicyInfo>();
-                foreach (FieldInfo field in fields)
+                foreach (FieldInfo field in policyFields)
                 {
                     string policyUri = (string)field.GetValue(typeof(SecurityPolicies));
                     if (field.Name == nameof(BaseUri) ||
@@ -709,7 +721,18 @@ public static bool Verify(
                         continue;
                     }
 
-                    keyValuePairs.Add(field.Name, new SecurityPolicyInfo(field.Name, policyUri));
+                    // Find the corresponding SecurityPolicyInfo field by name
+                    FieldInfo infoField = Array.Find(infoFields, f => f.Name == field.Name);
+                    if (infoField != null && infoField.FieldType == typeof(SecurityPolicyInfo))
+                    {
+                        SecurityPolicyInfo info = (SecurityPolicyInfo)infoField.GetValue(null);
+                        keyValuePairs.Add(field.Name, info);
+                    }
+                    else
+                    {
+                        // Fallback to creating a minimal instance for unknown policies
+                        keyValuePairs.Add(field.Name, new SecurityPolicyInfo(policyUri, field.Name));
+                    }
                 }
 #if NET8_0_OR_GREATER
                 return keyValuePairs.ToFrozenDictionary();
diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
index fcbb7f2712..af75058c8f 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
@@ -210,7 +210,8 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
         {
             DerivedSignatureKeyLength = 128 / 8,
             SymmetricEncryptionKeyLength = 128 / 8,
-            SymmetricSignatureLength = 128 / 8,
+            // HMAC-SHA1 produces a 160-bit MAC
+            SymmetricSignatureLength = 160 / 8,
             InitializationVectorLength = 128 / 8,
             MinAsymmetricKeyLength = 1024,
             MaxAsymmetricKeyLength = 2048,
@@ -234,7 +235,8 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
         {
             DerivedSignatureKeyLength = 192 / 8,
             SymmetricEncryptionKeyLength = 256 / 8,
-            SymmetricSignatureLength = 256 / 8,
+            // HMAC-SHA1 produces a 160-bit MAC
+            SymmetricSignatureLength = 160 / 8,
             InitializationVectorLength = 128 / 8,
             MinAsymmetricKeyLength = 1024,
             MaxAsymmetricKeyLength = 2048,
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
index 760f9c0163..562272fbf7 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
@@ -230,16 +230,35 @@ private void DeriveKeysWithHKDF(
         /// </summary>
         protected void ComputeKeys(ChannelToken token)
         {
+            // Strip BaseUri prefix to get short name for dictionary lookup
+            var securityPolicyUri = SecurityPolicyUri;
+            if (securityPolicyUri.StartsWith(SecurityPolicies.BaseUri, StringComparison.Ordinal))
+            {
+                securityPolicyUri = securityPolicyUri.Substring(SecurityPolicies.BaseUri.Length);
+            }
+
+            token.SecurityPolicy = SecurityPolicies.GetInfo(securityPolicyUri);
+
+            if (token.SecurityPolicy == null)
+            {
+                throw ServiceResultException.Create(
+                    StatusCodes.BadSecurityPolicyRejected,
+                    "Unsupported security policy: {0}",
+                    SecurityPolicyUri);
+            }
+
             if (SecurityMode == MessageSecurityMode.None)
             {
                 return;
             }
 
-            token.SecurityPolicy = SecurityPolicies.GetInfo(SecurityPolicyUri);
-
             byte[] serverSecret = token.ServerNonce;
             byte[] clientSecret = token.ClientNonce;
 
+            m_logger?.LogInformation(
+                "[ComputeKeys] KeyDerivationAlgorithm: {Algo}",
+                token.SecurityPolicy.KeyDerivationAlgorithm);
+
             if (token.SecurityPolicy.KeyDerivationAlgorithm == KeyDerivationAlgorithm.PSha1 ||
                 token.SecurityPolicy.KeyDerivationAlgorithm == KeyDerivationAlgorithm.PSha256)
             {
@@ -614,10 +633,11 @@ protected ArraySegment<byte> ReadSymmetricMessage(
 
             int headerSize = decoder.Position;
 
+            int decryptedCount = buffer.Count - headerSize;
             if (SecurityMode == MessageSecurityMode.SignAndEncrypt)
             {
                 // decrypt the message.
-                Decrypt(
+                decryptedCount = Decrypt(
                     token,
                     new ArraySegment<byte>(
                         buffer.Array,
@@ -627,9 +647,14 @@ protected ArraySegment<byte> ReadSymmetricMessage(
             }
 
             int paddingCount = 0;
-            if (SecurityMode != MessageSecurityMode.None)
+            if (SecurityMode != MessageSecurityMode.None &&
+                !token.SecurityPolicy.NoSymmetricEncryptionPadding)
             {
-                int signatureStart = buffer.Offset + buffer.Count - SymmetricSignatureSize;
+                int signatureStart =
+                    buffer.Offset +
+                    headerSize +
+                    decryptedCount -
+                    SymmetricSignatureSize;
 
                 // extract signature.
                 byte[] signature = new byte[SymmetricSignatureSize];
@@ -642,7 +667,7 @@ protected ArraySegment<byte> ReadSymmetricMessage(
                         new ArraySegment<byte>(
                             buffer.Array,
                             buffer.Offset,
-                            buffer.Count - SymmetricSignatureSize),
+                            headerSize + decryptedCount - SymmetricSignatureSize),
                         isRequest))
                 {
                     m_logger.LogError("ChannelId {Id}: Could not verify signature on message.", Id);
@@ -671,6 +696,11 @@ protected ArraySegment<byte> ReadSymmetricMessage(
                     paddingCount++;
                 }
             }
+            else if (SecurityMode != MessageSecurityMode.None)
+            {
+                // AEAD algorithms are verified during decrypt.
+                paddingCount = 0;
+            }
 
             // extract request id and sequence number.
             sequenceNumber = decoder.ReadUInt32(null);
@@ -682,11 +712,13 @@ protected ArraySegment<byte> ReadSymmetricMessage(
                 TcpMessageLimits.SymmetricHeaderSize +
                 TcpMessageLimits.SequenceHeaderSize;
             int sizeOfBody =
-                buffer.Count -
-                TcpMessageLimits.SymmetricHeaderSize -
+                decryptedCount -
                 TcpMessageLimits.SequenceHeaderSize -
                 paddingCount -
-                SymmetricSignatureSize;
+                (SecurityMode != MessageSecurityMode.None &&
+                 !token.SecurityPolicy.NoSymmetricEncryptionPadding
+                    ? SymmetricSignatureSize
+                    : 0);
 
             return new ArraySegment<byte>(buffer.Array, startOfBody, sizeOfBody);
         }
@@ -751,16 +783,41 @@ protected void Encrypt(
             ArraySegment<byte> dataToEncrypt,
             bool useClientKeys)
         {
+            byte[] encryptingKey = useClientKeys ? token.ClientEncryptingKey : token.ServerEncryptingKey;
+            byte[] iv = useClientKeys ? token.ClientInitializationVector : token.ServerInitializationVector;
+            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
+
+            bool signOnly = SecurityMode == MessageSecurityMode.Sign;
+
             if (SecurityPolicyUri == SecurityPolicies.None)
             {
                 return;
             }
 
-            byte[] encryptingKey = useClientKeys ? token.ClientEncryptingKey : token.ServerEncryptingKey;
-            byte[] iv = useClientKeys ? token.ClientInitializationVector : token.ServerInitializationVector;
-            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
+            // For CBC based policies the caller already applied padding and signatures.
+            if (token.SecurityPolicy.SymmetricEncryptionAlgorithm is SymmetricEncryptionAlgorithm.Aes128Cbc
+                or SymmetricEncryptionAlgorithm.Aes256Cbc)
+            {
+                if (signOnly)
+                {
+                    return;
+                }
 
-            bool signOnly = SecurityMode == MessageSecurityMode.Sign;
+                using var aes = Aes.Create();
+                aes.Mode = CipherMode.CBC;
+                aes.Padding = PaddingMode.None;
+                aes.Key = encryptingKey;
+                aes.IV = iv;
+
+                using ICryptoTransform encryptor = aes.CreateEncryptor();
+                encryptor.TransformBlock(
+                    dataToEncrypt.Array,
+                    dataToEncrypt.Offset,
+                    dataToEncrypt.Count,
+                    dataToEncrypt.Array,
+                    dataToEncrypt.Offset);
+                return;
+            }
 
             ArraySegment<byte> result = EccUtils.SymmetricEncryptAndSign(
                 dataToEncrypt,
@@ -781,14 +838,14 @@ protected void Encrypt(
         /// Decrypts and verifies the data in a buffer using symmetric encryption.
         /// </summary>
         /// <exception cref="NotSupportedException"></exception>
-        protected void Decrypt(
+        protected int Decrypt(
             ChannelToken token,
             ArraySegment<byte> dataToDecrypt,
             bool useClientKeys)
         {
             if (SecurityPolicyUri == SecurityPolicies.None)
             {
-                return;
+                return dataToDecrypt.Count;
             }
 
             byte[] encryptingKey = useClientKeys ? token.ClientEncryptingKey : token.ServerEncryptingKey;
@@ -797,6 +854,32 @@ protected void Decrypt(
 
             bool signOnly = SecurityMode == MessageSecurityMode.Sign;
 
+            // For CBC based policies the caller will verify signatures and remove padding.
+            if (token.SecurityPolicy.SymmetricEncryptionAlgorithm is SymmetricEncryptionAlgorithm.Aes128Cbc
+                or SymmetricEncryptionAlgorithm.Aes256Cbc)
+            {
+                if (signOnly)
+                {
+                    return dataToDecrypt.Count;
+                }
+
+                using var aes = Aes.Create();
+                aes.Mode = CipherMode.CBC;
+                aes.Padding = PaddingMode.None;
+                aes.Key = encryptingKey;
+                aes.IV = iv;
+
+                using ICryptoTransform decryptor = aes.CreateDecryptor();
+                decryptor.TransformBlock(
+                    dataToDecrypt.Array,
+                    dataToDecrypt.Offset,
+                    dataToDecrypt.Count,
+                    dataToDecrypt.Array,
+                    dataToDecrypt.Offset);
+
+                return dataToDecrypt.Count;
+            }
+
             ArraySegment<byte> result = EccUtils.SymmetricDecryptAndVerify(
                 dataToDecrypt,
                 token.SecurityPolicy,
@@ -810,6 +893,9 @@ protected void Decrypt(
             {
                 Buffer.BlockCopy(result.Array, result.Offset, dataToDecrypt.Array, dataToDecrypt.Offset, result.Count);
             }
+
+            // return the decrypted size (without authentication tag/padding)
+            return result.Count - dataToDecrypt.Offset;
         }
 
 #if NETSTANDARD2_1_OR_GREATER || NET6_0_OR_GREATER

From d0c63213528a35f2e631fe37a7b6c7d7517a5a87 Mon Sep 17 00:00:00 2001
From: Randy Armstrong <randy@sparhawksoftware.com>
Date: Tue, 25 Nov 2025 22:52:12 -0800
Subject: [PATCH 04/15] Merge SecurityEnhancements.

---
 .../ConsoleReferenceClient/Program.cs         |  16 +-
 .../Quickstarts.ReferenceClient.Config.xml    |  24 +-
 .../ConsoleReferenceClient/RunTest.cs         | 654 ++++++++++++
 .../generate_user_certificate.ps1             |  80 ++
 .../ConsoleReferenceServer/Program.cs         |  14 +-
 .../Quickstarts.ReferenceServer.Config.xml    |  68 +-
 Libraries/Opc.Ua.Client/Session/Session.cs    | 186 +++-
 .../ApplicationInstance.cs                    |   2 +-
 .../Configuration/ConfigurationNodeManager.cs |   2 +-
 .../Opc.Ua.Server/Server/StandardServer.cs    |  25 +-
 Libraries/Opc.Ua.Server/Session/Session.cs    |  53 +-
 .../Stack/Https/HttpsTransportListener.cs     |  13 +-
 .../Schema/SecuredApplicationHelpers.cs       |  29 +-
 .../Certificates/CertificateIdentifier.cs     |  33 +-
 .../{EccUtils.cs => CryptoUtils.cs}           | 264 +++--
 .../Security/Certificates/EncryptedSecret.cs  | 439 ++------
 .../Security/Certificates/Nonce.cs            | 198 ++--
 .../Security/Certificates/X509Utils.cs        |   2 +-
 .../Constants/AdditionalParameterNames.cs     |  34 +
 .../Security/Constants/SecurityPolicies.cs    | 624 +++++++----
 .../Security/Constants/SecurityPolicyInfo.cs  | 570 +++++++++-
 .../Stack/Client/ClientChannelManager.cs      |  12 +
 .../Configuration/EndpointDescription.cs      |  16 +-
 .../Stack/Https/HttpsTransportChannel.cs      |  23 +-
 .../Stack/Server/SecureChannelContext.cs      |  34 +-
 Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs   |  15 +
 Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs |  45 +
 .../Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs |  40 +-
 .../Stack/Tcp/TcpTransportListener.cs         |   6 +-
 .../Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs | 297 +++---
 .../Stack/Tcp/UaSCBinaryChannel.Rsa.cs        |  18 +-
 .../Stack/Tcp/UaSCBinaryChannel.Symmetric.cs  | 979 ++++--------------
 .../Stack/Tcp/UaSCBinaryChannel.cs            |  24 +-
 .../Stack/Tcp/UaSCBinaryClientChannel.cs      |  39 +-
 .../Stack/Tcp/UaSCBinaryTransportChannel.cs   |  13 +-
 .../Stack/Transport/ITransportChannel.cs      |  25 +-
 .../Stack/Transport/NullChannel.cs            |  16 +-
 .../Stack/Types/UserNameIdentityToken.cs      |   6 +-
 .../Stack/Types/X509IdentityToken.cs          |  16 +-
 .../Diagnostics/TelemetryUtils.cs             |   2 +-
 Stack/Opc.Ua.Types/Encoders/BinaryDecoder.cs  |   3 +-
 UA Reference.sln                              |  15 +
 42 files changed, 3020 insertions(+), 1954 deletions(-)
 create mode 100644 Applications/ConsoleReferenceClient/RunTest.cs
 create mode 100644 Applications/ConsoleReferenceClient/generate_user_certificate.ps1
 rename Stack/Opc.Ua.Core/Security/Certificates/{EccUtils.cs => CryptoUtils.cs} (83%)
 create mode 100644 Stack/Opc.Ua.Core/Security/Constants/AdditionalParameterNames.cs

diff --git a/Applications/ConsoleReferenceClient/Program.cs b/Applications/ConsoleReferenceClient/Program.cs
index 7f60afa397..5d47b107ac 100644
--- a/Applications/ConsoleReferenceClient/Program.cs
+++ b/Applications/ConsoleReferenceClient/Program.cs
@@ -75,8 +75,8 @@ public static async Task Main(string[] args)
             byte[] userpassword = null;
             string userCertificateThumbprint = null;
             byte[] userCertificatePassword = null;
-            bool logConsole = false;
-            bool appLog = false;
+            bool logConsole = true;
+            bool appLog = true;
             bool fileLog = false;
             bool renewCertificate = false;
             bool loadTypes = false;
@@ -184,7 +184,7 @@ public static async Task Main(string[] args)
                     }
                 },
                 {
-                    "f|fetchall",
+                    "fa|fetchall",
                     "Fetch all nodes",
                     f =>
                     {
@@ -333,7 +333,7 @@ public static async Task Main(string[] args)
                     logConsole,
                     fileLog,
                     appLog,
-                    LogLevel.Information);
+                    LogLevel.Warning);
 
                 // delete old certificate
                 if (renewCertificate)
@@ -370,6 +370,14 @@ await application.DeleteApplicationInstanceCertificateAsync()
                 CancellationToken ct = quitCTS.Token;
                 ManualResetEvent quitEvent = ConsoleUtils.CtrlCHandler(quitCTS);
 
+                // insert security tester.
+                var tester = new SecurityTestClient.RunTest(config, telemetry);
+
+                if (await tester.RunAsync(quitEvent, ct).ConfigureAwait(false))
+                {
+                    return;
+                }
+
                 var userIdentity = new UserIdentity();
 
                 // set user identity of type username/pw
diff --git a/Applications/ConsoleReferenceClient/Quickstarts.ReferenceClient.Config.xml b/Applications/ConsoleReferenceClient/Quickstarts.ReferenceClient.Config.xml
index aa3a8ae264..48028419bf 100644
--- a/Applications/ConsoleReferenceClient/Quickstarts.ReferenceClient.Config.xml
+++ b/Applications/ConsoleReferenceClient/Quickstarts.ReferenceClient.Config.xml
@@ -13,35 +13,35 @@
     <ApplicationCertificates>
       <CertificateIdentifier>
         <StoreType>Directory</StoreType>
-        <StorePath>%LocalApplicationData%/OPC Foundation/pki/own</StorePath>
+        <StorePath>./pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Client, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>RsaSha256</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>NistP256</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>%LocalApplicationData%/OPC Foundation/pki/own</StorePath>
+        <StorePath>./pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Client, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>NistP256</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>NistP384</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>%LocalApplicationData%/OPC Foundation/pki/own</StorePath>
+        <StorePath>./pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference client, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>NistP384</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>BrainpoolP256r1</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>%LocalApplicationData%/OPC Foundation/pki/own</StorePath>
+        <StorePath>./pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Client, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>BrainpoolP256r1</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>BrainpoolP384r1</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>%LocalApplicationData%/OPC Foundation/pki/own</StorePath>
+        <StorePath>./pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Client, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>BrainpoolP384r1</CertificateTypeString>
       </CertificateIdentifier>
@@ -49,17 +49,17 @@
     <!-- Where the issuer certificate are stored (certificate authorities) -->
     <TrustedIssuerCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>%LocalApplicationData%/OPC Foundation/pki/issuer</StorePath>
+      <StorePath>./pki/issuer</StorePath>
     </TrustedIssuerCertificates>
     <!-- Where the trust list is stored -->
     <TrustedPeerCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>%LocalApplicationData%/OPC Foundation/pki/trusted</StorePath>
+      <StorePath>./pki/trusted</StorePath>
     </TrustedPeerCertificates>
     <!-- The directory used to store invalid certificates for later review by the administrator. -->
     <RejectedCertificateStore>
       <StoreType>Directory</StoreType>
-      <StorePath>%LocalApplicationData%/OPC Foundation/pki/rejected</StorePath>
+      <StorePath>./pki/rejected</StorePath>
     </RejectedCertificateStore>
     <MaxRejectedCertificates>5</MaxRejectedCertificates>
     <!-- WARNING: The following setting (to automatically accept untrusted certificates) should be used
@@ -75,12 +75,12 @@
     <!-- Where the User issers list is stored-->
     <UserIssuerCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>%LocalApplicationData%/OPC Foundation/pki/userIssuer</StorePath>
+      <StorePath>./pki/userIssuer</StorePath>
     </UserIssuerCertificates>
     <!-- Where the User trust list is stored-->
     <TrustedUserCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>%LocalApplicationData%/OPC Foundation/pki/trustedUser</StorePath>
+      <StorePath>./pki/trustedUser</StorePath>
     </TrustedUserCertificates>
   </SecurityConfiguration>
   <TransportConfigurations></TransportConfigurations>
@@ -92,7 +92,7 @@
     <MaxMessageSize>4194304</MaxMessageSize>
     <MaxBufferSize>65535</MaxBufferSize>
     <ChannelLifetime>300000</ChannelLifetime>
-    <SecurityTokenLifetime>3600000</SecurityTokenLifetime>
+    <SecurityTokenLifetime>30000</SecurityTokenLifetime>
   </TransportQuotas>
   <ClientConfiguration>
     <DefaultSessionTimeout>60000</DefaultSessionTimeout>
@@ -120,7 +120,7 @@
   </ClientConfiguration>
   <Extensions></Extensions>
   <TraceConfiguration>
-    <OutputFilePath>%LocalApplicationData%/OPC Foundation/Logs/Quickstarts.ReferenceClient.log.txt</OutputFilePath>
+    <OutputFilePath>./Logs/Quickstarts.ReferenceClient.log.txt</OutputFilePath>
     <DeleteOnLoad>true</DeleteOnLoad>
     <!-- Show Only Errors -->
     <!-- <TraceMasks>1</TraceMasks> -->
diff --git a/Applications/ConsoleReferenceClient/RunTest.cs b/Applications/ConsoleReferenceClient/RunTest.cs
new file mode 100644
index 0000000000..a129e6dbb6
--- /dev/null
+++ b/Applications/ConsoleReferenceClient/RunTest.cs
@@ -0,0 +1,654 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Globalization;
+using System.IO;
+using System.Linq;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
+using Opc.Ua;
+using Opc.Ua.Client;
+using Opc.Ua.Configuration;
+
+namespace SecurityTestClient
+{
+    internal sealed class RunTest
+    {
+        private readonly Lock m_lock = new();
+        private SessionReconnectHandler m_reconnectHandler;
+        private ILogger m_logger;
+        private ITelemetryContext m_context;
+        private ApplicationConfiguration m_configuration;
+        private ISession m_session;
+
+        const string ServerUrl = "opc.tcp://localhost:62541";
+        const int kMaxSearchDepth = 128;
+        const int ReconnectPeriod = 1000;
+        const int ReconnectPeriodExponentialBackoff = 15000;
+
+        public RunTest(ApplicationConfiguration configuration, ITelemetryContext context)
+        {
+            m_context = context;
+            m_configuration = configuration;
+            m_logger = context.CreateLogger("Test");
+
+            m_reconnectHandler = new SessionReconnectHandler(
+                context,
+                true,
+                ReconnectPeriodExponentialBackoff);
+        }
+
+        private string GetUserCertificateFile(string securityPolicyUri)
+        {
+            var securityPolicy = SecurityPolicies.GetInfo(securityPolicyUri);
+
+            switch (securityPolicy.CertificateKeyAlgorithm)
+            {
+                default:
+                case CertificateKeyAlgorithm.RSA:
+                case CertificateKeyAlgorithm.RSADH:
+                    return $"iama.tester.rsa.der";
+                case CertificateKeyAlgorithm.BrainpoolP256r1:
+                    return $"iama.tester.brainpoolP256r1.der";
+                case CertificateKeyAlgorithm.BrainpoolP384r1:
+                    return $"iama.tester.brainpoolP384r1.der";
+                case CertificateKeyAlgorithm.NistP256:
+                    return $"iama.tester.nistP256.der";
+                case CertificateKeyAlgorithm.NistP384:
+                    return $"iama.tester.nistP384.der";
+            }
+        }
+
+        public async Task<bool> RunAsync(ManualResetEvent quitEvent, CancellationToken ct)
+        {
+            try
+            {
+                m_logger.LogInformation("OPC UA Security Test Client");
+
+                // The application name and config file names
+                const string applicationName = "ConsoleReferenceClient";
+                const string configSectionName = "Quickstarts.ReferenceClient";
+
+                // Define the UA Client application
+                var passwordProvider = new CertificatePasswordProvider([]);
+
+                var application = new ApplicationInstance(m_context)
+                {
+                    ApplicationName = applicationName,
+                    ApplicationType = ApplicationType.Client,
+                    ConfigSectionName = configSectionName,
+                    CertificatePasswordProvider = passwordProvider
+                };
+
+                // load the application configuration.
+                var configuration = m_configuration = await application
+                    .LoadApplicationConfigurationAsync(silent: false, ct: ct)
+                    .ConfigureAwait(false);
+
+                m_configuration.CertificateValidator.CertificateValidation += CertificateValidation;
+
+                // check the application certificate.
+                bool haveAppCertificate = await application
+                    .CheckApplicationInstanceCertificatesAsync(false, ct: ct)
+                    .ConfigureAwait(false);
+
+                if (!haveAppCertificate)
+                {
+                    throw new InvalidOperationException("Application instance certificate invalid!");
+                }
+
+                m_logger.LogInformation("Connecting to... {ServerUrl}", ServerUrl);
+
+                var endpoints = await GetEndpoints(
+                    m_configuration,
+                    ServerUrl,
+                    ct).ConfigureAwait(false);
+
+                var endpointConfiguration = EndpointConfiguration.Create(m_configuration);
+                var sessionFactory = new DefaultSessionFactory(m_context);
+                var userNameidentity = new UserIdentity("sysadmin", new UTF8Encoding(false).GetBytes("demo"));
+
+                foreach (var ii in endpoints)
+                {
+                    var userCertificateFile = GetUserCertificateFile(ii.SecurityPolicyUri);
+                    var x509 = X509CertificateLoader.LoadCertificateFromFile(Path.Combine(".\\pki\\trustedUser\\certs", userCertificateFile));
+                    var thumbprint = x509.Thumbprint;
+
+                    var certificateIdentity = await LoadUserCertificateAsync(thumbprint, "password", ct).ConfigureAwait(false);
+
+                    foreach (var identity in new UserIdentity[] { userNameidentity, certificateIdentity })
+                    {
+                        try
+                        {
+                            m_logger.LogWarning("{Line}", new string('=', 80));
+
+                            m_logger.LogWarning(
+                                "SECURITY-POLICY={SecurityPolicyUri} {SecurityMode}",
+                                SecurityPolicies.GetDisplayName(ii.SecurityPolicyUri),
+                                ii.SecurityMode);
+
+                            m_logger.LogWarning(
+                                "IDENTITY={DisplayName} {TokenType}",
+                                identity.DisplayName,
+                                identity.TokenType);
+
+                            ISession session = await RunTestAsync(
+                                endpointConfiguration,
+                                sessionFactory,
+                                ii,
+                                identity,
+                                ct).ConfigureAwait(false);
+
+                            m_logger.LogWarning("Waiting for SecureChannel renew");
+
+                            for (int count = 0; count < 10; count++)
+                            {
+                                var result = await session.ReadAsync(
+                                    null,
+                                    0,
+                                    TimestampsToReturn.Neither,
+                                    new ReadValueIdCollection()
+                                    {
+                                        new ReadValueId()
+                                        {
+                                            NodeId = Opc.Ua.VariableIds.Server_ServerStatus_CurrentTime,
+                                            AttributeId = Attributes.Value
+                                        }
+                                    },
+                                    ct).ConfigureAwait(false);
+
+                                m_logger.LogWarning(
+                                    "CurrentTime: {CurrentTime}",
+                                    result.Results[0].GetValueOrDefault<DateTime>().ToString("HH:mm:ss.fff", CultureInfo.InvariantCulture));
+
+                                await Task.Delay(5000, ct).ConfigureAwait(false);
+                            }
+
+                            await session.CloseAsync(true, ct: ct).ConfigureAwait(false);
+                        }
+                        catch (Exception e)
+                        {
+                            Console.WriteLine("Exception: {0}", e.Message);
+                            Console.WriteLine("StackTrace: {0}", e.StackTrace);
+                            quitEvent.WaitOne(20000);
+                        }
+
+                        m_logger.LogWarning(
+                            "TEST COMPLETE: {SecurityPolicyUri} {SecurityMode}",
+                            SecurityPolicies.GetDisplayName(ii.SecurityPolicyUri),
+                            ii.SecurityMode);
+
+                        m_logger.LogWarning("{Line}", new string('=', 80));
+                    }
+                }
+
+                Console.WriteLine("Ctrl-C to stop.");
+                quitEvent.WaitOne();
+            }
+            catch (Exception e)
+            {
+                m_logger.LogError("Exception: {Message}", e.Message);
+                m_logger.LogTrace("StackTrace: {StackTrace}", e.StackTrace);
+            }
+
+            return true;
+        }
+
+        private async Task<UserIdentity> LoadUserCertificateAsync(string thumbprint, string password, CancellationToken ct)
+        {
+#if NET8_0_OR_GREATER
+            var store = m_configuration.SecurityConfiguration.TrustedUserCertificates;
+
+            // get user certificate with matching thumbprint
+            var hit = (
+                await store.GetCertificatesAsync(m_context, ct).ConfigureAwait(false)
+            ).Find(X509FindType.FindByThumbprint, thumbprint, false).FirstOrDefault();
+
+            // create Certificate Identifier
+            var cid = new CertificateIdentifier(hit)
+            {
+                StorePath = store.StorePath,
+                StoreType = store.StoreType
+            };
+
+            return await UserIdentity.CreateAsync(
+                cid,
+                new CertificatePasswordProvider(new UTF8Encoding(false).GetBytes(password)),
+                m_context,
+                ct
+            ).ConfigureAwait(false);
+#else
+            await Task.Delay(1, ct).ConfigureAwait(false);
+            throw new NotSupportedException("User certificate identity is only supported on .NET 8 or greater.");
+#endif
+        }
+
+        public async Task<ISession> RunTestAsync(
+            EndpointConfiguration endpointConfiguration,
+            DefaultSessionFactory sessionFactory,
+            EndpointDescription endpointDescription,
+            UserIdentity identity,
+            CancellationToken ct)
+        {
+            var endpoint = new ConfiguredEndpoint(
+                null,
+                endpointDescription,
+                endpointConfiguration);
+
+            // Create the session
+            ISession session = await sessionFactory
+                .CreateAsync(
+                    m_configuration,
+                    endpoint,
+                    false,
+                    false,
+                    m_configuration.ApplicationName,
+                    600000,
+                    //new UserIdentity(),
+                    (endpointDescription.SecurityMode != MessageSecurityMode.None) ? identity : new UserIdentity(),
+                    null,
+                    ct
+                )
+                .ConfigureAwait(false);
+
+            // Assign the created session
+            if (session == null || !session.Connected)
+            {
+                throw new InvalidOperationException("Could not connect to server at " + ServerUrl);
+            }
+
+            session.KeepAliveInterval = 10000;
+            session.KeepAlive += Session_KeepAlive;
+
+            var nodes = await BrowseFullAddressSpaceAsync(
+                session,
+                ObjectIds.ObjectsFolder,
+                null,
+                ct).ConfigureAwait(false);
+
+            return session;
+        }
+        private async ValueTask<IList<EndpointDescription>> GetEndpoints(
+            ApplicationConfiguration application,
+            string discoveryUrl,
+            CancellationToken ct = default)
+        {
+            var endpointConfiguration = EndpointConfiguration.Create(application);
+
+            using var client = await DiscoveryClient.CreateAsync(
+                application,
+                new Uri(discoveryUrl),
+                endpointConfiguration,
+                ct: ct).ConfigureAwait(false);
+
+            return await client.GetEndpointsAsync(null, ct).ConfigureAwait(false);
+        }
+
+        private void CertificateValidation(
+            CertificateValidator sender,
+            CertificateValidationEventArgs e)
+        {
+            bool certificateAccepted = false;
+
+            // ****
+            // Implement a custom logic to decide if the certificate should be
+            // accepted or not and set certificateAccepted flag accordingly.
+            // The certificate can be retrieved from the e.Certificate field
+            // ***
+
+            ServiceResult error = e.Error;
+            m_logger.LogInformation("{ServiceResult}", error);
+            if (error.StatusCode == StatusCodes.BadCertificateUntrusted)
+            {
+                certificateAccepted = true;
+            }
+
+            if (certificateAccepted)
+            {
+                m_logger.LogInformation(
+                    "Untrusted Certificate accepted. Subject = {Subject}",
+                    e.Certificate.Subject);
+                e.Accept = true;
+            }
+            else
+            {
+                m_logger.LogInformation(
+                    "Untrusted Certificate rejected. Subject = {Subject}",
+                    e.Certificate.Subject);
+            }
+        }
+
+        private void Session_KeepAlive(ISession session, KeepAliveEventArgs e)
+        {
+            try
+            {
+                // check for events from discarded sessions.
+                if (m_session == null || !m_session.Equals(session))
+                {
+                    return;
+                }
+
+                // start reconnect sequence on communication error.
+                if (ServiceResult.IsBad(e.Status))
+                {
+                    SessionReconnectHandler.ReconnectState state = m_reconnectHandler
+                        .BeginReconnect(
+                            m_session,
+                            null,
+                            ReconnectPeriod,
+                            Client_ReconnectComplete);
+
+                    if (state == SessionReconnectHandler.ReconnectState.Triggered)
+                    {
+                        m_logger.LogInformation(
+                            "KeepAlive status {Status}, reconnect status {State}, reconnect period {ReconnectPeriod}ms.",
+                            e.Status,
+                            state,
+                            ReconnectPeriod
+                        );
+                    }
+                    else
+                    {
+                        m_logger.LogInformation(
+                            "KeepAlive status {Status}, reconnect status {State}.",
+                            e.Status,
+                            state);
+                    }
+
+                    // cancel sending a new keep alive request, because reconnect is triggered.
+                    e.CancelKeepAlive = true;
+                }
+            }
+            catch (Exception exception)
+            {
+                m_logger.LogError(exception, "Error in OnKeepAlive.");
+            }
+        }
+        private void Client_ReconnectComplete(object sender, EventArgs e)
+        {
+            // ignore callbacks from discarded objects.
+            if (!ReferenceEquals(sender, m_reconnectHandler))
+            {
+                return;
+            }
+
+            lock (m_lock)
+            {
+                // if session recovered, Session property is null
+                if (m_reconnectHandler.Session != null)
+                {
+                    // ensure only a new instance is disposed
+                    // after reactivate, the same session instance may be returned
+                    if (!ReferenceEquals(m_session, m_reconnectHandler.Session))
+                    {
+                        m_logger.LogInformation(
+                            "--- RECONNECTED TO NEW SESSION --- {SessionId}",
+                            m_reconnectHandler.Session.SessionId
+                        );
+                        ISession session = m_session;
+                        m_session = m_reconnectHandler.Session;
+                        Utils.SilentDispose(session);
+                    }
+                    else
+                    {
+                        m_logger.LogInformation(
+                            "--- REACTIVATED SESSION --- {SessionId}",
+                            m_reconnectHandler.Session.SessionId);
+                    }
+                }
+                else
+                {
+                    m_logger.LogInformation("--- RECONNECT KeepAlive recovered ---");
+                }
+            }
+        }
+
+        private async Task<ReferenceDescriptionCollection> BrowseFullAddressSpaceAsync(
+            ISession session,
+            NodeId startingNode = null,
+            BrowseDescription browseDescription = null,
+            CancellationToken ct = default)
+        {
+            var stopWatch = new Stopwatch();
+            stopWatch.Start();
+
+            // Browse template
+            const int kMaxReferencesPerNode = 1000;
+            BrowseDescription browseTemplate =
+                browseDescription
+                ?? new BrowseDescription
+                {
+                    NodeId = startingNode ?? ObjectIds.RootFolder,
+                    BrowseDirection = BrowseDirection.Forward,
+                    ReferenceTypeId = ReferenceTypeIds.HierarchicalReferences,
+                    IncludeSubtypes = true,
+                    NodeClassMask = 0,
+                    ResultMask = (uint)BrowseResultMask.All
+                };
+            BrowseDescriptionCollection browseDescriptionCollection
+                = CreateBrowseDescriptionCollectionFromNodeId(
+                [.. new NodeId[] { startingNode ?? ObjectIds.RootFolder }],
+                browseTemplate);
+
+            // Browse
+            var referenceDescriptions = new Dictionary<ExpandedNodeId, ReferenceDescription>();
+            var random = new Random(11211); // use a fixed seed for test reproducibility
+
+            int searchDepth = 0;
+            uint maxNodesPerBrowse = session.OperationLimits.MaxNodesPerBrowse;
+            while (browseDescriptionCollection.Count > 0 && searchDepth < kMaxSearchDepth)
+            {
+                searchDepth++;
+                m_logger.LogInformation(
+                    "{SearchDepth}: Browse {Count} nodes after {ElapsedMilliseconds}ms",
+                    searchDepth,
+                    browseDescriptionCollection.Count,
+                    stopWatch.ElapsedMilliseconds);
+
+                var allBrowseResults = new BrowseResultCollection();
+                bool repeatBrowse;
+                var browseResultCollection = new BrowseResultCollection();
+                var unprocessedOperations = new BrowseDescriptionCollection();
+                DiagnosticInfoCollection diagnosticsInfoCollection;
+                do
+                {
+                    BrowseDescriptionCollection browseCollection =
+                        maxNodesPerBrowse == 0
+                            ? browseDescriptionCollection
+                            : browseDescriptionCollection.Take((int)maxNodesPerBrowse).ToArray();
+                    repeatBrowse = false;
+                    try
+                    {
+                        RequestHeader requestHeader = null;
+
+                        // a random pattern to obscure the message size
+                        // (only useful for application running over untrusted networks).
+                        if (session.ConfiguredEndpoint.Description.SecurityMode == MessageSecurityMode.SignAndEncrypt)
+                        {
+                            // a real application needs to use secure randomness
+#pragma warning disable CA5394 // Do not use insecure randomness
+                            var padding = new byte[random.Next() % 4096];
+                            random.NextBytes(padding);
+#pragma warning restore CA5394 // Do not use insecure randomness
+
+                            requestHeader = new RequestHeader
+                            {
+                                AdditionalHeader = new ExtensionObject(new Opc.Ua.AdditionalParametersType()
+                                {
+                                    Parameters = new KeyValuePairCollection([
+                                        new Opc.Ua.KeyValuePair() {
+                                        Key = AdditionalParameterNames.Padding,
+                                        Value = new Variant(padding)
+                                    }
+                                    ])
+                                })
+                            };
+                        }
+
+                        BrowseResponse browseResponse = await
+                            session.BrowseAsync(
+                                requestHeader,
+                                null,
+                                kMaxReferencesPerNode,
+                                browseCollection,
+                                ct)
+                            .ConfigureAwait(false);
+                        browseResultCollection = browseResponse.Results;
+                        diagnosticsInfoCollection = browseResponse.DiagnosticInfos;
+                        ClientBase.ValidateResponse(browseResultCollection, browseCollection);
+                        ClientBase.ValidateDiagnosticInfos(
+                            diagnosticsInfoCollection,
+                            browseCollection);
+
+                        // separate unprocessed nodes for later
+                        int ii = 0;
+                        foreach (BrowseResult browseResult in browseResultCollection)
+                        {
+                            // check for error.
+                            StatusCode statusCode = browseResult.StatusCode;
+                            if (StatusCode.IsBad(statusCode))
+                            {
+                                // this error indicates that the server does not have enough simultaneously active
+                                // continuation points. This request will need to be resent after the other operations
+                                // have been completed and their continuation points released.
+                                if (statusCode == StatusCodes.BadNoContinuationPoints)
+                                {
+                                    unprocessedOperations.Add(browseCollection[ii++]);
+                                    continue;
+                                }
+                            }
+
+                            // save results.
+                            allBrowseResults.Add(browseResult);
+                            ii++;
+                        }
+                    }
+                    catch (ServiceResultException sre)
+                    {
+                        if (sre.StatusCode is StatusCodes.BadEncodingLimitsExceeded or StatusCodes
+                            .BadResponseTooLarge)
+                        {
+                            // try to address by overriding operation limit
+                            maxNodesPerBrowse =
+                                maxNodesPerBrowse == 0
+                                    ? (uint)browseCollection.Count / 2
+                                    : maxNodesPerBrowse / 2;
+                            repeatBrowse = true;
+                        }
+                        else
+                        {
+                            m_logger.LogError("Browse error: {Message}", sre.Message);
+                            throw;
+                        }
+                    }
+                } while (repeatBrowse);
+
+                if (maxNodesPerBrowse == 0)
+                {
+                    browseDescriptionCollection.Clear();
+                }
+                else
+                {
+                    browseDescriptionCollection = browseDescriptionCollection
+                        .Skip(browseResultCollection.Count)
+                        .ToArray();
+                }
+
+                // Browse next
+                ByteStringCollection continuationPoints = PrepareBrowseNext(browseResultCollection);
+                while (continuationPoints.Count > 0)
+                {
+                    m_logger.LogInformation("BrowseNext {Count} continuation points.", continuationPoints.Count);
+                    BrowseNextResponse browseNextResult = await
+                        session.BrowseNextAsync(null, false, continuationPoints, ct)
+                        .ConfigureAwait(false);
+                    BrowseResultCollection browseNextResultCollection = browseNextResult.Results;
+                    diagnosticsInfoCollection = browseNextResult.DiagnosticInfos;
+                    ClientBase.ValidateResponse(browseNextResultCollection, continuationPoints);
+                    ClientBase.ValidateDiagnosticInfos(
+                        diagnosticsInfoCollection,
+                        continuationPoints);
+                    allBrowseResults.AddRange(browseNextResultCollection);
+                    continuationPoints = PrepareBrowseNext(browseNextResultCollection);
+                }
+
+                // Build browse request for next level
+                var browseTable = new NodeIdCollection();
+                int duplicates = 0;
+                foreach (BrowseResult browseResult in allBrowseResults)
+                {
+                    foreach (ReferenceDescription reference in browseResult.References)
+                    {
+                        if (!referenceDescriptions.ContainsKey(reference.NodeId))
+                        {
+                            referenceDescriptions[reference.NodeId] = reference;
+                            if (reference.ReferenceTypeId != ReferenceTypeIds.HasProperty)
+                            {
+                                browseTable.Add(
+                                    ExpandedNodeId.ToNodeId(
+                                        reference.NodeId,
+                                        session.NamespaceUris));
+                            }
+                        }
+                        else
+                        {
+                            duplicates++;
+                        }
+                    }
+                }
+                if (duplicates > 0)
+                {
+                    m_logger.LogInformation("Browse Result {Duplicates} duplicate nodes were ignored.", duplicates);
+                }
+                browseDescriptionCollection.AddRange(
+                    CreateBrowseDescriptionCollectionFromNodeId(browseTable, browseTemplate));
+
+                // add unprocessed nodes if any
+                browseDescriptionCollection.AddRange(unprocessedOperations);
+            }
+
+            stopWatch.Stop();
+
+            var result = new ReferenceDescriptionCollection(referenceDescriptions.Values);
+            result.Sort((x, y) => x.NodeId.CompareTo(y.NodeId));
+
+            m_logger.LogWarning(
+                "BrowseFullAddressSpace found {Count} references on server in {ElapsedMilliseconds}ms.",
+                referenceDescriptions.Count,
+                stopWatch.ElapsedMilliseconds);
+
+            return result;
+        }
+
+        private static BrowseDescriptionCollection CreateBrowseDescriptionCollectionFromNodeId(
+            NodeIdCollection nodeIdCollection,
+            BrowseDescription template)
+        {
+            var browseDescriptionCollection = new BrowseDescriptionCollection();
+            foreach (NodeId nodeId in nodeIdCollection)
+            {
+                var browseDescription = (BrowseDescription)template.MemberwiseClone();
+                browseDescription.NodeId = nodeId;
+                browseDescriptionCollection.Add(browseDescription);
+            }
+            return browseDescriptionCollection;
+        }
+
+        private static ByteStringCollection PrepareBrowseNext(
+            BrowseResultCollection browseResultCollection)
+        {
+            var continuationPoints = new ByteStringCollection();
+            foreach (BrowseResult browseResult in browseResultCollection)
+            {
+                if (browseResult.ContinuationPoint != null)
+                {
+                    continuationPoints.Add(browseResult.ContinuationPoint);
+                }
+            }
+            return continuationPoints;
+        }
+    }
+}
diff --git a/Applications/ConsoleReferenceClient/generate_user_certificate.ps1 b/Applications/ConsoleReferenceClient/generate_user_certificate.ps1
new file mode 100644
index 0000000000..bb3a12a470
--- /dev/null
+++ b/Applications/ConsoleReferenceClient/generate_user_certificate.ps1
@@ -0,0 +1,80 @@
+# 1. Ensure directories exist
+$certDir   = "./pki/trustedUser/certs"
+$privateDir = "./pki/trustedUser/private"
+
+$curves = @(
+    'nistP256',
+    'nistP384',
+    'brainpoolP256r1',
+    'brainpoolP384r1'
+)
+
+foreach ($d in @($certDir, $privateDir)) {
+    if (-not (Test-Path $d)) {
+        New-Item -ItemType Directory -Path $d -Force | Out-Null
+    }
+}
+
+# 2. Create a self-signed ECC certificate (NIST P-256)
+# $cert = New-SelfSignedCertificate `
+#     -Subject "CN=iama.tester@example.com" `
+#     -CertStoreLocation "Cert:\CurrentUser\My" `
+#     -KeyExportPolicy Exportable `
+#     -KeySpec Signature `
+#     -KeyAlgorithm ECDSA_nistP256 `
+#     -Curve 'CurveName' `
+#     -HashAlgorithm SHA256 `
+#     -NotAfter (Get-Date).AddYears(1)
+
+foreach ($curve in $curves) {
+
+    Write-Host "Generating certificate for curve: $curve"
+
+    # Create certificate parameters and dynamically insert the curve
+    $params = @{
+        Type              = 'Custom'
+        Subject           = 'CN=iama.tester@example.com'
+        TextExtension     = @(
+            '2.5.29.37={text}1.3.6.1.5.5.7.3.2'
+            '2.5.29.17={text}upn=iama.tester@example.com'
+        )
+        KeyUsage          = 'DigitalSignature'
+        KeyAlgorithm      = "ECDSA_$curve"    # <-- dynamic!
+        CurveExport       = 'CurveName'
+        CertStoreLocation = 'Cert:\CurrentUser\My'
+    }
+
+    # 1. Create cert
+    $cert = New-SelfSignedCertificate @params
+
+    # 2. Export DER
+    $derPath = Join-Path $certDir "iama.tester.$curve.der"
+    Export-Certificate -Cert $cert -FilePath $derPath -Type CERT
+
+    # 3. Export PFX with password
+    $secret = ConvertTo-SecureString -String "password" -Force -AsPlainText
+    $pfxPath = Join-Path $privateDir "iama.tester.$curve.pfx"
+    Export-PfxCertificate -Cert $cert -FilePath $pfxPath -Password $secret
+
+    Write-Host "Finished: $curve`n"
+}
+
+Write-Host "`n=== Generating RSA-2048 ==="
+
+$rsaParams = @{
+    Type              = 'Custom'
+    Subject           = 'CN=iama.tester@example.com'
+    TextExtension     = @(
+        '2.5.29.37={text}1.3.6.1.5.5.7.3.2'
+        '2.5.29.17={text}upn=iama.tester@example.com'
+    )
+    KeyUsage          = 'DigitalSignature'
+    KeyAlgorithm      = 'RSA'
+    KeyLength         = 2048
+    CertStoreLocation = 'Cert:\CurrentUser\My'
+}
+
+$rsaCert = New-SelfSignedCertificate @rsaParams
+
+Export-Certificate -Cert $rsaCert -FilePath (Join-Path $certDir   "iama.tester.rsa.der") -Type CERT
+Export-PfxCertificate -Cert $rsaCert -FilePath (Join-Path $privateDir "iama.tester.rsa.pfx") -Password $secret
diff --git a/Applications/ConsoleReferenceServer/Program.cs b/Applications/ConsoleReferenceServer/Program.cs
index 77fe414fd6..03d49ecb5c 100644
--- a/Applications/ConsoleReferenceServer/Program.cs
+++ b/Applications/ConsoleReferenceServer/Program.cs
@@ -61,9 +61,9 @@ public static async Task<int> Main(string[] args)
 
             // command line options
             bool showHelp = false;
-            bool autoAccept = false;
-            bool logConsole = false;
-            bool appLog = false;
+            bool autoAccept = true;
+            bool logConsole = true;
+            bool appLog = true;
             bool fileLog = false;
             bool renewCertificate = false;
             bool shadowConfig = false;
@@ -146,7 +146,13 @@ await server
                 }
 
                 // setup the logging
-                telemetry.ConfigureLogging(server.Configuration, applicationName, logConsole, fileLog, appLog, LogLevel.Information);
+                telemetry.ConfigureLogging(
+                    server.Configuration,
+                    applicationName,
+                    logConsole,
+                    fileLog,
+                    appLog,
+                    LogLevel.Warning);
 
                 // check or renew the certificate
                 logger.LogInformation("Check the certificate.");
diff --git a/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml b/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
index 16fd703f63..f1cfad96bf 100644
--- a/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
+++ b/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
@@ -14,35 +14,35 @@
     <ApplicationCertificates>
       <CertificateIdentifier>
         <StoreType>Directory</StoreType>
-        <StorePath>%LocalApplicationData%/OPC Foundation/pki/own</StorePath>
+        <StorePath>./pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Server, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>RsaSha256</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>NistP256</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>%LocalApplicationData%/OPC Foundation/pki/own</StorePath>
+        <StorePath>./pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Server, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>NistP256</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>NistP384</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>%LocalApplicationData%/OPC Foundation/pki/own</StorePath>
+        <StorePath>./pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Server, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>NistP384</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>BrainpoolP256r1</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>%LocalApplicationData%/OPC Foundation/pki/own</StorePath>
+        <StorePath>./pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Server, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>BrainpoolP256r1</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>BrainpoolP384r1</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>%LocalApplicationData%/OPC Foundation/pki/own</StorePath>
+        <StorePath>./pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Server, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>BrainpoolP384r1</CertificateTypeString>
       </CertificateIdentifier>
@@ -51,17 +51,17 @@
     <!-- Where the issuer certificate are stored (certificate authorities) -->
     <TrustedIssuerCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>%LocalApplicationData%/OPC Foundation/pki/issuer</StorePath>
+      <StorePath>./pki/issuer</StorePath>
     </TrustedIssuerCertificates>
     <!-- Where the trust list is stored -->
     <TrustedPeerCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>%LocalApplicationData%/OPC Foundation/pki/trusted</StorePath>
+      <StorePath>./pki/trusted</StorePath>
     </TrustedPeerCertificates>
     <!-- The directory used to store invalid certificates for later review by the administrator. -->
     <RejectedCertificateStore>
       <StoreType>Directory</StoreType>
-      <StorePath>%LocalApplicationData%/OPC Foundation/pki/rejected</StorePath>
+      <StorePath>./pki/rejected</StorePath>
     </RejectedCertificateStore>
     <MaxRejectedCertificates>5</MaxRejectedCertificates>
     <!-- WARNING: The following setting (to automatically accept untrusted certificates) should be used
@@ -77,12 +77,12 @@
     <!-- Where the User issuer certificates are stored -->
     <UserIssuerCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>%LocalApplicationData%/OPC Foundation/pki/issuerUser</StorePath>
+      <StorePath>./pki/issuerUser</StorePath>
     </UserIssuerCertificates>
     <!-- Where the User trust list is stored-->
     <TrustedUserCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>%LocalApplicationData%/OPC Foundation/pki/trustedUser</StorePath>
+      <StorePath>./pki/trustedUser</StorePath>
     </TrustedUserCertificates>
   </SecurityConfiguration>
   <TransportConfigurations></TransportConfigurations>
@@ -94,11 +94,11 @@
     <MaxMessageSize>4194304</MaxMessageSize>
     <MaxBufferSize>65535</MaxBufferSize>
     <ChannelLifetime>30000</ChannelLifetime>
-    <SecurityTokenLifetime>3600000</SecurityTokenLifetime>
+    <SecurityTokenLifetime>30000</SecurityTokenLifetime>
   </TransportQuotas>
   <ServerConfiguration>
     <BaseAddresses>
-      <ua:String>opc.https://localhost:62540/Quickstarts/ReferenceServer</ua:String>
+      <!--<ua:String>opc.https://localhost:62540/Quickstarts/ReferenceServer</ua:String>-->
       <ua:String>opc.tcp://localhost:62541/Quickstarts/ReferenceServer</ua:String>
       <!--<ua:String>https://localhost:62542/Quickstarts/ReferenceServer</ua:String>-->
     </BaseAddresses>
@@ -122,6 +122,7 @@
     -->
     <SecurityPolicies>
       <!-- the first policy is used for the https endpoint -->
+      <!--
       <ServerSecurityPolicy>
         <SecurityMode>SignAndEncrypt_3</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>
@@ -134,10 +135,34 @@
         <SecurityMode>SignAndEncrypt_3</SecurityMode>
         <SecurityPolicyUri></SecurityPolicyUri>
       </ServerSecurityPolicy>
+      -->
       <ServerSecurityPolicy>
         <SecurityMode>Sign_2</SecurityMode>
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256</SecurityPolicyUri>
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss</SecurityPolicyUri>-->
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AES</SecurityPolicyUri>
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_ChaChaPoly</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384_AES</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_AES</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_ChaChaPoly</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_AES</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>-->
+      </ServerSecurityPolicy>
+      <ServerSecurityPolicy>
+        
+        <SecurityMode>SignAndEncrypt_3</SecurityMode>
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss</SecurityPolicyUri>-->
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AES</SecurityPolicyUri>
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_ChaChaPoly</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384_AES</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384_ChaChaPoly</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_AES</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_ChaChaPoly</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_AES</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>-->
       </ServerSecurityPolicy>
+      <!--
       <ServerSecurityPolicy>
         <SecurityMode>Sign_2</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384</SecurityPolicyUri>
@@ -150,10 +175,6 @@
         <SecurityMode>Sign_2</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1</SecurityPolicyUri>
       </ServerSecurityPolicy>
-      <ServerSecurityPolicy>
-        <SecurityMode>SignAndEncrypt_3</SecurityMode>
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256</SecurityPolicyUri>
-      </ServerSecurityPolicy>
       <ServerSecurityPolicy>
         <SecurityMode>SignAndEncrypt_3</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384</SecurityPolicyUri>
@@ -166,20 +187,11 @@
         <SecurityMode>SignAndEncrypt_3</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1</SecurityPolicyUri>
       </ServerSecurityPolicy>
+      -->
       <ServerSecurityPolicy>
         <SecurityMode>None_1</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#None</SecurityPolicyUri>
       </ServerSecurityPolicy>
-      <!-- deprecated security policies for reference only 
-      <ServerSecurityPolicy>
-        <SecurityMode>Sign_2</SecurityMode>
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256</SecurityPolicyUri>
-      </ServerSecurityPolicy>
-      <ServerSecurityPolicy>
-        <SecurityMode>SignAndEncrypt_3</SecurityMode>
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256</SecurityPolicyUri>
-      </ServerSecurityPolicy>
-      -->
     </SecurityPolicies>
     <MinRequestThreadCount>5</MinRequestThreadCount>
     <MaxRequestThreadCount>100</MaxRequestThreadCount>
@@ -335,7 +347,7 @@
     </ua:XmlElement>
   </Extensions>
   <TraceConfiguration>
-    <OutputFilePath>%LocalApplicationData%/OPC Foundation/Logs/Quickstarts.ReferenceServer.log.txt</OutputFilePath>
+    <OutputFilePath>./Logs/Quickstarts.ReferenceServer.log.txt</OutputFilePath>
     <DeleteOnLoad>true</DeleteOnLoad>
     <!-- Show Only Errors -->
     <!-- <TraceMasks>1</TraceMasks> -->
diff --git a/Libraries/Opc.Ua.Client/Session/Session.cs b/Libraries/Opc.Ua.Client/Session/Session.cs
index 891f2e0ed8..c8fbd97628 100644
--- a/Libraries/Opc.Ua.Client/Session/Session.cs
+++ b/Libraries/Opc.Ua.Client/Session/Session.cs
@@ -308,7 +308,7 @@ private void ValidateServerNonce(
                 if (!Nonce.ValidateNonce(
                     serverNonce,
                     MessageSecurityMode.SignAndEncrypt,
-                    (uint)m_configuration.SecurityConfiguration.NonceLength))
+                    m_configuration.SecurityConfiguration.NonceLength))
                 {
                     if (channelSecurityMode == MessageSecurityMode.SignAndEncrypt ||
                         m_configuration.SecurityConfiguration.SuppressNonceValidationErrors)
@@ -875,7 +875,7 @@ public virtual void Restore(SessionState state)
         public void Snapshot(out SessionConfiguration sessionConfiguration)
         {
             var serverNonce = Nonce.CreateNonce(
-                m_endpoint.Description?.SecurityPolicyUri,
+                SecurityPolicies.GetInfo(m_endpoint.Description?.SecurityPolicyUri),
                 m_serverNonce);
             sessionConfiguration = new SessionConfiguration
             {
@@ -1115,8 +1115,8 @@ await m_configuration
             }
 
             // create a nonce.
-            uint length = (uint)m_configuration.SecurityConfiguration.NonceLength;
-            byte[] clientNonce = Nonce.CreateRandomNonceData(length);
+            int length = m_configuration.SecurityConfiguration.NonceLength;
+            m_clientNonce = Nonce.CreateRandomNonceData(length);
 
             // send the application instance certificate for the client.
             BuildCertificateData(
@@ -1144,10 +1144,10 @@ await m_configuration
             bool successCreateSession = false;
             CreateSessionResponse? response = null;
 
-            //if security none, first try to connect without certificate
+            // if security none, first try to connect without certificate
             if (m_endpoint.Description.SecurityPolicyUri == SecurityPolicies.None)
             {
-                //first try to connect with client certificate NULL
+                // first try to connect with client certificate NULL
                 try
                 {
                     response = await base.CreateSessionAsync(
@@ -1156,7 +1156,7 @@ await m_configuration
                         m_endpoint.Description.Server.ApplicationUri,
                         m_endpoint.EndpointUrl.ToString(),
                         sessionName,
-                        clientNonce,
+                        m_clientNonce,
                         null,
                         sessionTimeout,
                         maxMessageSize,
@@ -1179,7 +1179,7 @@ await m_configuration
                     m_endpoint.Description.Server.ApplicationUri,
                     m_endpoint.EndpointUrl.ToString(),
                     sessionName,
-                    clientNonce,
+                    m_clientNonce,
                     clientCertificateChainData ?? clientCertificateData,
                     sessionTimeout,
                     maxMessageSize,
@@ -1230,7 +1230,8 @@ await m_configuration
                     serverSignature,
                     clientCertificateData,
                     clientCertificateChainData,
-                    clientNonce);
+                    m_clientNonce,
+                    serverNonce);
 
                 HandleSignedSoftwareCertificates(serverSoftwareCertificates);
 
@@ -1238,10 +1239,20 @@ await m_configuration
                 ProcessResponseAdditionalHeader(response.ResponseHeader, serverCertificate);
 
                 // create the client signature.
-                byte[] dataToSign = Utils.Append(serverCertificate?.RawData, serverNonce);
-                SignatureData clientSignature = SecurityPolicies.Sign(
-                    m_instanceCertificate,
+                SecurityPolicyInfo securityPolicy = SecurityPolicies.GetInfo(securityPolicyUri);
+
+                // create the client signature.
+                byte[] dataToSign = securityPolicy.GetClientSignatureData(
+                    TransportChannel.SecureChannelHash,
+                    serverNonce,
+                    serverCertificate?.RawData,
+                    TransportChannel.ServerChannelCertificate,
+                    TransportChannel.ClientChannelCertificate,
+                    m_clientNonce ?? []);
+
+                SignatureData clientSignature = SecurityPolicies.CreateSignatureData(
                     securityPolicyUri,
+                    m_instanceCertificate,
                     dataToSign);
 
                 // select the security policy for the user token.
@@ -1252,18 +1263,24 @@ await m_configuration
                     tokenSecurityPolicyUri = m_endpoint.Description.SecurityPolicyUri;
                 }
 
-                // save previous nonce
-                byte[]? previousServerNonce = GetCurrentTokenServerNonce();
-
                 // validate server nonce and security parameters for user identity.
                 ValidateServerNonce(
                     identity,
                     serverNonce,
                     tokenSecurityPolicyUri,
-                    previousServerNonce,
+                    m_previousServerNonce,
                     m_endpoint.Description.SecurityMode);
 
                 // sign data with user token.
+                dataToSign = securityPolicy.GetUserTokenSignatureData(
+                    TransportChannel.SecureChannelHash,
+                    serverNonce,
+                    serverCertificate?.RawData,
+                    TransportChannel.ServerChannelCertificate,
+                    m_instanceCertificate?.RawData,
+                    TransportChannel.ClientChannelCertificate,
+                    m_clientNonce ?? []);
+
                 SignatureData userTokenSignature = identityToken.Sign(
                     dataToSign,
                     tokenSecurityPolicyUri,
@@ -1334,7 +1351,7 @@ SignedSoftwareCertificateCollection clientSoftwareCertificates
                     // save nonces.
                     m_sessionName = sessionName;
                     m_identity = identity;
-                    m_previousServerNonce = previousServerNonce;
+                    m_previousServerNonce = m_serverNonce;
                     m_serverNonce = serverNonce;
                     m_serverCertificate = serverCertificate;
 
@@ -1419,12 +1436,20 @@ public async Task UpdateSessionAsync(
 
             // get the identity token.
             string securityPolicyUri = m_endpoint.Description.SecurityPolicyUri;
+            SecurityPolicyInfo securityPolicy = SecurityPolicies.GetInfo(securityPolicyUri);
 
             // create the client signature.
-            byte[] dataToSign = Utils.Append(m_serverCertificate?.RawData, serverNonce);
-            SignatureData clientSignature = SecurityPolicies.Sign(
-                m_instanceCertificate,
+            byte[] dataToSign = securityPolicy.GetClientSignatureData(
+                TransportChannel.SecureChannelHash,
+                serverNonce,
+                m_serverCertificate?.RawData,
+                TransportChannel.ServerChannelCertificate,
+                TransportChannel.ClientChannelCertificate,
+                m_clientNonce ?? []);
+
+            SignatureData clientSignature = SecurityPolicies.CreateSignatureData(
                 securityPolicyUri,
+                m_instanceCertificate,
                 dataToSign);
 
             // choose a default token.
@@ -1469,6 +1494,16 @@ public async Task UpdateSessionAsync(
             // sign data with user token.
             UserIdentityToken identityToken = identity.GetIdentityToken();
             identityToken.PolicyId = identityPolicy.PolicyId;
+
+            dataToSign = securityPolicy.GetUserTokenSignatureData(
+                TransportChannel.SecureChannelHash,
+                serverNonce,
+                m_serverCertificate?.RawData,
+                TransportChannel.ServerChannelCertificate,
+                m_instanceCertificate?.RawData,
+                TransportChannel.ClientChannelCertificate,
+                m_clientNonce ?? []);
+
             SignatureData userTokenSignature = identityToken.Sign(
                 dataToSign,
                 tokenSecurityPolicyUri,
@@ -2279,12 +2314,23 @@ public async Task ReconnectAsync(
                 //
                 await LoadInstanceCertificateAsync(true, ct).ConfigureAwait(false);
 
+                string securityPolicyUri = m_endpoint.Description.SecurityPolicyUri;
+                SecurityPolicyInfo securityPolicy = SecurityPolicies.GetInfo(securityPolicyUri);
+
                 // create the client signature.
-                byte[] dataToSign = Utils.Append(m_serverCertificate?.RawData, m_serverNonce);
+                byte[] dataToSign = securityPolicy.GetClientSignatureData(
+                    TransportChannel.SecureChannelHash,
+                    m_serverNonce,
+                    m_serverCertificate?.RawData,
+                    TransportChannel.ServerChannelCertificate,
+                    TransportChannel.ClientChannelCertificate,
+                    m_clientNonce ?? []);
+
                 EndpointDescription endpoint = m_endpoint.Description;
-                SignatureData clientSignature = SecurityPolicies.Sign(
-                    m_instanceCertificate,
+
+                SignatureData clientSignature = SecurityPolicies.CreateSignatureData(
                     endpoint.SecurityPolicyUri,
+                    m_instanceCertificate,
                     dataToSign);
 
                 // check that the user identity is supported by the endpoint.
@@ -2323,6 +2369,16 @@ public async Task ReconnectAsync(
                 // sign data with user token.
                 UserIdentityToken identityToken = m_identity.GetIdentityToken();
                 identityToken.PolicyId = identityPolicy.PolicyId;
+
+                dataToSign = securityPolicy.GetUserTokenSignatureData(
+                    TransportChannel.SecureChannelHash,
+                    m_serverNonce,
+                    m_serverCertificate?.RawData,
+                    TransportChannel.ServerChannelCertificate,
+                    m_instanceCertificate?.RawData,
+                    TransportChannel.ClientChannelCertificate,
+                    m_clientNonce ?? []);
+
                 SignatureData userTokenSignature = identityToken.Sign(
                     dataToSign,
                     tokenSecurityPolicyUri,
@@ -3875,36 +3931,48 @@ private void ValidateServerSignature(
             SignatureData serverSignature,
             byte[]? clientCertificateData,
             byte[]? clientCertificateChainData,
-            byte[] clientNonce)
+            byte[] clientNonce,
+            byte[] serverNonce)
         {
             if (serverSignature == null || serverSignature.Signature == null)
             {
                 m_logger.LogInformation("Server signature is null or empty.");
-
-                //throw ServiceResultException.Create(
-                //    StatusCodes.BadSecurityChecksFailed,
-                //    "Server signature is null or empty.");
+                return;
             }
 
             // validate the server's signature.
-            byte[] dataToSign = Utils.Append(clientCertificateData, clientNonce);
+            SecurityPolicyInfo securityPolicy = SecurityPolicies.GetInfo(m_endpoint.Description.SecurityPolicyUri);
 
-            if (!SecurityPolicies.Verify(
-                    serverCertificate,
+            byte[] dataToSign = securityPolicy.GetServerSignatureData(
+                TransportChannel.SecureChannelHash,
+                clientNonce,
+                TransportChannel.ServerChannelCertificate,
+                clientCertificateData,
+                TransportChannel.ClientChannelCertificate,
+                serverNonce);
+
+            if (!SecurityPolicies.VerifySignatureData(
+                    serverSignature,
                     m_endpoint.Description.SecurityPolicyUri,
-                    dataToSign,
-                    serverSignature))
+                    serverCertificate,
+                    dataToSign))
             {
                 // validate the signature with complete chain if the check with leaf certificate failed.
                 if (clientCertificateChainData != null)
                 {
-                    dataToSign = Utils.Append(clientCertificateChainData, clientNonce);
-
-                    if (!SecurityPolicies.Verify(
-                        serverCertificate,
-                        m_endpoint.Description.SecurityPolicyUri,
-                        dataToSign,
-                        serverSignature))
+                    dataToSign = securityPolicy.GetServerSignatureData(
+                        TransportChannel.SecureChannelHash,
+                        clientNonce,
+                        TransportChannel.ServerChannelCertificate,
+                        clientCertificateChainData,
+                        TransportChannel.ClientChannelCertificate,
+                        serverNonce);
+
+                    if (!SecurityPolicies.VerifySignatureData(
+                            serverSignature,
+                            m_endpoint.Description.SecurityPolicyUri,
+                            serverCertificate,
+                            dataToSign))
                     {
                         throw ServiceResultException.Create(
                             StatusCodes.BadApplicationSignatureInvalid,
@@ -4166,15 +4234,6 @@ private static void UpdateDescription(
             return (result, error);
         }
 
-        /// <summary>
-        /// If available, returns the current nonce or null.
-        /// </summary>
-        private byte[]? GetCurrentTokenServerNonce()
-        {
-            ChannelToken? currentToken = (NullableTransportChannel as ISecureChannel)?.CurrentToken;
-            return currentToken?.ServerNonce;
-        }
-
         /// <summary>
         /// Handles the validation of server software certificates and application callback.
         /// </summary>
@@ -4807,11 +4866,11 @@ private RequestHeader CreateRequestHeaderPerUserTokenPolicy(
             }
             m_userTokenSecurityPolicyUri = userTokenSecurityPolicyUri;
 
-            if (EccUtils.IsEccPolicy(userTokenSecurityPolicyUri))
+            if (CryptoUtils.IsEccPolicy(userTokenSecurityPolicyUri))
             {
                 var parameters = new AdditionalParametersType();
                 parameters.Parameters.Add(
-                    new KeyValuePair { Key = "ECDHPolicyUri", Value = userTokenSecurityPolicyUri });
+                    new KeyValuePair { Key = AdditionalParameterNames.ECDHPolicyUri, Value = userTokenSecurityPolicyUri });
                 requestHeader.AdditionalHeader = new ExtensionObject(parameters);
             }
 
@@ -4839,7 +4898,25 @@ protected virtual void ProcessResponseAdditionalHeader(
             {
                 foreach (KeyValuePair ii in parameters.Parameters)
                 {
-                    if (ii.Key == "ECDHKey")
+                    if (ii.Key == AdditionalParameterNames.Padding)
+                    {
+                        if (ii.Value.TypeInfo != TypeInfo.Scalars.ByteString || ii.Value.Value is not byte[])
+                        {
+                            m_logger.LogWarning(
+                                "Server returned invalid message padding. Ignored.");
+                        }
+
+                        if (ii.Value.Value is byte[] padding && padding.Length > 4096)
+                        {
+                            m_logger.LogWarning(
+                                "Server returned a {Size}byte message padding that is too long. Ignored.",
+                                padding.Length);
+                        }
+
+                        continue;
+                    }
+
+                    if (ii.Key == AdditionalParameterNames.ECDHKey)
                     {
                         if (ii.Value.TypeInfo == TypeInfo.Scalars.StatusCode)
                         {
@@ -4856,7 +4933,7 @@ protected virtual void ProcessResponseAdditionalHeader(
                                 "Server did not provide a valid ECDHKey. User authentication not possible.");
                         }
 
-                        if (!EccUtils.Verify(
+                        if (!CryptoUtils.Verify(
                                 new ArraySegment<byte>(key.PublicKey),
                                 key.Signature,
                                 serverCertificate,
@@ -4868,7 +4945,7 @@ protected virtual void ProcessResponseAdditionalHeader(
                         }
 
                         m_eccServerEphemeralKey = Nonce.CreateNonce(
-                            m_userTokenSecurityPolicyUri,
+                            SecurityPolicies.GetInfo(m_userTokenSecurityPolicyUri),
                             key.PublicKey);
                     }
                 }
@@ -4951,6 +5028,7 @@ protected virtual void ProcessResponseAdditionalHeader(
         private readonly NodeCache m_nodeCache;
         private readonly List<IUserIdentity> m_identityHistory = [];
         private byte[]? m_serverNonce;
+        private byte[]? m_clientNonce;
         private byte[]? m_previousServerNonce;
         private X509Certificate2? m_serverCertificate;
         private uint m_publishCounter;
diff --git a/Libraries/Opc.Ua.Configuration/ApplicationInstance.cs b/Libraries/Opc.Ua.Configuration/ApplicationInstance.cs
index 6d1dbb31e0..2529912cd9 100644
--- a/Libraries/Opc.Ua.Configuration/ApplicationInstance.cs
+++ b/Libraries/Opc.Ua.Configuration/ApplicationInstance.cs
@@ -943,7 +943,7 @@ await DeleteApplicationInstanceCertificateAsync(configuration, id, ct).Configure
             else
             {
                 ECCurve? curve =
-                    EccUtils.GetCurveFromCertificateTypeId(id.CertificateType)
+                    CryptoUtils.GetCurveFromCertificateTypeId(id.CertificateType)
                     ?? throw new ServiceResultException(
                         StatusCodes.BadConfigurationError,
                         "The Ecc certificate type is not supported.");
diff --git a/Libraries/Opc.Ua.Server/Configuration/ConfigurationNodeManager.cs b/Libraries/Opc.Ua.Server/Configuration/ConfigurationNodeManager.cs
index 8e38212fd7..f34fb19d47 100644
--- a/Libraries/Opc.Ua.Server/Configuration/ConfigurationNodeManager.cs
+++ b/Libraries/Opc.Ua.Server/Configuration/ConfigurationNodeManager.cs
@@ -980,7 +980,7 @@ private X509Certificate2 GenerateTemporaryApplicationCertificate(
             else
             {
                 ECCurve? curve =
-                    EccUtils.GetCurveFromCertificateTypeId(certificateTypeId)
+                    CryptoUtils.GetCurveFromCertificateTypeId(certificateTypeId)
                     ?? throw new ServiceResultException(
                         StatusCodes.BadNotSupported,
                         "The Ecc certificate type is not supported.");
diff --git a/Libraries/Opc.Ua.Server/Server/StandardServer.cs b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
index f0c3b4cf08..e5428998c8 100644
--- a/Libraries/Opc.Ua.Server/Server/StandardServer.cs
+++ b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
@@ -537,10 +537,19 @@ X509Certificate2Collection clientCertificateChain
                     //  sign the client nonce (if provided).
                     if (parsedClientCertificate != null && clientNonce != null)
                     {
-                        byte[] dataToSign = Utils.Append(parsedClientCertificate.RawData, clientNonce);
-                        serverSignature = SecurityPolicies.Sign(
-                            instanceCertificate,
+                        SecurityPolicyInfo securityPolicy = SecurityPolicies.GetInfo(context.SecurityPolicyUri);
+
+                        byte[] dataToSign = securityPolicy.GetServerSignatureData(
+                            context.ChannelContext.SecureChannelHash,
+                            clientNonce,
+                            context.ChannelContext.ServerChannelCertificate,
+                            parsedClientCertificate.RawData,
+                            context.ChannelContext.ClientChannelCertificate,
+                            serverNonce);
+
+                        serverSignature = SecurityPolicies.CreateSignatureData(
                             context.SecurityPolicyUri,
+                            instanceCertificate,
                             dataToSign);
                     }
                 }
@@ -640,18 +649,18 @@ protected virtual AdditionalParametersType CreateSessionProcessAdditionalParamet
 
                 foreach (KeyValuePair ii in parameters.Parameters)
                 {
-                    if (ii.Key == "ECDHPolicyUri")
+                    if (ii.Key == AdditionalParameterNames.ECDHPolicyUri)
                     {
                         string policyUri = ii.Value.ToString();
 
-                        if (EccUtils.IsEccPolicy(policyUri))
+                        if (CryptoUtils.IsEccPolicy(policyUri))
                         {
                             session.SetEccUserTokenSecurityPolicy(policyUri);
                             EphemeralKeyType key = session.GetNewEccKey();
                             response.Parameters.Add(
                                 new KeyValuePair
                                 {
-                                    Key = "ECDHKey",
+                                    Key = AdditionalParameterNames.ECDHKey,
                                     Value = new ExtensionObject(key)
                                 });
                         }
@@ -660,7 +669,7 @@ protected virtual AdditionalParametersType CreateSessionProcessAdditionalParamet
                             response.Parameters.Add(
                                 new KeyValuePair
                                 {
-                                    Key = "ECDHKey",
+                                    Key = AdditionalParameterNames.ECDHKey,
                                     Value = StatusCodes.BadSecurityPolicyRejected
                                 });
                         }
@@ -689,7 +698,7 @@ protected virtual AdditionalParametersType ActivateSessionProcessAdditionalParam
             {
                 response = new AdditionalParametersType();
                 response.Parameters
-                    .Add(new KeyValuePair { Key = "ECDHKey", Value = new ExtensionObject(key) });
+                    .Add(new KeyValuePair { Key = AdditionalParameterNames.ECDHKey, Value = new ExtensionObject(key) });
             }
 
             return response;
diff --git a/Libraries/Opc.Ua.Server/Session/Session.cs b/Libraries/Opc.Ua.Server/Session/Session.cs
index 0f6f5c0182..4420a0d698 100644
--- a/Libraries/Opc.Ua.Server/Session/Session.cs
+++ b/Libraries/Opc.Ua.Server/Session/Session.cs
@@ -312,7 +312,7 @@ public virtual EphemeralKeyType GetNewEccKey()
 
                 var key = new EphemeralKeyType { PublicKey = m_eccUserTokenNonce.Data };
 
-                key.Signature = EccUtils.Sign(
+                key.Signature = CryptoUtils.Sign(
                     new ArraySegment<byte>(key.PublicKey),
                     m_serverCertificate,
                     m_eccUserTokenSecurityPolicyUri);
@@ -473,15 +473,21 @@ public void ValidateBeforeActivate(
                             StatusCodes.BadApplicationSignatureInvalid);
                     }
 
-                    byte[] dataToSign = Utils.Append(
+                    var securityPolicy = SecurityPolicies.GetInfo(EndpointDescription.SecurityPolicyUri);
+
+                    byte[] dataToSign = securityPolicy.GetClientSignatureData(
+                        context.ChannelContext.SecureChannelHash,
+                        m_serverNonce.Data,
                         m_serverCertificate.RawData,
-                        m_serverNonce.Data);
+                        context.ChannelContext.ServerChannelCertificate,
+                        context.ChannelContext.ClientChannelCertificate,
+                        ClientNonce);
 
-                    if (!SecurityPolicies.Verify(
-                            ClientCertificate,
+                    if (!SecurityPolicies.VerifySignatureData(
+                            clientSignature,
                             EndpointDescription.SecurityPolicyUri,
-                            dataToSign,
-                            clientSignature))
+                            ClientCertificate,
+                            dataToSign))
                     {
                         // verify for certificate chain in endpoint.
                         // validate the signature with complete chain if the check with leaf certificate failed.
@@ -502,15 +508,19 @@ public void ValidateBeforeActivate(
 
                             byte[] serverCertificateChainData = [.. serverCertificateChainList];
 
-                            dataToSign = Utils.Append(
+                            dataToSign = securityPolicy.GetClientSignatureData(
+                                context.ChannelContext.SecureChannelHash,
+                                m_serverNonce.Data,
                                 serverCertificateChainData,
-                                m_serverNonce.Data);
-
-                            if (!SecurityPolicies.Verify(
-                                    ClientCertificate,
-                                    EndpointDescription.SecurityPolicyUri,
-                                    dataToSign,
-                                    clientSignature))
+                                context.ChannelContext.ServerChannelCertificate,
+                                context.ChannelContext.ClientChannelCertificate,
+                                ClientNonce);
+
+                            if (!SecurityPolicies.VerifySignatureData(
+                                  clientSignature,
+                                  EndpointDescription.SecurityPolicyUri,
+                                  ClientCertificate,
+                                  dataToSign))
                             {
                                 throw new ServiceResultException(
                                     StatusCodes.BadApplicationSignatureInvalid);
@@ -543,6 +553,7 @@ public void ValidateBeforeActivate(
 
                 // validate the user identity token.
                 identityToken = ValidateUserIdentityToken(
+                    context,
                     userIdentityToken,
                     userTokenSignature,
                     out userTokenPolicy);
@@ -848,6 +859,7 @@ private ServiceResult OnUpdateSecurityDiagnostics(
         /// </summary>
         /// <exception cref="ServiceResultException"></exception>
         private UserIdentityToken ValidateUserIdentityToken(
+            OperationContext context,
             ExtensionObject identityToken,
             SignatureData userTokenSignature,
             out UserTokenPolicy policy)
@@ -1040,9 +1052,16 @@ private UserIdentityToken ValidateUserIdentityToken(
                 // verify the signature.
                 if (securityPolicyUri != SecurityPolicies.None)
                 {
-                    byte[] dataToSign = Utils.Append(
+                    var securityPolicy = SecurityPolicies.GetInfo(securityPolicyUri);
+
+                    byte[] dataToSign = securityPolicy.GetUserTokenSignatureData(
+                        context.ChannelContext.SecureChannelHash,
+                        m_serverNonce.Data,
                         m_serverCertificate.RawData,
-                        m_serverNonce.Data);
+                        context.ChannelContext.ServerChannelCertificate,
+                        ClientCertificate?.RawData,
+                        context.ChannelContext.ClientChannelCertificate,
+                        ClientNonce ?? []);
 
                     if (!token.Verify(dataToSign, userTokenSignature, securityPolicyUri, m_server.Telemetry))
                     {
diff --git a/Stack/Opc.Ua.Bindings.Https/Stack/Https/HttpsTransportListener.cs b/Stack/Opc.Ua.Bindings.Https/Stack/Https/HttpsTransportListener.cs
index c66ec8217a..a471870e3d 100644
--- a/Stack/Opc.Ua.Bindings.Https/Stack/Https/HttpsTransportListener.cs
+++ b/Stack/Opc.Ua.Bindings.Https/Stack/Https/HttpsTransportListener.cs
@@ -157,6 +157,8 @@ protected virtual void Dispose(bool disposing)
         /// <inheritdoc/>
         public string ListenerId { get; private set; }
 
+        internal byte[] ServerChannelCertificate { get; set; }
+
         /// <summary>
         /// Opens the listener and starts accepting connection.
         /// </summary>
@@ -287,6 +289,8 @@ private void ConfigureWebHost(IWebHostBuilder webHostBuilder)
                 m_logger.LogTrace("Copy of the private key for https was denied: {Message}", ce.Message);
             }
 #endif
+            // save the server certificate so it can be used in the secure channel context.
+            ServerChannelCertificate = serverCertificate.RawData;
 
             var httpsOptions = new HttpsConnectionAdapterOptions
             {
@@ -469,10 +473,13 @@ await WriteServiceResponseAsync(context, serviceResponse, ct)
                         return;
                     }
                 }
+
                 var secureChannelContext = new SecureChannelContext(
-                        ListenerId,
-                        endpoint,
-                        RequestEncoding.Binary);
+                    ListenerId,
+                    endpoint,
+                    RequestEncoding.Binary,
+                    context.Connection.ClientCertificate?.RawData,
+                    ServerChannelCertificate);
 
                 IServiceResponse output =
                     await m_callback.ProcessRequestAsync(
diff --git a/Stack/Opc.Ua.Core/Schema/SecuredApplicationHelpers.cs b/Stack/Opc.Ua.Core/Schema/SecuredApplicationHelpers.cs
index 07a06bd575..9125c18515 100644
--- a/Stack/Opc.Ua.Core/Schema/SecuredApplicationHelpers.cs
+++ b/Stack/Opc.Ua.Core/Schema/SecuredApplicationHelpers.cs
@@ -357,8 +357,17 @@ public static byte CalculateSecurityLevel(
                     result = 2;
                     break;
                 case SecurityPolicies.Basic256:
-                    logger.LogWarning(
-                        "Deprecated Security Policy Basic256 requested - Not rcommended.");
+                    logger.LogWarning("Deprecated Security Policy Basic256 requested - Not recommended.");
+                    result = 4;
+                    break;
+                case SecurityPolicies.ECC_nistP256:
+                case SecurityPolicies.ECC_nistP384:
+                    logger.LogWarning("Deprecated Security Policy {PolicyUri} requested - Use ECC_nistP[256/384]_AES.", policyUri);
+                    result = 4;
+                    break;
+                case SecurityPolicies.ECC_brainpoolP256r1:
+                case SecurityPolicies.ECC_brainpoolP384r1:
+                    logger.LogWarning("Deprecated Security Policy {PolicyUri} requested - Use ECC_brainpoolP[256/384]r1_AES.", policyUri);
                     result = 4;
                     break;
                 case SecurityPolicies.Basic256Sha256:
@@ -370,16 +379,16 @@ public static byte CalculateSecurityLevel(
                 case SecurityPolicies.Aes256_Sha256_RsaPss:
                     result = 10;
                     break;
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                    result = 11;
-                    break;
-                case SecurityPolicies.ECC_nistP256:
+                case SecurityPolicies.ECC_brainpoolP256r1_AES:
+                case SecurityPolicies.ECC_brainpoolP256r1_ChaChaPoly:
+                case SecurityPolicies.ECC_nistP256_AES:
+                case SecurityPolicies.ECC_nistP256_ChaChaPoly:
                     result = 12;
                     break;
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    result = 13;
-                    break;
-                case SecurityPolicies.ECC_nistP384:
+                case SecurityPolicies.ECC_nistP384_AES:
+                case SecurityPolicies.ECC_nistP384_ChaChaPoly:
+                case SecurityPolicies.ECC_brainpoolP384r1_AES:
+                case SecurityPolicies.ECC_brainpoolP384r1_ChaChaPoly:
                     result = 14;
                     break;
                 case SecurityPolicies.None:
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/CertificateIdentifier.cs b/Stack/Opc.Ua.Core/Security/Certificates/CertificateIdentifier.cs
index 7f0494e4e3..ce2f2d3193 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/CertificateIdentifier.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/CertificateIdentifier.cs
@@ -691,7 +691,7 @@ public static NodeId GetCertificateType(X509Certificate2 certificate)
                 case Oids.ECDsaWithSha384:
                 case Oids.ECDsaWithSha256:
                 case Oids.ECDsaWithSha512:
-                    return EccUtils.GetEccCertificateTypeId(certificate);
+                    return CryptoUtils.GetEccCertificateTypeId(certificate);
                 case Oids.RsaPkcs1Sha256:
                 case Oids.RsaPkcs1Sha384:
                 case Oids.RsaPkcs1Sha512:
@@ -722,7 +722,7 @@ public static bool ValidateCertificateType(
                 case Oids.ECDsaWithSha384:
                 case Oids.ECDsaWithSha256:
                 case Oids.ECDsaWithSha512:
-                    NodeId certType = EccUtils.GetEccCertificateTypeId(certificate);
+                    NodeId certType = CryptoUtils.GetEccCertificateTypeId(certificate);
                     if (certType.IsNullNodeId)
                     {
                         return false;
@@ -778,32 +778,45 @@ public static IList<NodeId> MapSecurityPolicyToCertificateTypes(string securityP
                 case SecurityPolicies.Basic256Sha256:
                 case SecurityPolicies.Aes128_Sha256_RsaOaep:
                 case SecurityPolicies.Aes256_Sha256_RsaPss:
+                case SecurityPolicies.RSA_DH_AES_GCM:
+                case SecurityPolicies.RSA_DH_ChaChaPoly:
                     result.Add(ObjectTypeIds.RsaSha256ApplicationCertificateType);
-                    goto default;
+                    break;
                 case SecurityPolicies.ECC_nistP256:
+                case SecurityPolicies.ECC_nistP256_AES:
+                case SecurityPolicies.ECC_nistP256_ChaChaPoly:
                     result.Add(ObjectTypeIds.EccNistP256ApplicationCertificateType);
                     goto case SecurityPolicies.ECC_nistP384;
                 case SecurityPolicies.ECC_nistP384:
+                case SecurityPolicies.ECC_nistP384_AES:
+                case SecurityPolicies.ECC_nistP384_ChaChaPoly:
                     result.Add(ObjectTypeIds.EccNistP384ApplicationCertificateType);
-                    goto default;
+                    break;
                 case SecurityPolicies.ECC_brainpoolP256r1:
+                case SecurityPolicies.ECC_brainpoolP256r1_AES:
+                case SecurityPolicies.ECC_brainpoolP256r1_ChaChaPoly:
                     result.Add(ObjectTypeIds.EccBrainpoolP256r1ApplicationCertificateType);
                     goto case SecurityPolicies.ECC_brainpoolP384r1;
                 case SecurityPolicies.ECC_brainpoolP384r1:
+                case SecurityPolicies.ECC_brainpoolP384r1_AES:
+                case SecurityPolicies.ECC_brainpoolP384r1_ChaChaPoly:
                     result.Add(ObjectTypeIds.EccBrainpoolP384r1ApplicationCertificateType);
-                    goto default;
+                    break;
                 case SecurityPolicies.ECC_curve25519:
+                case SecurityPolicies.ECC_curve25519_AES:
+                case SecurityPolicies.ECC_curve25519_ChaChaPoly:
                     result.Add(ObjectTypeIds.EccCurve25519ApplicationCertificateType);
-                    goto default;
+                    break;
                 case SecurityPolicies.ECC_curve448:
+                case SecurityPolicies.ECC_curve448_AES:
+                case SecurityPolicies.ECC_curve448_ChaChaPoly:
                     result.Add(ObjectTypeIds.EccCurve448ApplicationCertificateType);
-                    goto default;
+                    break;
                 case SecurityPolicies.Https:
                     result.Add(ObjectTypeIds.HttpsCertificateType);
-                    goto default;
-                default:
-                    return result;
+                    break;
             }
+            return result;
         }
 
         /// <summary>
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs b/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs
similarity index 83%
rename from Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs
rename to Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs
index 93d7b07e29..262db18009 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs
@@ -13,6 +13,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 using System;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
+using Opc.Ua.Bindings;
 using Opc.Ua.Security.Certificates;
 #if CURVE25519
 using Org.BouncyCastle.Pkcs;
@@ -32,7 +33,7 @@ namespace Opc.Ua
     /// <summary>
     /// Defines functions to implement ECC cryptography.
     /// </summary>
-    public static class EccUtils
+    public static class CryptoUtils
     {
         /// <summary>
         /// The name of the NIST P-256 curve.
@@ -64,9 +65,11 @@ public static class EccUtils
         /// </summary>
         public static bool IsEccPolicy(string securityPolicyUri)
         {
-            if (securityPolicyUri != null)
+            var info = SecurityPolicies.GetInfo(securityPolicyUri);
+
+            if (info != null)
             {
-                return securityPolicyUri.Contains("#ECC_", StringComparison.Ordinal);
+                return info.CertificateKeyFamily == CertificateKeyFamily.ECC;
             }
 
             return false;
@@ -332,8 +335,8 @@ public static byte[] Sign(
             X509Certificate2 signingCertificate,
             string securityPolicyUri)
         {
-            HashAlgorithmName algorithm = GetSignatureAlgorithmName(securityPolicyUri);
-            return Sign(dataToSign, signingCertificate, algorithm);
+            var info = SecurityPolicies.GetInfo(securityPolicyUri);
+            return Sign(dataToSign, signingCertificate, info.AsymmetricSignatureAlgorithm);
         }
 
         /// <summary>
@@ -343,53 +346,23 @@ public static byte[] Sign(
         public static byte[] Sign(
             ArraySegment<byte> dataToSign,
             X509Certificate2 signingCertificate,
-            HashAlgorithmName algorithm)
+            AsymmetricSignatureAlgorithm algorithm)
         {
-#if CURVE25519
-            var publicKey = signingCertificate.BcCertificate.GetPublicKey();
+            // get the algorithm used for the signature.
+            HashAlgorithmName hashAlgorithm;
 
-            if (publicKey is Ed25519PublicKeyParameters)
+            switch (algorithm)
             {
-                var signer = new Ed25519Signer();
-
-                signer.Init(true, signingCertificate.BcPrivateKey);
-                signer.BlockUpdate(dataToSign.Array, dataToSign.Offset, dataToSign.Count);
-                byte[] signature = signer.GenerateSignature();
-#if DEBUG
-                var verifier = new Ed25519Signer();
-
-                verifier.Init(false, signingCertificate.BcCertificate.GetPublicKey());
-                verifier.BlockUpdate(dataToSign.Array, dataToSign.Offset, dataToSign.Count);
-
-                if (!verifier.VerifySignature(signature))
-                {
-                    throw new ServiceResultException(StatusCodes.BadSecurityChecksFailed, "Could not verify signature.");
-                }
-#endif
-                return signature;
+                case AsymmetricSignatureAlgorithm.EcdsaSha384:
+                    hashAlgorithm = HashAlgorithmName.SHA384;
+                    break;
+                case AsymmetricSignatureAlgorithm.EcdsaSha256:
+                    hashAlgorithm = HashAlgorithmName.SHA256;
+                    break;
+                default:
+                    throw new NotSupportedException($"AsymmetricSignatureAlgorithm not supported: {algorithm}");
             }
 
-            if (publicKey is Ed448PublicKeyParameters)
-            {
-                var signer = new Ed448Signer(new byte[32]);
-
-                signer.Init(true, signingCertificate.BcPrivateKey);
-                signer.BlockUpdate(dataToSign.Array, dataToSign.Offset, dataToSign.Count);
-                byte[] signature = signer.GenerateSignature();
-#if DEBUG
-                var verifier = new Ed448Signer(new byte[32]);
-
-                verifier.Init(false, signingCertificate.BcCertificate.GetPublicKey());
-                verifier.BlockUpdate(dataToSign.Array, dataToSign.Offset, dataToSign.Count);
-
-                if (!verifier.VerifySignature(signature))
-                {
-                    throw new ServiceResultException(StatusCodes.BadSecurityChecksFailed, "Could not verify signature.");
-                }
-#endif
-                return signature;
-            }
-#endif
             ECDsa senderPrivateKey =
                 signingCertificate.GetECDsaPrivateKey()
                 ?? throw new ServiceResultException(
@@ -402,19 +375,7 @@ public static byte[] Sign(
                     dataToSign.Array,
                     dataToSign.Offset,
                     dataToSign.Count,
-                    algorithm);
-
-#if DEBUGxxx
-                using (ECDsa ecdsa = EccUtils.GetPublicKey(new X509Certificate2(signingCertificate.RawData)))
-                {
-                    if (!ecdsa.VerifyData(dataToSign.Array, dataToSign.Offset, dataToSign.Count, signature, algorithm))
-                    {
-                        throw new ServiceResultException(
-                            StatusCodes.BadSecurityChecksFailed,
-                            "Could not verify signature.");
-                    }
-                }
-#endif
+                    hashAlgorithm);
 
                 return signature;
             }
@@ -429,11 +390,20 @@ public static bool Verify(
             X509Certificate2 signingCertificate,
             string securityPolicyUri)
         {
+            var info = SecurityPolicies.GetInfo(securityPolicyUri);
+
+            if (info == null)
+            {
+                throw new ServiceResultException(
+                    StatusCodes.BadSecurityChecksFailed,
+                    $"Unknown security policy: {securityPolicyUri}");
+            }
+
             return Verify(
                 dataToVerify,
                 signature,
                 signingCertificate,
-                GetSignatureAlgorithmName(securityPolicyUri));
+                info.AsymmetricSignatureAlgorithm);
         }
 
         /// <summary>
@@ -443,48 +413,31 @@ public static bool Verify(
             ArraySegment<byte> dataToVerify,
             byte[] signature,
             X509Certificate2 signingCertificate,
-            HashAlgorithmName algorithm)
+            AsymmetricSignatureAlgorithm algorithm)
         {
-#if CURVE25519
-            var publicKey = signingCertificate.BcCertificate.GetPublicKey();
+            // get the algorithm used for the signature.
+            HashAlgorithmName hashAlgorithm;
 
-            if (publicKey is Ed25519PublicKeyParameters)
+            switch (algorithm)
             {
-                var verifier = new Ed25519Signer();
-
-                verifier.Init(false, signingCertificate.BcCertificate.GetPublicKey());
-                verifier.BlockUpdate(dataToVerify.Array, dataToVerify.Offset, dataToVerify.Count);
-
-                if (!verifier.VerifySignature(signature))
-                {
-                    return false;
-                }
-
-                return true;
+                case AsymmetricSignatureAlgorithm.EcdsaSha384:
+                    hashAlgorithm = HashAlgorithmName.SHA384;
+                    break;
+                case AsymmetricSignatureAlgorithm.EcdsaSha256:
+                    hashAlgorithm = HashAlgorithmName.SHA256;
+                    break;
+                default:
+                    throw new NotSupportedException($"AsymmetricSignatureAlgorithm not supported: {algorithm}.");
             }
 
-            if (publicKey is Ed448PublicKeyParameters)
-            {
-                var verifier = new Ed448Signer(new byte[32]);
-
-                verifier.Init(false, signingCertificate.BcCertificate.GetPublicKey());
-                verifier.BlockUpdate(dataToVerify.Array, dataToVerify.Offset, dataToVerify.Count);
-
-                if (!verifier.VerifySignature(signature))
-                {
-                    return false;
-                }
-
-                return true;
-            }
-#endif
             using ECDsa ecdsa = GetPublicKey(signingCertificate);
+
             return ecdsa.VerifyData(
                 dataToVerify.Array,
                 dataToVerify.Offset,
                 dataToVerify.Count,
                 signature,
-                algorithm);
+                hashAlgorithm);
         }
 
         /// <summary>
@@ -561,21 +514,15 @@ private static ArraySegment<byte> RemovePadding(ArraySegment<byte> data, int blo
         /// <summary>
         /// Encrypts the buffer using the algorithm specified by the security policy.
         /// </summary>
-        /// <param name="data">The data to encrypt.</param>
-        /// <param name="securityPolicy">The security policy to use.</param>
-        /// <param name="encryptingKey">The key to use for encryption.</param>
-        /// <param name="iv">The initialization vector to use for encryption.</param>
-        /// <param name="signingKey">The key to use for signing.</param>
-        /// <param name="signOnly">If TRUE, the data is not encrypted.</param>
-        /// <returns>The encrypted buffer.</returns>
-        /// <exception cref="NotSupportedException"></exception>
         public static ArraySegment<byte> SymmetricEncryptAndSign(
             ArraySegment<byte> data,
             SecurityPolicyInfo securityPolicy,
             byte[] encryptingKey,
             byte[] iv,
             byte[] signingKey = null,
-            bool signOnly = false)
+            bool signOnly = false,
+            uint tokenId = 0,
+            uint lastSequenceNumber = 0)
         {
             SymmetricEncryptionAlgorithm algorithm = securityPolicy.SymmetricEncryptionAlgorithm;
 
@@ -587,7 +534,7 @@ public static ArraySegment<byte> SymmetricEncryptAndSign(
             if (algorithm is SymmetricEncryptionAlgorithm.Aes128Gcm or SymmetricEncryptionAlgorithm.Aes256Gcm)
             {
 #if NET8_0_OR_GREATER
-                return EncryptWithAesGcm(encryptingKey, iv, signOnly, data);
+                return EncryptWithAesGcm(data, encryptingKey, iv, signOnly, tokenId, lastSequenceNumber);
 #else
                 throw new NotSupportedException("AES-GCM requires .NET 8 or greater.");
 #endif
@@ -601,7 +548,8 @@ public static ArraySegment<byte> SymmetricEncryptAndSign(
                     encryptingKey,
                     iv,
                     signOnly,
-                    true);
+                    tokenId,
+                    lastSequenceNumber);
 #else
                 throw new NotSupportedException("ChaCha20Poly1305 requires .NET 8 or greater.");
 #endif
@@ -632,6 +580,7 @@ public static ArraySegment<byte> SymmetricEncryptAndSign(
 
             if (!signOnly)
             {
+#pragma warning disable CA5401 // Symmetric encryption uses non-default initialization vector
                 using var aes = Aes.Create();
 
                 aes.Mode = CipherMode.CBC;
@@ -640,6 +589,7 @@ public static ArraySegment<byte> SymmetricEncryptAndSign(
                 aes.IV = iv;
 
                 using ICryptoTransform encryptor = aes.CreateEncryptor();
+#pragma warning restore CA5401
 
                 encryptor.TransformBlock(
                     data.Array,
@@ -653,6 +603,23 @@ public static ArraySegment<byte> SymmetricEncryptAndSign(
         }
 
 #if NET8_0_OR_GREATER
+        private static byte[] ApplyAeadMask(uint tokenId, uint lastSequenceNumber, byte[] iv)
+        {
+            var copy = new byte[iv.Length];
+            Buffer.BlockCopy(iv, 0, copy, 0, iv.Length);
+
+            copy[0] ^= (byte)((tokenId & 0x000000FF));
+            copy[1] ^= (byte)((tokenId & 0x0000FF00) >> 8);
+            copy[2] ^= (byte)((tokenId & 0x00FF0000) >> 16);
+            copy[3] ^= (byte)((tokenId & 0xFF000000) >> 24);
+            copy[4] ^= (byte)((lastSequenceNumber & 0x000000FF));
+            copy[5] ^= (byte)((lastSequenceNumber & 0x0000FF00) >> 8);
+            copy[6] ^= (byte)((lastSequenceNumber & 0x00FF0000) >> 16);
+            copy[7] ^= (byte)((lastSequenceNumber & 0xFF000000) >> 24);
+
+            return copy;
+        }
+
         private const int kChaChaPolyIvLength = 12;
         private const int kChaChaPolyTagLength = 16;
 
@@ -661,7 +628,8 @@ private static ArraySegment<byte> EncryptWithChaCha20Poly1305(
             byte[] encryptingKey,
             byte[] iv,
             bool signOnly,
-            bool noPadding)
+            uint tokenId,
+            uint lastSequenceNumber)
         {
             if (encryptingKey == null || encryptingKey.Length != 32)
             {
@@ -673,11 +641,6 @@ private static ArraySegment<byte> EncryptWithChaCha20Poly1305(
                 throw new ArgumentException("ChaCha20-Poly1305 requires a 96-bit (12-byte) nonce.", nameof(iv));
             }
 
-            if (!noPadding && !signOnly)
-            {
-                data = AddPadding(data, iv.Length);
-            }
-
             byte[] ciphertext = new byte[signOnly ? 0 : data.Count];
             byte[] tag = new byte[kChaChaPolyTagLength]; // ChaCha20-Poly1305/AES-GCM uses 128-bit authentication tag
 
@@ -688,6 +651,8 @@ private static ArraySegment<byte> EncryptWithChaCha20Poly1305(
 
             using var chacha = new ChaCha20Poly1305(encryptingKey);
 
+            iv = ApplyAeadMask(tokenId, lastSequenceNumber, iv);
+
             chacha.Encrypt(
                 iv,
                 signOnly ? Array.Empty<byte>() : data,
@@ -695,6 +660,13 @@ private static ArraySegment<byte> EncryptWithChaCha20Poly1305(
                 tag,
                 extraData);
 
+#if xDEBUG
+            Console.WriteLine($"E.iv={TcpMessageType.KeyToString(iv)}");
+            Console.WriteLine($"E.extraData={TcpMessageType.KeyToString(extraData.ToArray())}");
+            Console.WriteLine($"E.tag={TcpMessageType.KeyToString(tag)}");
+            Console.WriteLine($"E.ciphertext={TcpMessageType.KeyToString(ciphertext)}");
+#endif
+
             // Return layout: [associated data | ciphertext | tag]
             if (!signOnly)
             {
@@ -716,7 +688,8 @@ private static ArraySegment<byte> DecryptWithChaCha20Poly1305(
            byte[] encryptingKey,
            byte[] iv,
            bool signOnly,
-           bool noPadding)
+           uint tokenId,
+           uint lastSequenceNumber)
         {
             if (encryptingKey == null || encryptingKey.Length != 32)
             {
@@ -752,6 +725,15 @@ private static ArraySegment<byte> DecryptWithChaCha20Poly1305(
 
             using var chacha = new ChaCha20Poly1305(encryptingKey);
 
+            iv = ApplyAeadMask(tokenId, lastSequenceNumber, iv);
+
+#if xDEBUG
+            Console.WriteLine($"D.iv={TcpMessageType.KeyToString(iv)}");
+            Console.WriteLine($"D.extraData={TcpMessageType.KeyToString(extraData.ToArray())}");
+            Console.WriteLine($"D.tag={TcpMessageType.KeyToString(tag.ToArray())}");
+            Console.WriteLine($"D.ciphertext={TcpMessageType.KeyToString(encryptedData.ToArray())}");
+#endif
+
             chacha.Decrypt(
                 iv,
                 encryptedData,
@@ -765,11 +747,6 @@ private static ArraySegment<byte> DecryptWithChaCha20Poly1305(
                 Buffer.BlockCopy(plaintext, 0, data.Array, data.Offset, encryptedData.Count);
             }
 
-            if (!noPadding && !signOnly)
-            {
-                return RemovePadding(new ArraySegment<byte>(data.Array, data.Offset, data.Count - kChaChaPolyTagLength), iv.Length);
-            }
-
             return new ArraySegment<byte>(data.Array, 0, data.Offset + data.Count - kChaChaPolyTagLength);
         }
 #endif
@@ -779,10 +756,12 @@ private static ArraySegment<byte> DecryptWithChaCha20Poly1305(
         private const int kAesGcmTagLength = 16;
 
         private static ArraySegment<byte> EncryptWithAesGcm(
+            ArraySegment<byte> data,
             byte[] encryptingKey,
             byte[] iv,
             bool signOnly,
-            ArraySegment<byte> data)
+            uint tokenId,
+            uint lastSequenceNumber)
         {
             if (encryptingKey == null)
             {
@@ -794,11 +773,6 @@ private static ArraySegment<byte> EncryptWithAesGcm(
                 throw new ArgumentException("AES-GCM requires a 96-bit (12-byte) IV/nonce.", nameof(iv));
             }
 
-            if (!signOnly)
-            {
-                data = AddPadding(data, iv.Length);
-            }
-
             byte[] ciphertext = new byte[signOnly ? 0 : data.Count];
             byte[] tag = new byte[kAesGcmTagLength]; // AES-GCM uses 128-bit authentication tag
 
@@ -809,6 +783,9 @@ private static ArraySegment<byte> EncryptWithAesGcm(
 
             using var aesGcm = new AesGcm(encryptingKey, kAesGcmTagLength);
 
+            //Console.WriteLine($"Prior={TcpMessageType.KeyToString(iv)} tokenId={tokenId} lastSequenceNumber={lastSequenceNumber}");
+            iv = ApplyAeadMask(tokenId, lastSequenceNumber, iv);
+
             aesGcm.Encrypt(
                 iv,
                 signOnly ? Array.Empty<byte>() : data,
@@ -816,6 +793,13 @@ private static ArraySegment<byte> EncryptWithAesGcm(
                 tag,
                 extraData);
 
+#if xDEBUG
+            Console.WriteLine($"E.iv={TcpMessageType.KeyToString(iv)}");
+            Console.WriteLine($"E.extraData={TcpMessageType.KeyToString(extraData.ToArray())}");
+            Console.WriteLine($"E.tag={TcpMessageType.KeyToString(tag)}");
+            Console.WriteLine($"E.ciphertext={TcpMessageType.KeyToString(ciphertext)}");
+#endif
+
             // Return layout: [associated data | ciphertext | tag]
             if (!signOnly)
             {
@@ -836,7 +820,9 @@ private static ArraySegment<byte> DecryptWithAesGcm(
             ArraySegment<byte> data,
             byte[] encryptingKey,
             byte[] iv,
-            bool signOnly)
+            bool signOnly,
+            uint tokenId,
+            uint lastSequenceNumber)
         {
             if (encryptingKey == null)
             {
@@ -872,6 +858,16 @@ private static ArraySegment<byte> DecryptWithAesGcm(
 
             using var aesGcm = new AesGcm(encryptingKey, kAesGcmTagLength);
 
+            //Console.WriteLine($"Prior={TcpMessageType.KeyToString(iv)} tokenId={tokenId} lastSequenceNumber={lastSequenceNumber}");
+            iv = ApplyAeadMask(tokenId, lastSequenceNumber, iv);
+
+#if xDEBUG
+            Console.WriteLine($"D.iv={TcpMessageType.KeyToString(iv)}");
+            Console.WriteLine($"D.extraData={TcpMessageType.KeyToString(extraData.ToArray())}");
+            Console.WriteLine($"D.tag={TcpMessageType.KeyToString(tag.ToArray())}");
+            Console.WriteLine($"D.ciphertext={TcpMessageType.KeyToString(encryptedData.ToArray())}");
+#endif
+
             aesGcm.Decrypt(
                 iv,
                 encryptedData,
@@ -885,27 +881,24 @@ private static ArraySegment<byte> DecryptWithAesGcm(
                 Buffer.BlockCopy(plaintext, 0, data.Array, data.Offset, encryptedData.Count);
             }
 
-            if (!signOnly)
-            {
-                return RemovePadding(new ArraySegment<byte>(data.Array, data.Offset, data.Count - kAesGcmTagLength), iv.Length);
-            }
-
             return new ArraySegment<byte>(data.Array, 0, data.Offset + data.Count - kAesGcmTagLength);
         }
 #endif
 
-        /// <summary>
-        /// Decrypts the buffer using the algorithm specified by the security policy.
-        /// </summary>
-        /// <exception cref="CryptographicException"></exception>
-        /// <exception cref="NotSupportedException"></exception>
+            /// <summary>
+            /// Decrypts the buffer using the algorithm specified by the security policy.
+            /// </summary>
+            /// <exception cref="CryptographicException"></exception>
+            /// <exception cref="NotSupportedException"></exception>
         public static ArraySegment<byte> SymmetricDecryptAndVerify(
            ArraySegment<byte> data,
            SecurityPolicyInfo securityPolicy,
            byte[] encryptingKey,
            byte[] iv,
            byte[] signingKey = null,
-           bool signOnly = false)
+           bool signOnly = false,
+           uint tokenId = 0,
+           uint lastSequenceNumber = 0)
         {
             SymmetricEncryptionAlgorithm algorithm = securityPolicy.SymmetricEncryptionAlgorithm;
 
@@ -917,7 +910,7 @@ public static ArraySegment<byte> SymmetricDecryptAndVerify(
             if (algorithm is SymmetricEncryptionAlgorithm.Aes128Gcm or SymmetricEncryptionAlgorithm.Aes256Gcm)
             {
 #if NET8_0_OR_GREATER
-                return DecryptWithAesGcm(data, encryptingKey, iv, signOnly);
+                return DecryptWithAesGcm(data, encryptingKey, iv, signOnly, tokenId, lastSequenceNumber);
 #else
                 throw new NotSupportedException("AES-GCM requires .NET 8 or greater.");
 #endif
@@ -931,7 +924,8 @@ public static ArraySegment<byte> SymmetricDecryptAndVerify(
                     encryptingKey,
                     iv,
                     signOnly,
-                    true);
+                    tokenId,
+                    lastSequenceNumber);
 #else
                 throw new NotSupportedException("ChaCha20Poly1305 requires .NET 8 or greater.");
 #endif
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/EncryptedSecret.cs b/Stack/Opc.Ua.Core/Security/Certificates/EncryptedSecret.cs
index 049c97af01..b7cc7f893d 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/EncryptedSecret.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/EncryptedSecret.cs
@@ -11,6 +11,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */
 
 using System;
+using System.IO;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 #if CURVE25519
@@ -46,8 +47,13 @@ public EncryptedSecret(
             ReceiverNonce = receiverNonce;
             ReceiverCertificate = receiverCertificate;
             Validator = validator;
-            SecurityPolicyUri = securityPolicyUri;
+            SecurityPolicy = SecurityPolicies.GetInfo(securityPolicyUri);
             Context = context;
+
+            if (SecurityPolicy == null)
+            {
+                throw new ArgumentException($"Cannot resolve SecurityPolicy '{securityPolicyUri}'.", nameof(securityPolicyUri));
+            }
         }
 
         /// <summary>
@@ -86,343 +92,62 @@ public EncryptedSecret(
         public CertificateValidator Validator { get; }
 
         /// <summary>
-        /// Gets or sets the security policy URI.
+        /// Gets or sets the security policy.
         /// </summary>
-        public string SecurityPolicyUri { get; private set; }
+        public SecurityPolicyInfo SecurityPolicy { get; private set; }
 
         /// <summary>
         /// Service message context to use
         /// </summary>
         public IServiceMessageContext Context { get; }
 
-        /// <summary>
-        /// Encrypts a secret using the specified nonce, encrypting key, and initialization vector (IV).
-        /// </summary>
-        /// <param name="secret">The secret to encrypt.</param>
-        /// <param name="nonce">The nonce to use for encryption.</param>
-        /// <param name="encryptingKey">The key to use for encryption.</param>
-        /// <param name="iv">The initialization vector to use for encryption.</param>
-        /// <returns>The encrypted secret.</returns>
-        /// <exception cref="ServiceResultException"></exception>
-        private byte[] EncryptSecret(
-            byte[] secret,
-            byte[] nonce,
-            byte[] encryptingKey,
-            byte[] iv)
-        {
-#if CURVE25519
-            bool useAuthenticatedEncryption = false;
-            if (SenderCertificate.BcCertificate.GetPublicKey() is Ed25519PublicKeyParameters
-                || SenderCertificate.BcCertificate.GetPublicKey() is Ed448PublicKeyParameters)
-            {
-                useAuthenticatedEncryption = true;
-            }
-#endif
-            byte[] dataToEncrypt = null;
-
-            using (var encoder = new BinaryEncoder(Context))
-            {
-                encoder.WriteByteString(null, nonce);
-                encoder.WriteByteString(null, secret);
-
-                // add padding.
-                int paddingSize = iv.Length - ((encoder.Position + 2) % iv.Length);
-                paddingSize %= iv.Length;
-
-                if (secret.Length + paddingSize < iv.Length)
-                {
-                    paddingSize += iv.Length;
-                }
-
-                for (int ii = 0; ii < paddingSize; ii++)
-                {
-                    encoder.WriteByte(null, (byte)(paddingSize & 0xFF));
-                }
-
-                encoder.WriteUInt16(null, (ushort)paddingSize);
-
-                dataToEncrypt = encoder.CloseAndReturnBuffer();
-            }
-#if CURVE25519
-            if (useAuthenticatedEncryption)
-            {
-                return EncryptWithChaCha20Poly1305(encryptingKey, iv, dataToEncrypt);
-            }
-#endif
-            using (var aes = Aes.Create())
-            {
-                aes.Mode = CipherMode.CBC;
-                aes.Padding = PaddingMode.None;
-                aes.Key = encryptingKey;
-                aes.IV = iv;
-
-#pragma warning disable CA5401 // Symmetric encryption uses non-default initialization vector, which could be potentially repeatable
-                using ICryptoTransform encryptor = aes.CreateEncryptor();
-#pragma warning restore CA5401 // Symmetric encryption uses non-default initialization vector, which could be potentially repeatable
-                if (dataToEncrypt.Length % encryptor.InputBlockSize != 0)
-                {
-                    throw ServiceResultException.Create(
-                        StatusCodes.BadSecurityChecksFailed,
-                        "Input data is not an even number of encryption blocks.");
-                }
-
-                encryptor.TransformBlock(dataToEncrypt, 0, dataToEncrypt.Length, dataToEncrypt, 0);
-            }
-
-            return dataToEncrypt;
-        }
-
-#if CURVE25519
-        /// <summary>
-        /// Encrypts the given data using the ChaCha20Poly1305 algorithm with the provided key and initialization vector (IV).
-        /// </summary>
-        /// <param name="encryptingKey">The key used for encryption.</param>
-        /// <param name="iv">The initialization vector used for encryption.</param>
-        /// <param name="dataToEncrypt">The data to be encrypted.</param>
-        /// <returns>The encrypted data.</returns>
-        private static byte[] EncryptWithChaCha20Poly1305(byte[] encryptingKey, byte[] iv, byte[] dataToEncrypt)
-        {
-            Utils.Trace($"EncryptKey={Utils.ToHexString(encryptingKey)}");
-            Utils.Trace($"EncryptIV={Utils.ToHexString(iv)}");
-
-            int signatureLength = 16;
-
-            AeadParameters parameters = new AeadParameters(
-                new KeyParameter(encryptingKey),
-                signatureLength * 8,
-                iv,
-                null);
-
-            ChaCha20Poly1305 encryptor = new ChaCha20Poly1305();
-            encryptor.Init(true, parameters);
-
-            byte[] ciphertext = new byte[encryptor.GetOutputSize(dataToEncrypt.Length)];
-            int length = encryptor.ProcessBytes(dataToEncrypt, 0, dataToEncrypt.Length, ciphertext, 0);
-            length += encryptor.DoFinal(ciphertext, length);
-
-            if (ciphertext.Length != length)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    $"CipherText not the expected size. [{ciphertext.Length} != {length}]");
-            }
-
-            return ciphertext;
-        }
-
-        /// <summary>
-        /// Decrypts the given data using the ChaCha20Poly1305 algorithm with the provided key and initialization vector (IV).
-        /// </summary>
-        /// <param name="encryptingKey">The key used for encryption.</param>
-        /// <param name="iv">The initialization vector used for encryption.</param>
-        /// <param name="dataToDecrypt">The data to be decrypted.</param>
-        /// <param name="offset">The offset in the data to start decrypting from.</param>
-        /// <param name="count">The number of bytes to decrypt.</param>
-        /// <returns>An <see cref="ArraySegment{T}"/> containing the decrypted data.</returns>
-        /// <exception cref="ServiceResultException">Thrown if the plaintext is not the expected size or too short, or if the nonce is invalid.</exception>
-        private ArraySegment<byte> DecryptWithChaCha20Poly1305(
-            byte[] encryptingKey,
-            byte[] iv,
-            byte[] dataToDecrypt,
-            int offset,
-            int count)
-        {
-            Utils.Trace($"EncryptKey={Utils.ToHexString(encryptingKey)}");
-            Utils.Trace($"EncryptIV={Utils.ToHexString(iv)}");
-
-            int signatureLength = 16;
-
-            AeadParameters parameters = new AeadParameters(
-                new KeyParameter(encryptingKey),
-                signatureLength * 8,
-                iv,
-                null);
-
-            ChaCha20Poly1305 decryptor = new ChaCha20Poly1305();
-            decryptor.Init(false, parameters);
-
-            byte[] plaintext = new byte[decryptor.GetOutputSize(count)];
-            int length = decryptor.ProcessBytes(dataToDecrypt, offset, count, plaintext, 0);
-            length += decryptor.DoFinal(plaintext, length);
-
-            if (plaintext.Length != length || plaintext.Length < iv.Length)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    $"PlainText not the expected size or too short. [{count} != {length}]");
-            }
-
-            ushort paddingSize = plaintext[length - 1];
-            paddingSize <<= 8;
-            paddingSize += plaintext[length - 2];
-
-            int notvalid = (paddingSize < length) ? 0 : 1;
-            int start = length - paddingSize - 2;
-
-            for (int ii = 0; ii < length - 2 && ii < paddingSize; ii++)
-            {
-                if (start < 0 || start + ii >= plaintext.Length)
-                {
-                    notvalid |= 1;
-                    continue;
-                }
-
-                notvalid |= plaintext[start + ii] ^ (paddingSize & 0xFF);
-            }
-
-            if (notvalid != 0)
-            {
-                throw new ServiceResultException(StatusCodes.BadNonceInvalid);
-            }
-
-            return new ArraySegment<byte>(plaintext, 0, start);
-        }
-#endif
-
-        /// <summary>
-        /// Decrypts the specified data using the provided encrypting key and initialization vector (IV).
-        /// </summary>
-        /// <param name="dataToDecrypt">The data to decrypt.</param>
-        /// <param name="offset">The offset in the data to start decrypting from.</param>
-        /// <param name="count">The number of bytes to decrypt.</param>
-        /// <param name="encryptingKey">The key to use for decryption.</param>
-        /// <param name="iv">The initialization vector to use for decryption.</param>
-        /// <returns>The decrypted data.</returns>
-        /// <exception cref="ServiceResultException">Thrown if the input data is not an even number of encryption blocks or if the nonce is invalid.</exception>
-        private ArraySegment<byte> DecryptSecret(
-            byte[] dataToDecrypt,
-            int offset,
-            int count,
-            byte[] encryptingKey,
-            byte[] iv)
-        {
-#if CURVE25519
-            bool useAuthenticatedEncryption = false;
-            if (SenderCertificate.BcCertificate.GetPublicKey() is Ed25519PublicKeyParameters
-                || SenderCertificate.BcCertificate.GetPublicKey() is Ed448PublicKeyParameters)
-            {
-                useAuthenticatedEncryption = true;
-            }
-            if (useAuthenticatedEncryption)
-            {
-                return DecryptWithChaCha20Poly1305(encryptingKey, iv, dataToDecrypt, offset, count);
-            }
-#endif
-            using (var aes = Aes.Create())
-            {
-                aes.Mode = CipherMode.CBC;
-                aes.Padding = PaddingMode.None;
-                aes.Key = encryptingKey;
-                aes.IV = iv;
-
-                using ICryptoTransform decryptor = aes.CreateDecryptor();
-                if (count % decryptor.InputBlockSize != 0)
-                {
-                    throw ServiceResultException.Create(
-                        StatusCodes.BadSecurityChecksFailed,
-                        "Input data is not an even number of encryption blocks.");
-                }
-
-                decryptor.TransformBlock(dataToDecrypt, offset, count, dataToDecrypt, offset);
-            }
-
-            ushort paddingSize = dataToDecrypt[offset + count - 1];
-            paddingSize <<= 8;
-            paddingSize += dataToDecrypt[offset + count - 2];
-
-            int notvalid = paddingSize < count ? 0 : 1;
-            int start = offset + count - paddingSize - 2;
-
-            for (int ii = 0; ii < count - 2 && ii < paddingSize; ii++)
-            {
-                if (start < 0 || start + ii >= dataToDecrypt.Length)
-                {
-                    notvalid |= 1;
-                    continue;
-                }
-
-                notvalid |= dataToDecrypt[start + ii] ^ (paddingSize & 0xFF);
-            }
-
-            if (notvalid != 0)
-            {
-                throw new ServiceResultException(StatusCodes.BadNonceInvalid);
-            }
-
-            return new ArraySegment<byte>(dataToDecrypt, offset, count - paddingSize);
-        }
-
-        private static readonly byte[] s_label = System.Text.Encoding.UTF8.GetBytes("opcua-secret");
+        private static readonly byte[] s_secretLabel = System.Text.Encoding.UTF8.GetBytes("opcua-secret");
 
         /// <summary>
         /// Creates the encrypting key and initialization vector (IV) for Elliptic Curve Cryptography (ECC) encryption or decryption.
         /// </summary>
-        /// <param name="securityPolicyUri">The security policy URI.</param>
-        /// <param name="senderNonce">The sender nonce.</param>
-        /// <param name="receiverNonce">The receiver nonce.</param>
-        /// <param name="forDecryption">if set to <c>true</c>, creates the keys for decryption; otherwise, creates the keys for encryption.</param>
-        /// <param name="encryptingKey">The encrypting key.</param>
-        /// <param name="iv">The initialization vector (IV).</param>
         private static void CreateKeysForEcc(
-            string securityPolicyUri,
-            Nonce senderNonce,
-            Nonce receiverNonce,
+            SecurityPolicyInfo securityPolicy,
+            Nonce localNonce,
+            Nonce remoteNonce,
             bool forDecryption,
             out byte[] encryptingKey,
             out byte[] iv)
         {
-            int encryptingKeySize;
-            int blockSize;
-            HashAlgorithmName algorithmName;
-
-            switch (securityPolicyUri)
-            {
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                    blockSize = 16;
-                    encryptingKeySize = 16;
-                    algorithmName = HashAlgorithmName.SHA256;
-                    break;
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    encryptingKeySize = 32;
-                    blockSize = 16;
-                    algorithmName = HashAlgorithmName.SHA384;
-                    break;
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                    encryptingKeySize = 32;
-                    blockSize = 12;
-                    algorithmName = HashAlgorithmName.SHA256;
-                    break;
-                default:
-                    encryptingKeySize = 32;
-                    blockSize = 16;
-                    algorithmName = HashAlgorithmName.SHA256;
-                    break;
-            }
+            int encryptingKeySize = securityPolicy.SymmetricEncryptionKeyLength;
+            int blockSize = securityPolicy.InitializationVectorLength;
 
             encryptingKey = new byte[encryptingKeySize];
             iv = new byte[blockSize];
 
+            byte[] secret = localNonce.GenerateSecret(remoteNonce, null);
             byte[] keyLength = BitConverter.GetBytes((ushort)(encryptingKeySize + blockSize));
-            byte[] salt = Utils.Append(keyLength, s_label, senderNonce.Data, receiverNonce.Data);
+
+            byte[] salt = (forDecryption) ?
+                Utils.Append(keyLength, s_secretLabel, remoteNonce.Data, localNonce.Data) :
+                Utils.Append(keyLength, s_secretLabel, localNonce.Data, remoteNonce.Data);
+
+            System.Console.WriteLine(
+                $"LOCAL={Utils.ToHexString(localNonce.Data).Substring(0, 8)} " +
+                $"REMOTE={Utils.ToHexString(remoteNonce.Data).Substring(0, 8)} " +
+                $"SALT={Utils.ToHexString(salt).Substring(0, 8)} ");
 
             byte[] keyData;
+
             if (forDecryption)
             {
-                keyData = receiverNonce.DeriveKey(
-                    senderNonce,
+                keyData = remoteNonce.DeriveKey(
+                    secret,
                     salt,
-                    algorithmName,
+                    securityPolicy.KeyDerivationAlgorithm,
                     encryptingKeySize + blockSize);
             }
             else
             {
-                keyData = senderNonce.DeriveKey(
-                    receiverNonce,
+                keyData = localNonce.DeriveKey(
+                    secret,
                     salt,
-                    algorithmName,
+                    securityPolicy.KeyDerivationAlgorithm,
                     encryptingKeySize + blockSize);
             }
 
@@ -443,7 +168,7 @@ public byte[] Encrypt(byte[] secret, byte[] nonce)
             byte[] message = null;
             int lengthPosition = 0;
 
-            int signatureLength = EccUtils.GetSignatureLength(SenderCertificate);
+            int signatureLength = CryptoUtils.GetSignatureLength(SenderCertificate);
 
             using (var encoder = new BinaryEncoder(Context))
             {
@@ -454,7 +179,7 @@ public byte[] Encrypt(byte[] secret, byte[] nonce)
                 lengthPosition = encoder.Position;
                 encoder.WriteUInt32(null, 0);
 
-                encoder.WriteString(null, SecurityPolicyUri);
+                encoder.WriteString(null, SecurityPolicy.Uri);
 
                 byte[] senderCertificate = null;
 
@@ -498,24 +223,32 @@ public byte[] Encrypt(byte[] secret, byte[] nonce)
                 encoder.WriteByteString(null, receiverNonce);
 
                 // create keys.
-                if (EccUtils.IsEccPolicy(SecurityPolicyUri))
-                {
-                    CreateKeysForEcc(
-                        SecurityPolicyUri,
-                        SenderNonce,
-                        ReceiverNonce,
-                        false,
-                        out encryptingKey,
-                        out iv);
-                }
-
-                // encrypt  secret,
-                byte[] encryptedData = EncryptSecret(secret, nonce, encryptingKey, iv);
+                CreateKeysForEcc(
+                    SecurityPolicy,
+                    SenderNonce,
+                    ReceiverNonce,
+                    false,
+                    out encryptingKey,
+                    out iv);
+
+                // reserves space for padding and tag that is added by SymmetricEncryptAndSign.
+                var dataToEncrypt = new byte[4096];
+                using var stream = new MemoryStream(dataToEncrypt);
+                using var secretEncoder = new BinaryEncoder(stream, Context, false);
+
+                secretEncoder.WriteByteString(null, nonce);
+                secretEncoder.WriteByteString(null, secret);
+
+                var encryptedData = CryptoUtils.SymmetricEncryptAndSign(
+                    new ArraySegment<byte>(dataToEncrypt, 0, secretEncoder.Position),
+                    SecurityPolicy,
+                    encryptingKey,
+                    iv);
 
                 // append encrypted secret.
-                for (int ii = 0; ii < encryptedData.Length; ii++)
+                for (int ii = encryptedData.Offset; ii < encryptedData.Offset + encryptedData.Count; ii++)
                 {
-                    encoder.WriteByte(null, encryptedData[ii]);
+                    encoder.WriteByte(null, encryptedData.Array[ii]);
                 }
 
                 // save space for signature.
@@ -534,27 +267,16 @@ public byte[] Encrypt(byte[] secret, byte[] nonce)
             message[lengthPosition++] = (byte)((length & 0xFF0000) >> 16);
             message[lengthPosition++] = (byte)((length & 0xFF000000) >> 24);
 
-            // get the algorithm used for the signature.
-            HashAlgorithmName signatureAlgorithm;
-            switch (SecurityPolicyUri)
-            {
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    signatureAlgorithm = HashAlgorithmName.SHA384;
-                    break;
-                default:
-                    signatureAlgorithm = HashAlgorithmName.SHA256;
-                    break;
-            }
-
             var dataToSign = new ArraySegment<byte>(message, 0, message.Length - signatureLength);
-            byte[] signature = EccUtils.Sign(dataToSign, SenderCertificate, signatureAlgorithm);
+            byte[] signature = CryptoUtils.Sign(dataToSign, SenderCertificate, SecurityPolicy.AsymmetricSignatureAlgorithm);
+
             Buffer.BlockCopy(
                 signature,
                 0,
                 message,
                 message.Length - signatureLength,
                 signatureLength);
+
             return message;
         }
 
@@ -595,27 +317,13 @@ private ArraySegment<byte> VerifyHeaderForEcc(
             // get the start of data.
             int startOfData = decoder.Position + dataToDecrypt.Offset;
 
-            SecurityPolicyUri = decoder.ReadString(null);
+            SecurityPolicy = SecurityPolicies.GetInfo(decoder.ReadString(null));
 
-            if (!EccUtils.IsEccPolicy(SecurityPolicyUri))
+            if (SecurityPolicy.CertificateKeyFamily != CertificateKeyFamily.ECC)
             {
                 throw new ServiceResultException(StatusCodes.BadSecurityPolicyRejected);
             }
 
-            // get the algorithm used for the signature.
-            HashAlgorithmName signatureAlgorithm;
-
-            switch (SecurityPolicyUri)
-            {
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    signatureAlgorithm = HashAlgorithmName.SHA384;
-                    break;
-                default:
-                    signatureAlgorithm = HashAlgorithmName.SHA256;
-                    break;
-            }
-
             // extract the send certificate and any chain.
             byte[] senderCertificate = decoder.ReadByteString(null);
 
@@ -673,7 +381,7 @@ private ArraySegment<byte> VerifyHeaderForEcc(
 
             int startOfEncryption = decoder.Position;
 
-            SenderNonce = Nonce.CreateNonce(SecurityPolicyUri, senderPublicKey);
+            SenderNonce = Nonce.CreateNonce(SecurityPolicy, senderPublicKey);
 
             if (!Utils.IsEqual(receiverPublicKey, ReceiverNonce.Data))
             {
@@ -683,7 +391,7 @@ private ArraySegment<byte> VerifyHeaderForEcc(
             }
 
             // check the signature.
-            int signatureLength = EccUtils.GetSignatureLength(SenderCertificate);
+            int signatureLength = CryptoUtils.GetSignatureLength(SenderCertificate);
 
             if (signatureLength >= length)
             {
@@ -703,7 +411,7 @@ private ArraySegment<byte> VerifyHeaderForEcc(
                 0,
                 startOfData + (int)length - signatureLength);
 
-            if (!EccUtils.Verify(dataToSign, signature, SenderCertificate, signatureAlgorithm))
+            if (!CryptoUtils.Verify(dataToSign, signature, SenderCertificate, SecurityPolicy.AsymmetricSignatureAlgorithm))
             {
                 throw new ServiceResultException(
                     StatusCodes.BadSecurityChecksFailed,
@@ -742,17 +450,19 @@ public byte[] Decrypt(
                 telemetry);
 
             CreateKeysForEcc(
-                SecurityPolicyUri,
-                SenderNonce,
+                SecurityPolicy,
                 ReceiverNonce,
+                SenderNonce,
                 true,
                 out byte[] encryptingKey,
                 out byte[] iv);
 
-            ArraySegment<byte> plainText = DecryptSecret(
-                dataToDecrypt.Array,
-                dataToDecrypt.Offset,
-                dataToDecrypt.Count,
+            byte[] bytes = new byte[dataToDecrypt.Count];
+            Buffer.BlockCopy(dataToDecrypt.Array, dataToDecrypt.Offset, bytes, 0, dataToDecrypt.Count);
+
+            ArraySegment<byte> plainText = CryptoUtils.SymmetricDecryptAndVerify(
+                new ArraySegment<byte>(bytes),
+                SecurityPolicy,
                 encryptingKey,
                 iv);
 
@@ -761,6 +471,7 @@ public byte[] Decrypt(
                 plainText.Offset,
                 plainText.Count,
                 Context);
+
             byte[] actualNonce = decoder.ReadByteString(null);
 
             if (expectedNonce != null && expectedNonce.Length > 0)
@@ -781,4 +492,4 @@ public byte[] Decrypt(
             return decoder.ReadByteString(null);
         }
     }
-}
\ No newline at end of file
+}
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs b/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs
index 4cbbd64b57..0ce941cc9b 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs
@@ -50,80 +50,69 @@ private Nonce()
         /// </summary>
         public byte[] Data { get; private set; }
 
+        internal byte[] GenerateSecret(
+            Nonce remoteNonce,
+            byte[] previousSecret)
+        {
+            byte[] ikm = null;
+
+#if NET8_0_OR_GREATER
+#if xDEBUG
+            Span<char> privateKey = stackalloc char[2048];
+
+            if (m_ecdh.TryExportECPrivateKeyPem(privateKey, out int charsWritten))
+            {
+                Console.WriteLine($"Private Key PEM ({charsWritten} chars):");
+            }
+#endif
+
+            ikm = m_ecdh.DeriveRawSecretAgreement(remoteNonce.m_ecdh.PublicKey);
+
+            if (previousSecret != null)
+            {
+                for (int ii = 0; ii < ikm.Length && ii < previousSecret.Length; ii++)
+                {
+                    ikm[ii] ^= previousSecret[ii];
+                }
+            }
+#endif
+            return ikm;
+        }
+
         /// <summary>
         /// Derives a key from the remote nonce, using the specified salt, hash algorithm, and length.
         /// </summary>
-        /// <param name="remoteNonce">The remote nonce to use in key derivation.</param>
+        /// <param name="secret">The secret to use in key derivation.</param>
         /// <param name="salt">The salt to use in key derivation.</param>
         /// <param name="algorithm">The hash algorithm to use in key derivation.</param>
         /// <param name="length">The length of the derived key.</param>
         /// <returns>The derived key.</returns>
         public byte[] DeriveKey(
-            Nonce remoteNonce,
+            byte[] secret,
             byte[] salt,
-            HashAlgorithmName algorithm,
+            KeyDerivationAlgorithm algorithm,
             int length)
         {
-#if CURVE25519
-            if (m_bcKeyPair != null)
+            if (m_ecdh != null)
             {
-                var localPublicKey = m_bcKeyPair.Public;
-
-                if (localPublicKey is X25519PublicKeyParameters)
+                HMAC hmac = algorithm switch
                 {
-                    X25519Agreement agreement = new X25519Agreement();
-                    agreement.Init(m_bcKeyPair.Private);
-
-                    var key = new X25519PublicKeyParameters(remoteNonce.Data, 0);
-                    byte[] secret = new byte[agreement.AgreementSize];
-                    agreement.CalculateAgreement(key, secret, 0);
-
-                    HkdfBytesGenerator generator = new HkdfBytesGenerator(new Sha256Digest());
-                    generator.Init(new HkdfParameters(secret, salt, salt));
-
-                    byte[] output = new byte[length];
-                    generator.GenerateBytes(output, 0, output.Length);
-                    return output;
-                }
-
-                if (localPublicKey is X448PublicKeyParameters)
-                {
-                    X448Agreement agreement = new X448Agreement();
-                    agreement.Init(m_bcKeyPair.Private);
-
-                    var key = new X448PublicKeyParameters(remoteNonce.Data, 0);
-                    byte[] secret = new byte[agreement.AgreementSize];
-                    agreement.CalculateAgreement(key, secret, 0);
-
-                    HkdfBytesGenerator generator = new HkdfBytesGenerator(new Sha256Digest());
-                    generator.Init(new HkdfParameters(secret, salt, salt));
+                    KeyDerivationAlgorithm.HKDFSha256 => new HMACSHA256(salt),
+                    KeyDerivationAlgorithm.HKDFSha384 => new HMACSHA384(salt),
+                    _ => new HMACSHA256(salt)
+                };
 
-                    byte[] output = new byte[length];
-                    generator.GenerateBytes(output, 0, output.Length);
-                    return output;
-                }
+                //byte[] secret2 = m_ecdh.DeriveKeyFromHmac(
+                //    remoteNonce.m_ecdh.PublicKey,
+                //    algorithm,
+                //    salt,
+                //    null,
+                //    null);
 
-                throw new NotSupportedException();
-            }
-#endif
-            if (m_ecdh != null)
-            {
-                byte[] secret = m_ecdh.DeriveKeyFromHmac(
-                    remoteNonce.m_ecdh.PublicKey,
-                    algorithm,
-                    salt,
-                    null,
-                    null);
+                //System.Console.WriteLine($"PRK2={Utils.ToHexString(secret2).Substring(0, 8)}");
 
                 byte[] output = new byte[length];
 
-                HMAC hmac = algorithm.Name switch
-                {
-                    "SHA256" => new HMACSHA256(secret),
-                    "SHA384" => new HMACSHA384(secret),
-                    _ => new HMACSHA256(secret)
-                };
-
                 byte counter = 1;
 
                 byte[] info = new byte[(hmac.HashSize / 8) + salt.Length + 1];
@@ -162,50 +151,45 @@ public byte[] DeriveKey(
         /// <summary>
         /// Creates a nonce for the specified security policy URI and nonce length.
         /// </summary>
-        /// <param name="securityPolicyUri">The security policy URI.</param>
-        /// <returns>A <see cref="Nonce"/> object containing the generated nonce.</returns>
-        /// <exception cref="ArgumentNullException"><paramref name="securityPolicyUri"/> is <c>null</c>.</exception>
         public static Nonce CreateNonce(string securityPolicyUri)
         {
-            if (securityPolicyUri == null)
+            var info = SecurityPolicies.GetInfo(securityPolicyUri);
+            return CreateNonce(info);
+        }
+
+        /// <summary>
+        /// Creates a nonce for the specified security policy and nonce length.
+        /// </summary>
+        public static Nonce CreateNonce(SecurityPolicyInfo securityPolicy)
+        {
+            if (securityPolicy == null)
             {
-                throw new ArgumentNullException(nameof(securityPolicyUri));
+                throw new ArgumentNullException(nameof(securityPolicy));
             }
 
-            switch (securityPolicyUri)
+            switch (securityPolicy.CertificateKeyAlgorithm)
             {
-                case SecurityPolicies.ECC_nistP256:
+                case CertificateKeyAlgorithm.NistP256:
                     return CreateNonce(ECCurve.NamedCurves.nistP256);
-                case SecurityPolicies.ECC_nistP384:
+                case CertificateKeyAlgorithm.NistP384:
                     return CreateNonce(ECCurve.NamedCurves.nistP384);
-                case SecurityPolicies.ECC_brainpoolP256r1:
+                case CertificateKeyAlgorithm.BrainpoolP256r1:
                     return CreateNonce(ECCurve.NamedCurves.brainpoolP256r1);
-                case SecurityPolicies.ECC_brainpoolP384r1:
+                case CertificateKeyAlgorithm.BrainpoolP384r1:
                     return CreateNonce(ECCurve.NamedCurves.brainpoolP384r1);
-#if CURVE25519
-                case SecurityPolicies.ECC_curve25519:
-                    return CreateNonceForCurve25519();
-                case SecurityPolicies.ECC_curve448:
-                    return CreateNonceForCurve448();
-#endif
                 default:
-                    uint rsaNonceLength = GetNonceLength(securityPolicyUri);
-                    return new Nonce { Data = CreateRandomNonceData(rsaNonceLength) };
+                    return new Nonce { Data = CreateRandomNonceData(securityPolicy.SecureChannelNonceLength) };
             }
         }
 
         /// <summary>
         /// Creates a new Nonce object for the specified security policy URI and nonce data.
         /// </summary>
-        /// <param name="securityPolicyUri">The security policy URI.</param>
-        /// <param name="nonceData">The nonce data.</param>
-        /// <returns>A new Nonce object.</returns>
-        /// <exception cref="ArgumentNullException"><paramref name="securityPolicyUri"/> is <c>null</c>.</exception>
-        public static Nonce CreateNonce(string securityPolicyUri, byte[] nonceData)
+        public static Nonce CreateNonce(SecurityPolicyInfo securityPolicy, byte[] nonceData)
         {
-            if (securityPolicyUri == null)
+            if (securityPolicy == null)
             {
-                throw new ArgumentNullException(nameof(securityPolicyUri));
+                throw new ArgumentNullException(nameof(securityPolicy));
             }
 
             if (nonceData == null)
@@ -215,19 +199,19 @@ public static Nonce CreateNonce(string securityPolicyUri, byte[] nonceData)
 
             var nonce = new Nonce { Data = nonceData };
 
-            switch (securityPolicyUri)
+            switch (securityPolicy.CertificateKeyAlgorithm)
             {
-                case SecurityPolicies.ECC_nistP256:
+                case CertificateKeyAlgorithm.NistP256:
                     return CreateNonce(ECCurve.NamedCurves.nistP256, nonceData);
-                case SecurityPolicies.ECC_nistP384:
+                case CertificateKeyAlgorithm.NistP384:
                     return CreateNonce(ECCurve.NamedCurves.nistP384, nonceData);
-                case SecurityPolicies.ECC_brainpoolP256r1:
+                case CertificateKeyAlgorithm.BrainpoolP256r1:
                     return CreateNonce(ECCurve.NamedCurves.brainpoolP256r1, nonceData);
-                case SecurityPolicies.ECC_brainpoolP384r1:
+                case CertificateKeyAlgorithm.BrainpoolP384r1:
                     return CreateNonce(ECCurve.NamedCurves.brainpoolP384r1, nonceData);
-                case SecurityPolicies.ECC_curve25519:
+                case CertificateKeyAlgorithm.Curve25519:
                     return CreateNonceForCurve25519(nonceData);
-                case SecurityPolicies.ECC_curve448:
+                case CertificateKeyAlgorithm.Curve448:
                     return CreateNonceForCurve448(nonceData);
                 default:
                     return nonce;
@@ -238,7 +222,7 @@ public static Nonce CreateNonce(string securityPolicyUri, byte[] nonceData)
         /// Generates a Nonce for cryptographic functions of a given length.
         /// </summary>
         /// <returns>The requested Nonce as a</returns>
-        public static byte[] CreateRandomNonceData(uint length)
+        public static byte[] CreateRandomNonceData(int length)
         {
             byte[] randomBytes = new byte[length];
             s_rng.GetBytes(randomBytes);
@@ -251,9 +235,9 @@ public static byte[] CreateRandomNonceData(uint length)
         public static bool ValidateNonce(
             byte[] nonce,
             MessageSecurityMode securityMode,
-            string securityPolicyUri)
+            SecurityPolicyInfo securityPolicy)
         {
-            return ValidateNonce(nonce, securityMode, GetNonceLength(securityPolicyUri));
+            return ValidateNonce(nonce, securityMode, securityPolicy.SecureChannelNonceLength);
         }
 
         /// <summary>
@@ -262,7 +246,7 @@ public static bool ValidateNonce(
         public static bool ValidateNonce(
             byte[] nonce,
             MessageSecurityMode securityMode,
-            uint minNonceLength)
+            int minNonceLength)
         {
             // no nonce needed for no security.
             if (securityMode == MessageSecurityMode.None)
@@ -288,36 +272,6 @@ public static bool ValidateNonce(
             return false;
         }
 
-        /// <summary>
-        /// Returns the length of the symmetric encryption key for a security policy.
-        /// </summary>
-        public static uint GetNonceLength(string securityPolicyUri)
-        {
-            switch (securityPolicyUri)
-            {
-                case SecurityPolicies.Basic256:
-                case SecurityPolicies.Basic256Sha256:
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
-                case SecurityPolicies.ECC_curve25519:
-                    return 32;
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                    // Q.X + Q.Y = 32 + 32 = 64
-                    return 64;
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    // Q.X + Q.Y = 48 + 48 = 96
-                    return 96;
-                case SecurityPolicies.ECC_curve448:
-                    // Q.X
-                    return 56;
-                default:
-                    // Minimum nonce length by default
-                    return s_minNonceLength;
-            }
-        }
-
         /// <summary>
         /// Compare Nonce for equality.
         /// </summary>
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/X509Utils.cs b/Stack/Opc.Ua.Core/Security/Certificates/X509Utils.cs
index 0b715fa2f8..c3459d09f0 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/X509Utils.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/X509Utils.cs
@@ -606,7 +606,7 @@ public static bool IsECDsaSignature(X509Certificate2 cert)
         /// <param name="certificate">The certificate.</param>
         public static string GetECDsaQualifier(X509Certificate2 certificate)
         {
-            return EccUtils.GetECDsaQualifier(certificate);
+            return CryptoUtils.GetECDsaQualifier(certificate);
         }
 
         /// <summary>
diff --git a/Stack/Opc.Ua.Core/Security/Constants/AdditionalParameterNames.cs b/Stack/Opc.Ua.Core/Security/Constants/AdditionalParameterNames.cs
new file mode 100644
index 0000000000..c939d8b92b
--- /dev/null
+++ b/Stack/Opc.Ua.Core/Security/Constants/AdditionalParameterNames.cs
@@ -0,0 +1,34 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Opc.Ua
+{
+    /// <summary>
+    /// The names of additional parameters used in security-related operations.
+    /// </summary>
+    public static class AdditionalParameterNames
+    {
+        /// <summary>
+        /// The algorith to use for the ephemeral key used to encrypt user identity tokens.
+        /// </summary>
+        public const string ECDHPolicyUri = "ECDHPolicyUri";
+
+        /// <summary>
+        /// An ephemeral key used to encrypt user identity tokens.
+        /// </summary>
+        public const string ECDHKey = "ECDHKey";
+
+        /// <summary>
+        /// Padding bytes added to randomize the length of messages.
+        /// </summary>
+        public const string Padding = "Padding";
+
+        /// <summary>
+        /// A token used to authenticate a transfer of a session to a new secure channel.
+        /// </summary>
+        public const string SessionTransferToken = "SessionTransferToken";
+    }
+}
diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
index a2920d6e80..7fac64d318 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
@@ -66,36 +66,106 @@ public static class SecurityPolicies
         /// </summary>
         public const string Aes256_Sha256_RsaPss = BaseUri + "Aes256_Sha256_RsaPss";
 
+        /// <summary>
+        /// The URI for the RSA_DH_AES_GCM security policy.
+        /// </summary>
+        public const string RSA_DH_AES_GCM = BaseUri + "RSA_DH_AES_GCM";
+
+        /// <summary>
+        /// The URI for the RSA_DH_ChaChaPoly security policy.
+        /// </summary>
+        public const string RSA_DH_ChaChaPoly = BaseUri + "RSA_DH_ChaChaPoly";
+
         /// <summary>
         /// The URI for the ECC_nistP256 security policy.
         /// </summary>
         public const string ECC_nistP256 = BaseUri + "ECC_nistP256";
 
+        /// <summary>
+        /// The URI for the ECC_nistP256 security policy with AES-GCM.
+        /// </summary>
+        public const string ECC_nistP256_AES = ECC_nistP256 + "_AES";
+
+        /// <summary>
+        /// The URI for the ECC_nistP256 security policy with ChaCha20Poly1305.
+        /// </summary>
+        public const string ECC_nistP256_ChaChaPoly = ECC_nistP256 + "_ChaChaPoly";
+
         /// <summary>
         /// The URI for the ECC_nistP384 security policy.
         /// </summary>
         public const string ECC_nistP384 = BaseUri + "ECC_nistP384";
 
+        /// <summary>
+        /// The URI for the ECC_nistP384 security policy with AES-GCM.
+        /// </summary>
+        public const string ECC_nistP384_AES = ECC_nistP384 + "_AES";
+
+        /// <summary>
+        /// The URI for the ECC_nistP384 security policy with ChaCha20Poly1305.
+        /// </summary>
+        public const string ECC_nistP384_ChaChaPoly = ECC_nistP384 + "_ChaChaPoly";
+
         /// <summary>
         /// The URI for the ECC_brainpoolP256r1 security policy.
         /// </summary>
         public const string ECC_brainpoolP256r1 = BaseUri + "ECC_brainpoolP256r1";
 
+        /// <summary>
+        /// The URI for the ECC_brainpoolP256r1 security policy with AES-GCM.
+        /// </summary>
+        public const string ECC_brainpoolP256r1_AES = ECC_brainpoolP256r1 + "_AES";
+
+        /// <summary>
+        /// The URI for the ECC_brainpoolP256r1 security policy with ChaCha20Poly1305.
+        /// </summary>
+        public const string ECC_brainpoolP256r1_ChaChaPoly = ECC_brainpoolP256r1 + "_ChaChaPoly";
+
         /// <summary>
         /// The URI for the ECC_brainpoolP384r1 security policy.
         /// </summary>
         public const string ECC_brainpoolP384r1 = BaseUri + "ECC_brainpoolP384r1";
 
+        /// <summary>
+        /// The URI for the ECC_brainpoolP384r1 security policy with AES-GCM.
+        /// </summary>
+        public const string ECC_brainpoolP384r1_AES = ECC_brainpoolP384r1 + "_AES";
+
+        /// <summary>
+        /// The URI for the ECC_brainpoolP384r1 security policy with ChaCha20Poly1305.
+        /// </summary>
+        public const string ECC_brainpoolP384r1_ChaChaPoly = ECC_brainpoolP384r1 + "_ChaChaPoly";
+
         /// <summary>
         /// The URI for the ECC_curve25519 security policy.
         /// </summary>
         public const string ECC_curve25519 = BaseUri + "ECC_curve25519";
 
         /// <summary>
-        /// The URI for the ECC_curve448 security policy.
+        /// The URI for the ECC_curve25519 security policy with AES-GCM.
+        /// </summary>
+        public const string ECC_curve25519_AES = ECC_curve25519 + "_AES";
+
+        /// <summary>
+        /// The URI for the ECC_curve25519 security policy with ChaCha20Poly1305.
+        /// </summary>
+        public const string ECC_curve25519_ChaChaPoly = ECC_curve25519 + "_ChaChaPoly";
+
+        /// <summary>
+        /// The URI for the ECC_curve448 deprecated security policy.
         /// </summary>
         public const string ECC_curve448 = BaseUri + "ECC_curve448";
 
+        /// <summary>
+        /// The URI for the ECC_curve448 security policy with AES-GCM.
+        /// </summary>
+        public const string ECC_curve448_AES = ECC_curve448 + "_AES";
+
+        /// <summary>
+        /// The URI for the ECC_curve448 security policy with ChaCha20Poly1305.
+        /// </summary>
+        public const string ECC_curve448_ChaChaPoly = ECC_curve448 + "_ChaChaPoly";
+
         /// <summary>
         /// The URI for the Https security policy.
         /// </summary>
@@ -114,7 +184,9 @@ private static bool IsPlatformSupportedName(string name)
                 name.Equals(nameof(Basic256), StringComparison.Ordinal) ||
                 name.Equals(nameof(Basic128Rsa15), StringComparison.Ordinal) ||
                 name.Equals(nameof(Basic256Sha256), StringComparison.Ordinal) ||
-                name.Equals(nameof(Aes128_Sha256_RsaOaep), StringComparison.Ordinal))
+                name.Equals(nameof(Aes128_Sha256_RsaOaep), StringComparison.Ordinal) ||
+                name.Equals(nameof(RSA_DH_AES_GCM), StringComparison.Ordinal) ||
+                name.Equals(nameof(RSA_DH_ChaChaPoly), StringComparison.Ordinal))
             {
                 return true;
             }
@@ -124,29 +196,41 @@ private static bool IsPlatformSupportedName(string name)
             {
                 return true;
             }
-            if (name.Equals(nameof(ECC_nistP256), StringComparison.Ordinal))
+            if (name.Equals(nameof(ECC_nistP256), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_nistP256_AES), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_nistP256_ChaChaPoly), StringComparison.Ordinal))
             {
                 return Utils.IsSupportedCertificateType(
                     ObjectTypeIds.EccNistP256ApplicationCertificateType);
             }
-            if (name.Equals(nameof(ECC_nistP384), StringComparison.Ordinal))
+            if (name.Equals(nameof(ECC_nistP384), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_nistP384_AES), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_nistP384_ChaChaPoly), StringComparison.Ordinal))
             {
                 return Utils.IsSupportedCertificateType(
                     ObjectTypeIds.EccNistP384ApplicationCertificateType);
             }
-            if (name.Equals(nameof(ECC_brainpoolP256r1), StringComparison.Ordinal))
+            if (name.Equals(nameof(ECC_brainpoolP256r1), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_brainpoolP256r1_AES), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_brainpoolP256r1_ChaChaPoly), StringComparison.Ordinal))
             {
                 return Utils.IsSupportedCertificateType(
                     ObjectTypeIds.EccBrainpoolP256r1ApplicationCertificateType);
             }
-            if (name.Equals(nameof(ECC_brainpoolP384r1), StringComparison.Ordinal))
+            if (name.Equals(nameof(ECC_brainpoolP384r1), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_brainpoolP384r1_AES), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_brainpoolP384r1_ChaChaPoly), StringComparison.Ordinal))
             {
                 return Utils.IsSupportedCertificateType(
                     ObjectTypeIds.EccBrainpoolP384r1ApplicationCertificateType);
             }
 
             if (name.Equals(nameof(ECC_curve25519), StringComparison.Ordinal) ||
-                name.Equals(nameof(ECC_curve448), StringComparison.Ordinal))
+                name.Equals(nameof(ECC_curve25519_AES), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_curve25519_ChaChaPoly), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_curve448), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_curve448_AES), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_curve448_ChaChaPoly), StringComparison.Ordinal))
             {
 #if CURVE25519
                 return true;
@@ -161,6 +245,11 @@ private static bool IsPlatformSupportedName(string name)
         /// </summary>
         public static SecurityPolicyInfo GetInfo(string securityPolicyUri)
         {
+            if (String.IsNullOrEmpty(securityPolicyUri))
+            {
+                return SecurityPolicyInfo.None;
+            }
+
             // Try full URI lookup first (e.g., "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256")
             if (s_securityPolicyUriToInfo.Value.TryGetValue(securityPolicyUri, out SecurityPolicyInfo info) &&
                 IsPlatformSupportedName(info.Name))
@@ -315,65 +404,65 @@ public static EncryptedData Encrypt(
             ReadOnlySpan<byte> plainText,
             ILogger logger)
         {
-            var encryptedData = new EncryptedData
-            {
-                Algorithm = null,
-                Data = plainText.IsEmpty ? null : plainText.ToArray()
-            };
+            var encryptedData = new EncryptedData { Algorithm = null };
 
             // check if nothing to do.
-            if (plainText.IsEmpty)
+            if (plainText.Length == 0 || String.IsNullOrEmpty(securityPolicyUri))
             {
+                encryptedData.Data = plainText.ToArray();
                 return encryptedData;
             }
 
-            // nothing more to do if no encryption.
-            if (string.IsNullOrEmpty(securityPolicyUri))
+            // get the info object.
+            var info = GetInfo(securityPolicyUri);
+
+            // unsupported policy.
+            if (info == null)
             {
-                return encryptedData;
+                throw ServiceResultException.Create(
+                    StatusCodes.BadSecurityPolicyRejected,
+                    "Unsupported security policy: {0}",
+                    securityPolicyUri);
             }
 
-            // encrypt data.
-            switch (securityPolicyUri)
+            // check if asymmetric encryption is possible.
+            if (info.AsymmetricEncryptionAlgorithm != AsymmetricEncryptionAlgorithm.None)
             {
-                case Basic256:
-                case Basic256Sha256:
-                case Aes128_Sha256_RsaOaep:
-                    encryptedData.Algorithm = SecurityAlgorithms.RsaOaep;
-                    encryptedData.Data = RsaUtils.Encrypt(
-                        plainText,
-                        certificate,
-                        RsaUtils.Padding.OaepSHA1,
-                        logger);
-                    break;
-                case Basic128Rsa15:
-                    encryptedData.Algorithm = SecurityAlgorithms.Rsa15;
-                    encryptedData.Data = RsaUtils.Encrypt(
-                        plainText,
-                        certificate,
-                        RsaUtils.Padding.Pkcs1,
-                        logger);
-                    break;
-                case Aes256_Sha256_RsaPss:
-                    encryptedData.Algorithm = SecurityAlgorithms.RsaOaepSha256;
-                    encryptedData.Data = RsaUtils.Encrypt(
-                        plainText,
-                        certificate,
-                        RsaUtils.Padding.OaepSHA256,
-                        logger);
-                    break;
-                case ECC_nistP256:
-                case ECC_nistP384:
-                case ECC_brainpoolP256r1:
-                case ECC_brainpoolP384r1:
-                    return encryptedData;
-                case None:
-                    break;
-                default:
-                    throw ServiceResultException.Create(
-                        StatusCodes.BadSecurityPolicyRejected,
-                        "Unsupported security policy: {0}",
-                        securityPolicyUri);
+                switch (info.AsymmetricEncryptionAlgorithm)
+                {
+                    case AsymmetricEncryptionAlgorithm.RsaOaepSha1:
+                    {
+                        encryptedData.Algorithm = SecurityAlgorithms.RsaOaep;
+                        encryptedData.Data = RsaUtils.Encrypt(
+                            plainText,
+                            certificate,
+                            RsaUtils.Padding.OaepSHA1,
+                            logger);
+                        break;
+                    }
+
+                    case AsymmetricEncryptionAlgorithm.RsaPkcs15Sha1:
+                    {
+                        encryptedData.Algorithm = SecurityAlgorithms.Rsa15;
+                        encryptedData.Data = RsaUtils.Encrypt(
+                            plainText,
+                            certificate,
+                            RsaUtils.Padding.Pkcs1,
+                            logger);
+                        break;
+                    }
+
+                    case AsymmetricEncryptionAlgorithm.RsaOaepSha256:
+                    {
+                        encryptedData.Algorithm = SecurityAlgorithms.RsaOaepSha256;
+                        encryptedData.Data = RsaUtils.Encrypt(
+                            plainText,
+                            certificate,
+                            RsaUtils.Padding.OaepSHA256,
+                            logger);
+                        break;
+                    }
+                }
             }
 
             return encryptedData;
@@ -401,56 +490,68 @@ public static byte[] Decrypt(
                 return dataToDecrypt.Data;
             }
 
-            // decrypt data.
-            switch (securityPolicyUri)
+            // get the info object.
+            var info = GetInfo(securityPolicyUri);
+
+            // unsupported policy.
+            if (info == null)
             {
-                case Basic256:
-                case Basic256Sha256:
-                case Aes128_Sha256_RsaOaep:
-                    if (dataToDecrypt.Algorithm == SecurityAlgorithms.RsaOaep)
-                    {
-                        return RsaUtils.Decrypt(
-                            new ArraySegment<byte>(dataToDecrypt.Data),
-                            certificate,
-                            RsaUtils.Padding.OaepSHA1,
-                            logger);
-                    }
-                    break;
-                case Basic128Rsa15:
-                    if (dataToDecrypt.Algorithm == SecurityAlgorithms.Rsa15)
+                throw ServiceResultException.Create(
+                    StatusCodes.BadSecurityPolicyRejected,
+                    "Unsupported security policy: {0}",
+                    securityPolicyUri);
+            }
+
+            // check if asymmetric encryption is possible.
+            if (info.AsymmetricEncryptionAlgorithm != AsymmetricEncryptionAlgorithm.None)
+            {
+                switch (info.AsymmetricEncryptionAlgorithm)
+                {
+                    case AsymmetricEncryptionAlgorithm.RsaOaepSha1:
                     {
-                        return RsaUtils.Decrypt(
-                            new ArraySegment<byte>(dataToDecrypt.Data),
-                            certificate,
-                            RsaUtils.Padding.Pkcs1,
-                            logger);
+                        if (dataToDecrypt.Algorithm == SecurityAlgorithms.RsaOaep)
+                        {
+                            return RsaUtils.Decrypt(
+                                new ArraySegment<byte>(dataToDecrypt.Data),
+                                certificate,
+                                RsaUtils.Padding.OaepSHA1,
+                                logger);
+                        }
+                        break;
                     }
-                    break;
-                case Aes256_Sha256_RsaPss:
-                    if (dataToDecrypt.Algorithm == SecurityAlgorithms.RsaOaepSha256)
+
+                    case AsymmetricEncryptionAlgorithm.RsaPkcs15Sha1:
                     {
-                        return RsaUtils.Decrypt(
-                            new ArraySegment<byte>(dataToDecrypt.Data),
-                            certificate,
-                            RsaUtils.Padding.OaepSHA256,
-                            logger);
+                        if (dataToDecrypt.Algorithm == SecurityAlgorithms.Rsa15)
+                        {
+                            return RsaUtils.Decrypt(
+                                new ArraySegment<byte>(dataToDecrypt.Data),
+                                certificate,
+                                RsaUtils.Padding.Pkcs1,
+                                logger);
+                        }
+                        break;
                     }
-                    break;
-                case ECC_nistP256:
-                case ECC_nistP384:
-                case ECC_brainpoolP256r1:
-                case ECC_brainpoolP384r1:
-                case None:
-                    if (string.IsNullOrEmpty(dataToDecrypt.Algorithm))
+
+                    default:
+                    case AsymmetricEncryptionAlgorithm.RsaOaepSha256:
                     {
-                        return dataToDecrypt.Data;
+                        if (dataToDecrypt.Algorithm == SecurityAlgorithms.RsaOaepSha256)
+                        {
+                            return RsaUtils.Decrypt(
+                                new ArraySegment<byte>(dataToDecrypt.Data),
+                                certificate,
+                                RsaUtils.Padding.OaepSHA256,
+                                logger);
+                        }
+                        break;
                     }
-                    break;
-                default:
-                    throw ServiceResultException.Create(
-                        StatusCodes.BadSecurityPolicyRejected,
-                        "Unsupported security policy: {0}",
-                        securityPolicyUri);
+                }
+            }
+
+            if (String.IsNullOrEmpty(dataToDecrypt.Algorithm))
+            {
+                return dataToDecrypt.Data;
             }
 
             throw ServiceResultException.Create(
@@ -460,74 +561,129 @@ public static byte[] Decrypt(
         }
 
         /// <summary>
-        /// Signs the data using the SecurityPolicyUri and returns the signature.
+        /// Creates a signature using the security enhancements if required by the SecurityPolicy.
         /// </summary>
-        /// <exception cref="ServiceResultException"></exception>
-        public static SignatureData Sign(
-            X509Certificate2 certificate,
+        public static SignatureData CreateSignatureData(
             string securityPolicyUri,
-            byte[] dataToSign)
+            X509Certificate2 signingCertificate,
+            byte[] secureChannelSecret,
+            byte[] remoteCertificate,
+            byte[] remoteChannelCertificate,
+            byte[] localChannelCertificate,
+            byte[] remoteNonce,
+            byte[] localNonce)
         {
             var signatureData = new SignatureData();
 
-            // check if nothing to do.
-            if (dataToSign == null)
+            // nothing more to do if no encryption.
+            if (string.IsNullOrEmpty(securityPolicyUri))
             {
                 return signatureData;
             }
 
-            // nothing more to do if no encryption.
-            if (string.IsNullOrEmpty(securityPolicyUri))
+            // get the info object.
+            var info = GetInfo(securityPolicyUri);
+
+            // unsupported policy.
+            if (info == null)
             {
-                return signatureData;
+                throw ServiceResultException.Create(
+                    StatusCodes.BadSecurityPolicyRejected,
+                    "Unsupported security policy: {0}",
+                    securityPolicyUri);
             }
 
+            System.Console.WriteLine(
+                $"CreateSignatureData\r\n" +
+                $"secureChannelSecret: {ToFragment(secureChannelSecret)}\r\n" +
+                $"remoteCertificate: {ToFragment(remoteCertificate)}\r\n" +
+                $"remoteChannelCertificate: {ToFragment(remoteChannelCertificate)}\r\n" +
+                $"localChannelCertificate: {ToFragment(localChannelCertificate)}\r\n" +
+                $"remoteNonce: {ToFragment(remoteNonce)}\r\n" +
+                $"localNonce: {ToFragment(localNonce)}"
+            );
+
+            // create the data to sign.
+            byte[] dataToSign = (info.SecureChannelEnhancements)
+                ? Utils.Append(
+                    secureChannelSecret ?? Array.Empty<byte>(),
+                    remoteCertificate ?? Array.Empty<byte>(),
+                    remoteChannelCertificate ?? Array.Empty<byte>(),
+                    localChannelCertificate ?? Array.Empty<byte>(),
+                    remoteNonce ?? Array.Empty<byte>(),
+                    localNonce ?? Array.Empty<byte>())
+                :
+                  Utils.Append(
+                    remoteCertificate ?? Array.Empty<byte>(),
+                    remoteNonce);
+
+            return CreateSignatureData(info, signingCertificate, dataToSign);
+        }
+
+        /// <summary>
+        /// Creates a signature on the data provided using the SecurityPolicy.
+        /// </summary>
+        public static SignatureData CreateSignatureData(
+           string securityPolicyUri,
+           X509Certificate2 localCertificate,
+           byte[] dataToSign)
+        {
+            var info = GetInfo(securityPolicyUri);
+            return CreateSignatureData(info, localCertificate, dataToSign);
+        }
+
+        /// <summary>
+        /// Creates a signature on the data provided using the SecurityPolicy.
+        /// </summary>
+        public static SignatureData CreateSignatureData(
+           SecurityPolicyInfo securityPolicy,
+           X509Certificate2 localCertificate,
+           byte[] dataToSign)
+        {
+            var signatureData = new SignatureData();
+
             // sign data.
-            switch (securityPolicyUri)
+            switch (securityPolicy.AsymmetricSignatureAlgorithm)
             {
-                case Basic256:
-                case Basic128Rsa15:
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha1:
                     signatureData.Algorithm = SecurityAlgorithms.RsaSha1;
                     signatureData.Signature = RsaUtils.Rsa_Sign(
                         new ArraySegment<byte>(dataToSign),
-                        certificate,
+                        localCertificate,
                         HashAlgorithmName.SHA1,
                         RSASignaturePadding.Pkcs1);
                     break;
-                case Aes128_Sha256_RsaOaep:
-                case Basic256Sha256:
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha256:
                     signatureData.Algorithm = SecurityAlgorithms.RsaSha256;
                     signatureData.Signature = RsaUtils.Rsa_Sign(
                         new ArraySegment<byte>(dataToSign),
-                        certificate,
+                        localCertificate,
                         HashAlgorithmName.SHA256,
                         RSASignaturePadding.Pkcs1);
                     break;
-                case Aes256_Sha256_RsaPss:
+                case AsymmetricSignatureAlgorithm.RsaPssSha256:
                     signatureData.Algorithm = SecurityAlgorithms.RsaPssSha256;
                     signatureData.Signature = RsaUtils.Rsa_Sign(
                         new ArraySegment<byte>(dataToSign),
-                        certificate,
+                        localCertificate,
                         HashAlgorithmName.SHA256,
                         RSASignaturePadding.Pss);
                     break;
-                case ECC_nistP256:
-                case ECC_brainpoolP256r1:
+                case AsymmetricSignatureAlgorithm.EcdsaSha256:
                     signatureData.Algorithm = null;
-                    signatureData.Signature = EccUtils.Sign(
+                    signatureData.Signature = CryptoUtils.Sign(
                         new ArraySegment<byte>(dataToSign),
-                        certificate,
-                        HashAlgorithmName.SHA256);
+                        localCertificate,
+                        securityPolicy.AsymmetricSignatureAlgorithm);
                     break;
-                case ECC_nistP384:
-                case ECC_brainpoolP384r1:
+                case AsymmetricSignatureAlgorithm.EcdsaSha384:
                     signatureData.Algorithm = null;
-                    signatureData.Signature = EccUtils.Sign(
+                    signatureData.Signature = CryptoUtils.Sign(
                         new ArraySegment<byte>(dataToSign),
-                        certificate,
-                        HashAlgorithmName.SHA384);
+                        localCertificate,
+                        securityPolicy.AsymmetricSignatureAlgorithm);
                     break;
-                case None:
+                case AsymmetricSignatureAlgorithm.None:
                     signatureData.Algorithm = null;
                     signatureData.Signature = null;
                     break;
@@ -535,110 +691,198 @@ public static SignatureData Sign(
                     throw ServiceResultException.Create(
                         StatusCodes.BadSecurityPolicyRejected,
                         "Unsupported security policy: {0}",
-                        securityPolicyUri);
+                        securityPolicy.Uri);
             }
 
             return signatureData;
         }
 
         /// <summary>
-        /// Verifies the signature using the SecurityPolicyUri and return true if valid.
+        /// Creates a signature using the security enhancements if required by the SecurityPolicy.
         /// </summary>
-        /// <exception cref="ServiceResultException"></exception>
-        public static bool Verify(
-            X509Certificate2 certificate,
+        public static bool VerifySignatureData(
+            SignatureData signature,
             string securityPolicyUri,
-            byte[] dataToVerify,
-            SignatureData signature)
+            X509Certificate2 signingCertificate,
+            byte[] secureChannelSecret,
+            byte[] localCertificate,
+            byte[] localChannelCertificate,
+            byte[] remoteChannelCertificate,
+            byte[] localNonce,
+            byte[] remoteNonce)
         {
-            // check if nothing to do.
-            if (signature == null)
+            var signatureData = new SignatureData();
+
+            // nothing more to do if no encryption.
+            if (string.IsNullOrEmpty(securityPolicyUri))
             {
                 return true;
             }
 
-            // nothing more to do if no encryption.
-            if (string.IsNullOrEmpty(securityPolicyUri))
+            // get the info object.
+            var info = GetInfo(securityPolicyUri);
+
+            // unsupported policy.
+            if (info == null)
+            {
+                throw ServiceResultException.Create(
+                    StatusCodes.BadSecurityPolicyRejected,
+                    "Unsupported security policy: {0}",
+                    securityPolicyUri);
+            }
+
+            System.Console.WriteLine(
+                $"VerifySignatureData\r\n" +
+                $"secureChannelSecret: {ToFragment(secureChannelSecret)}\r\n" +
+                $"localCertificate: {ToFragment(localCertificate)}\r\n" +
+                $"localChannelCertificate: {ToFragment(localChannelCertificate)}\r\n" +
+                $"remoteChannelCertificate: {ToFragment(remoteChannelCertificate)}\r\n" +
+                $"localNonce: {ToFragment(localNonce)}\r\n" +
+                $"remoteNonce: {ToFragment(remoteNonce)}"
+            );
+
+            // create the data to sign.
+            byte[] dataToVerify = (info.SecureChannelEnhancements)
+                ? Utils.Append(
+                    secureChannelSecret ?? Array.Empty<byte>(),
+                    localCertificate ?? Array.Empty<byte>(),
+                    localChannelCertificate ?? Array.Empty<byte>(),
+                    remoteChannelCertificate ?? Array.Empty<byte>(),
+                    localNonce ?? Array.Empty<byte>(),
+                    remoteNonce ?? Array.Empty<byte>())
+                :
+                  Utils.Append(
+                    localCertificate ?? Array.Empty<byte>(),
+                    localNonce);
+
+            return VerifySignatureData(signature, info, signingCertificate, dataToVerify);
+        }
+                
+        /// <summary>
+        /// Verifies the signature using the SecurityPolicyUri and return true if valid.
+        /// </summary>
+        public static bool VerifySignatureData(
+            SignatureData signature,
+            string securityPolicyUri,
+            X509Certificate2 signingCertificate,
+            byte[] dataToVerify)
+        {
+            var info = GetInfo(securityPolicyUri);
+            return VerifySignatureData(signature, info, signingCertificate, dataToVerify);
+        }
+
+        /// <summary>
+        /// Verifies the signature using the SecurityPolicyUri and return true if valid.
+        /// </summary>
+        public static bool VerifySignatureData(
+            SignatureData signature,
+            SecurityPolicyInfo securityPolicy,
+            X509Certificate2 signingCertificate,
+            byte[] dataToVerify)
+        {
+            // check if nothing to do.
+            if (signature == null)
             {
                 return true;
             }
 
-            // decrypt data.
-            switch (securityPolicyUri)
+            // sign data.
+            switch (securityPolicy.AsymmetricSignatureAlgorithm)
             {
-                case Basic256:
-                case Basic128Rsa15:
+                // always accept signatures if security is not used.
+                case AsymmetricSignatureAlgorithm.None:
+                    return true;
+
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha1:
+                {
                     if (signature.Algorithm == SecurityAlgorithms.RsaSha1)
                     {
                         return RsaUtils.Rsa_Verify(
                             new ArraySegment<byte>(dataToVerify),
                             signature.Signature,
-                            certificate,
+                            signingCertificate,
                             HashAlgorithmName.SHA1,
                             RSASignaturePadding.Pkcs1);
                     }
-                    throw ServiceResultException.Create(
-                        StatusCodes.BadSecurityChecksFailed,
-                        "Unexpected signature algorithm for Basic256/Basic128Rsa15: {0}\n" +
-                        "Expected signature algorithm: {1}",
-                        signature.Algorithm,
-                        SecurityAlgorithms.RsaSha1);
-                case Aes128_Sha256_RsaOaep:
-                case Basic256Sha256:
+                    break;
+                }
+
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha256:
+                {
                     if (signature.Algorithm == SecurityAlgorithms.RsaSha256)
                     {
                         return RsaUtils.Rsa_Verify(
                             new ArraySegment<byte>(dataToVerify),
                             signature.Signature,
-                            certificate,
+                            signingCertificate,
                             HashAlgorithmName.SHA256,
                             RSASignaturePadding.Pkcs1);
                     }
-                    throw ServiceResultException.Create(
-                        StatusCodes.BadSecurityChecksFailed,
-                        "Unexpected signature algorithm for Basic256Sha256/Aes128_Sha256_RsaOaep: {0}\n" +
-                        "Expected signature algorithm: {1}",
-                        signature.Algorithm,
-                        SecurityAlgorithms.RsaSha256);
-                case Aes256_Sha256_RsaPss:
+                    break;
+                }
+
+                case AsymmetricSignatureAlgorithm.RsaPssSha256:
+                {
                     if (signature.Algorithm == SecurityAlgorithms.RsaPssSha256)
                     {
                         return RsaUtils.Rsa_Verify(
                             new ArraySegment<byte>(dataToVerify),
                             signature.Signature,
-                            certificate,
+                            signingCertificate,
                             HashAlgorithmName.SHA256,
                             RSASignaturePadding.Pss);
                     }
-                    throw ServiceResultException.Create(
-                        StatusCodes.BadSecurityChecksFailed,
-                        "Unexpected signature algorithm for Aes256_Sha256_RsaPss: {0}\n" +
-                        "Expected signature algorithm : {1}",
-                        signature.Algorithm,
-                        SecurityAlgorithms.RsaPssSha256);
-                case ECC_nistP256:
-                case ECC_brainpoolP256r1:
-                    return EccUtils.Verify(
-                        new ArraySegment<byte>(dataToVerify),
-                        signature.Signature,
-                        certificate,
-                        HashAlgorithmName.SHA256);
-                case ECC_nistP384:
-                case ECC_brainpoolP384r1:
-                    return EccUtils.Verify(
-                        new ArraySegment<byte>(dataToVerify),
-                        signature.Signature,
-                        certificate,
-                        HashAlgorithmName.SHA384);
-                // always accept signatures if security is not used.
-                case None:
-                    return true;
-                default:
-                    throw ServiceResultException.Create(
-                        StatusCodes.BadSecurityPolicyRejected,
-                        "Unsupported security policy: {0}",
-                        securityPolicyUri);
+                    break;
+                }
+
+                case AsymmetricSignatureAlgorithm.EcdsaSha256:
+                {
+                    if (signature.Algorithm == null || signature.Algorithm == securityPolicy.Uri)
+                    {
+                        return CryptoUtils.Verify(
+                            new ArraySegment<byte>(dataToVerify),
+                            signature.Signature,
+                            signingCertificate,
+                            securityPolicy.AsymmetricSignatureAlgorithm);
+                    }
+
+                    break;
+                }
+
+                case AsymmetricSignatureAlgorithm.EcdsaSha384:
+                {
+                    if (signature.Algorithm == null || signature.Algorithm == securityPolicy.Uri)
+                    {
+                        return CryptoUtils.Verify(
+                            new ArraySegment<byte>(dataToVerify),
+                            signature.Signature,
+                            signingCertificate,
+                            securityPolicy.AsymmetricSignatureAlgorithm);
+                    }
+
+                    break;
+                }
             }
+
+            throw ServiceResultException.Create(
+                StatusCodes.BadSecurityChecksFailed,
+                "Unexpected SignatureData algorithm: {0}",
+                signature.Algorithm);
+        }
+
+        static string ToFragment(byte[] input)
+        {
+            if (input != null)
+            {
+                if (input.Length < 8)
+                {
+                    return Utils.ToHexString(input);
+                }
+
+                return Utils.ToHexString(input).Substring(0, 16);
+            }
+
+            return "null";
         }
 
         /// <summary>
diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
index af75058c8f..0660d76119 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
@@ -11,6 +11,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */
 
 using System;
+using System.IO;
 using System.Security.Cryptography;
 
 namespace Opc.Ua
@@ -97,6 +98,11 @@ public SecurityPolicyInfo(string uri, string name = null)
         /// </summary>
         public AsymmetricSignatureAlgorithm CertificateSignatureAlgorithm { get; private set; }
 
+        /// <summary>
+        /// Returns algorithm family used to create asymmetric key pairs used with Certificates.
+        /// </summary>
+        public CertificateKeyFamily CertificateKeyFamily { get; private set; }
+
         /// <summary>
         /// The algorithm used to create asymmetric key pairs used with Certificates.
         /// </summary>
@@ -133,10 +139,21 @@ public SecurityPolicyInfo(string uri, string name = null)
         /// </summary>
         public bool LegacySequenceNumbers { get; private set; }
 
+        /// <summary>
+        /// If TRUE, the enhancements to the SecureChannel are required for the SecurityPolicy.
+        /// • Channel-bound Signature calculations in CreateSession/ActivateSession;
+        /// • Session transfer tokens in ActivateSession;
+        /// • Chained symmetric key derivation when renewing SecureChannels.
+        /// • Allow padding when using Authenticated Encryption;
+        /// </summary>
+        public bool SecureChannelEnhancements { get; private set; }
+
         /// <summary>
         /// Whether the padding is required with symmetric encryption.
         /// </summary>
         public bool NoSymmetricEncryptionPadding =>
+            SymmetricEncryptionAlgorithm == SymmetricEncryptionAlgorithm.Aes256Gcm ||
+            SymmetricEncryptionAlgorithm == SymmetricEncryptionAlgorithm.Aes128Gcm ||
             SymmetricEncryptionAlgorithm == SymmetricEncryptionAlgorithm.ChaCha20Poly1305;
 
         /// <summary>
@@ -151,11 +168,122 @@ public SecurityPolicyInfo(string uri, string name = null)
         public byte[] KeyDataLengthForEncryptedSecret =>
              BitConverter.GetBytes(SymmetricEncryptionKeyLength + InitializationVectorLength);
 
+        /// <summary>
+        /// Returns the data to be signed by the server when creating a session.
+        /// </summary>
+        public byte[] GetUserTokenSignatureData(
+            byte[] secureChanneHash,
+            byte[] serverNonce,
+            byte[] serverCertificate,
+            byte[] serverChannelCertificate,
+            byte[] clientCertificate,
+            byte[] clientChannelCertificate,
+            byte[] clientNonce)
+        {
+            byte[] data = null;
+
+            if (SecureChannelEnhancements)
+            {
+                data = Utils.Append(
+                    secureChanneHash,
+                    serverNonce,
+                    serverCertificate,
+                    serverChannelCertificate,
+                    clientCertificate,
+                    clientChannelCertificate,
+                    clientNonce);
+            }
+            else
+            {
+                data = Utils.Append(
+                    serverCertificate,
+                    serverNonce);
+            }
+
+            System.Console.WriteLine($"UserTokenSignatureData={Opc.Ua.Bindings.TcpMessageType.KeyToString(data)}");
+            return data;
+        }
+
+        /// <summary>
+        /// Returns the data to be signed by the server when creating a session.
+        /// </summary>
+        public byte[] GetServerSignatureData(
+            byte[] secureChanneHash,
+            byte[] clientNonce,
+            byte[] serverChannelCertificate,
+            byte[] clientCertificate,
+            byte[] clientChannelCertificate,
+            byte[] serverNonce)
+        {
+            byte[] data = null;
+
+            if (SecureChannelEnhancements)
+            {
+                data = Utils.Append(
+                    secureChanneHash,
+                    clientNonce,
+                    serverChannelCertificate,
+                    clientChannelCertificate,
+                    serverNonce);
+
+                System.Console.WriteLine($"secureChanneHash={Opc.Ua.Bindings.TcpMessageType.KeyToString(secureChanneHash)}");
+                System.Console.WriteLine($"clientNonce={Opc.Ua.Bindings.TcpMessageType.KeyToString(clientNonce)}");
+                System.Console.WriteLine($"serverChannelCertificate={Opc.Ua.Bindings.TcpMessageType.KeyToString(serverChannelCertificate)}");
+                System.Console.WriteLine($"clientChannelCertificate={Opc.Ua.Bindings.TcpMessageType.KeyToString(clientChannelCertificate)}");
+                System.Console.WriteLine($"serverNonce={Opc.Ua.Bindings.TcpMessageType.KeyToString(serverNonce)}");
+
+            }
+            else
+            {
+                data = Utils.Append(
+                    clientCertificate,
+                    clientNonce);
+            }
+
+            System.Console.WriteLine($"ServerSignatureData={Opc.Ua.Bindings.TcpMessageType.KeyToString(data)}");
+            return data;
+        }
+
+        /// <summary>
+        /// Returns the data to be signed by the client when creating a session.
+        /// </summary>
+        public byte[] GetClientSignatureData(
+            byte[] secureChannelHash,
+            byte[] serverNonce,
+            byte[] serverCertificate,
+            byte[] serverChannelCertificate,
+            byte[] clientChannelCertificate,
+            byte[] clientNonce)
+        {
+            byte[] data = null;
+
+            if (SecureChannelEnhancements)
+            {
+                data = Utils.Append(
+                    secureChannelHash,
+                    serverNonce,
+                    serverCertificate,
+                    serverChannelCertificate,
+                    clientChannelCertificate,
+                    clientNonce);
+            }
+            else
+            {
+                data = Utils.Append(
+                    serverCertificate,
+                    serverNonce);
+            }
+
+            System.Console.WriteLine($"ClientSignatureData={Opc.Ua.Bindings.TcpMessageType.KeyToString(data)}");
+            return data;
+        }
+
         /// <summary>
         /// Returns a HMAC based on the symmetric signature algorithm.
         /// </summary>
         public HMAC CreateSignatureHmac(byte[] signingKey)
         {
+#pragma warning disable CA5350 // Do Not Use Weak Cryptographic Algorithms
             return SymmetricSignatureAlgorithm switch
             {
                 SymmetricSignatureAlgorithm.HmacSha1 => new HMACSHA1(signingKey),
@@ -163,6 +291,7 @@ public HMAC CreateSignatureHmac(byte[] signingKey)
                 SymmetricSignatureAlgorithm.HmacSha384 => new HMACSHA384(signingKey),
                 _ => null
             };
+#pragma warning restore CA5350 // Do Not Use Weak Cryptographic Algorithms
         }
 
         /// <summary>
@@ -195,12 +324,14 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             LegacySequenceNumbers = false,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.None,
+            CertificateKeyFamily = CertificateKeyFamily.None,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.None,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.None,
             EphemeralKeyAlgorithm = CertificateKeyAlgorithm.None,
             KeyDerivationAlgorithm = KeyDerivationAlgorithm.None,
             SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.None,
-            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.None
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.None,
+            SecureChannelEnhancements = false
         };
 
         /// <summary>
@@ -219,6 +350,7 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             LegacySequenceNumbers = true,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.RsaOaepSha1,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha1,
+            CertificateKeyFamily = CertificateKeyFamily.RSA,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha1,
             EphemeralKeyAlgorithm = CertificateKeyAlgorithm.None,
@@ -244,6 +376,7 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             LegacySequenceNumbers = true,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.RsaOaepSha1,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha1,
+            CertificateKeyFamily = CertificateKeyFamily.RSA,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha1,
             EphemeralKeyAlgorithm = CertificateKeyAlgorithm.None,
@@ -268,6 +401,7 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             LegacySequenceNumbers = true,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.RsaOaepSha1,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
+            CertificateKeyFamily = CertificateKeyFamily.RSA,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
             EphemeralKeyAlgorithm = CertificateKeyAlgorithm.None,
@@ -292,6 +426,7 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             LegacySequenceNumbers = true,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.RsaOaepSha1,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
+            CertificateKeyFamily = CertificateKeyFamily.RSA,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
             KeyDerivationAlgorithm = KeyDerivationAlgorithm.PSha256,
@@ -314,6 +449,7 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             LegacySequenceNumbers = true,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.RsaOaepSha256,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPssSha256,
+            CertificateKeyFamily = CertificateKeyFamily.RSA,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
             EphemeralKeyAlgorithm = CertificateKeyAlgorithm.None,
@@ -326,9 +462,61 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
         };
 
         /// <summary>
-        /// ECC_curve25519 is a required minimum security policy. It uses ChaChaPoly and 256 bit encryption.
+        /// ECC curve25519 is a required minimum security policy. It uses ChaChaPoly and 256 bit encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo ECC_curve25519 = new(SecurityPolicies.ECC_curve25519)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 256,
+            MaxAsymmetricKeyLength = 256,
+            SecureChannelNonceLength = 32,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure25519,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.Curve25519,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure25519,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.Curve25519,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.ChaCha20Poly1305,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.ChaCha20Poly1305,
+            SecureChannelEnhancements = false,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// ECC curve25519 is a required minimum security policy. It uses AES-GCM for symmetric encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo ECC_curve25519_AES = new(SecurityPolicies.ECC_curve25519_AES)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 128 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 256,
+            MaxAsymmetricKeyLength = 256,
+            SecureChannelNonceLength = 32,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure25519,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.Curve25519,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure25519,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.Curve25519,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes128Gcm,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.Aes128Gcm,
+            SecureChannelEnhancements = true,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// ECC curve25519 is a required minimum security policy. It uses ChaCha20Poly1305 for symmetric encryption.
         /// </summary>
-        public static readonly SecurityPolicyInfo ECC_curve25519 = new(SecurityPolicies.ECC_curve25519)
+        public readonly static SecurityPolicyInfo ECC_curve25519_ChaChaPoly = new(SecurityPolicies.ECC_curve25519_ChaChaPoly)
         {
             DerivedSignatureKeyLength = 0,
             SymmetricEncryptionKeyLength = 256 / 8,
@@ -340,19 +528,73 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             LegacySequenceNumbers = false,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure25519,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.Curve25519,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure25519,
             EphemeralKeyAlgorithm = CertificateKeyAlgorithm.Curve25519,
             KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
             SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.ChaCha20Poly1305,
             SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.ChaCha20Poly1305,
+            SecureChannelEnhancements = true,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// ECC curve448 is a required minimum security policy. It uses ChaChaPoly and 256 bit encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo ECC_curve448 = new(SecurityPolicies.ECC_curve448)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 456,
+            MaxAsymmetricKeyLength = 456,
+            SecureChannelNonceLength = 56,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure448,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.Curve448,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure448,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.Curve448,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.ChaCha20Poly1305,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.ChaCha20Poly1305,
+            SecureChannelEnhancements = false,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// ECC curve448 is a required minimum security policy. It uses AES-GCM for symmetric encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo ECC_curve448_AES = new(SecurityPolicies.ECC_curve448_AES)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 128 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 456,
+            MaxAsymmetricKeyLength = 456,
+            SecureChannelNonceLength = 56,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure448,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.Curve448,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure448,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.Curve448,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes128Gcm,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.Aes128Gcm,
+            SecureChannelEnhancements = true,
             IsDeprecated = false
         };
 
         /// <summary>
-        /// ECC_curve448 is a required minimum security policy. It uses ChaChaPoly and 256 bit encryption.
+        /// ECC Curve448 is a required minimum security policy. It uses ChaCha20Poly1305 for symmetric encryption.
         /// </summary>
-        public static readonly SecurityPolicyInfo ECC_curve448 = new(SecurityPolicies.ECC_curve448)
+        public readonly static SecurityPolicyInfo ECC_curve448_ChaChaPoly = new(SecurityPolicies.ECC_curve448_ChaChaPoly)
         {
             DerivedSignatureKeyLength = 0,
             SymmetricEncryptionKeyLength = 256 / 8,
@@ -364,19 +606,21 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             LegacySequenceNumbers = false,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure448,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.Curve448,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaPure448,
             EphemeralKeyAlgorithm = CertificateKeyAlgorithm.Curve448,
             KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
             SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.ChaCha20Poly1305,
             SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.ChaCha20Poly1305,
+            SecureChannelEnhancements = true,
             IsDeprecated = false
         };
 
         /// <summary>
-        /// ECC nistP256 is a required minimum security policy.
+        /// The ECC nistP256 is a required minimum security policy.
         /// </summary>
-        public static readonly SecurityPolicyInfo ECC_nistP256 = new(SecurityPolicies.ECC_nistP256)
+        public readonly static SecurityPolicyInfo ECC_nistP256 = new(SecurityPolicies.ECC_nistP256)
         {
             DerivedSignatureKeyLength = 256 / 8,
             SymmetricEncryptionKeyLength = 128 / 8,
@@ -388,19 +632,73 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             LegacySequenceNumbers = false,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.NistP256,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
             EphemeralKeyAlgorithm = CertificateKeyAlgorithm.NistP256,
             KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
             SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes128Cbc,
             SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.HmacSha256,
+            SecureChannelEnhancements = false,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// The ECC_nistP256_AES is an ECC nistP256 variant that uses AES-GCM for symmetric encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo ECC_nistP256_AES = new(SecurityPolicies.ECC_nistP256_AES)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 128 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 256,
+            MaxAsymmetricKeyLength = 256,
+            SecureChannelNonceLength = 64,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.NistP256,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.NistP256,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes128Gcm,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.Aes128Gcm,
+            SecureChannelEnhancements = true,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// The ECC_nistP256_AES is an ECC nistP256 variant that uses ChaCha20Poly1305 for symmetric encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo ECC_nistP256_ChaChaPoly = new(SecurityPolicies.ECC_nistP256_ChaChaPoly)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 256,
+            MaxAsymmetricKeyLength = 256,
+            SecureChannelNonceLength = 64,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.NistP256,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.NistP256,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.ChaCha20Poly1305,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.ChaCha20Poly1305,
+            SecureChannelEnhancements = true,
             IsDeprecated = false
         };
 
         /// <summary>
-        /// ECC nistP384 is an optional high security policy.
+        /// The ECC nistP384 is an optional high security policy.
         /// </summary>
-        public static readonly SecurityPolicyInfo ECC_nistP384 = new(SecurityPolicies.ECC_nistP384)
+        public readonly static SecurityPolicyInfo ECC_nistP384 = new(SecurityPolicies.ECC_nistP384)
         {
             DerivedSignatureKeyLength = 384 / 8,
             SymmetricEncryptionKeyLength = 256 / 8,
@@ -412,19 +710,73 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             LegacySequenceNumbers = false,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.NistP384,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
             EphemeralKeyAlgorithm = CertificateKeyAlgorithm.NistP384,
             KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha384,
             SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes256Cbc,
             SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.HmacSha384,
+            SecureChannelEnhancements = false,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// The ECC nistP384 is an optional high security policy that uses AES-GCM for symmetric encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo ECC_nistP384_AES = new(SecurityPolicies.ECC_nistP384_AES)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 384,
+            MaxAsymmetricKeyLength = 384,
+            SecureChannelNonceLength = 96,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.NistP384,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.NistP384,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha384,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes128Gcm,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.Aes128Gcm,
+            SecureChannelEnhancements = true,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// The ECC nistP384 is an optional high security policy that uses ChaCha20Poly1305 for symmetric encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo ECC_nistP384_ChaChaPoly = new(SecurityPolicies.ECC_nistP384_ChaChaPoly)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 384,
+            MaxAsymmetricKeyLength = 384,
+            SecureChannelNonceLength = 96,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.NistP384,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.NistP384,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha384,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.ChaCha20Poly1305,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.ChaCha20Poly1305,
+            SecureChannelEnhancements = true,
             IsDeprecated = false
         };
 
         /// <summary>
-        /// ECC brainpoolP256r1 is a required minimum security policy.
+        /// The ECC brainpoolP256r1 is a required minimum security policy.
         /// </summary>
-        public static readonly SecurityPolicyInfo ECC_brainpoolP256r1 = new(SecurityPolicies.ECC_brainpoolP256r1)
+        public readonly static SecurityPolicyInfo ECC_brainpoolP256r1 = new(SecurityPolicies.ECC_brainpoolP256r1)
         {
             DerivedSignatureKeyLength = 256 / 8,
             SymmetricEncryptionKeyLength = 128 / 8,
@@ -436,23 +788,77 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             LegacySequenceNumbers = false,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.NistP256,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
             EphemeralKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP256r1,
             KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
             SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes128Cbc,
             SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.HmacSha256,
+            SecureChannelEnhancements = false,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// The ECC_brainpoolP256r1_AES is an ECC brainpoolP256 variant that uses AES-GCM for symmetric encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo ECC_brainpoolP256r1_AES = new (SecurityPolicies.ECC_brainpoolP256r1_AES)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 128 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 256,
+            MaxAsymmetricKeyLength = 256,
+            SecureChannelNonceLength = 64,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP256r1,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP256r1,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes128Gcm,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.Aes128Gcm,
+            SecureChannelEnhancements = true,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// The ECC_brainpoolP256_AES is an ECC brainpoolP256 variant that uses ChaCha20Poly1305 for symmetric encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo ECC_brainpoolP256r1_ChaChaPoly = new(SecurityPolicies.ECC_brainpoolP256r1_ChaChaPoly)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 256,
+            MaxAsymmetricKeyLength = 256,
+            SecureChannelNonceLength = 64,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP256r1,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha256,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP256r1,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.ChaCha20Poly1305,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.ChaCha20Poly1305,
+            SecureChannelEnhancements = true,
             IsDeprecated = false
         };
 
         /// <summary>
-        /// ECC brainpoolP384r1 is an optional high security policy.
+        /// The ECC brainpoolP384r1 is an optional high security policy.
         /// </summary>
-        public static readonly SecurityPolicyInfo ECC_brainpoolP384r1 = new(SecurityPolicies.ECC_brainpoolP384r1)
+        public readonly static SecurityPolicyInfo ECC_brainpoolP384r1 = new(SecurityPolicies.ECC_brainpoolP384r1)
         {
             DerivedSignatureKeyLength = 384 / 8,
             SymmetricEncryptionKeyLength = 256 / 8,
-            InitializationVectorLength = 128 / 8,
+            InitializationVectorLength = 96 / 8,
             SymmetricSignatureLength = 384 / 8,
             MinAsymmetricKeyLength = 384,
             MaxAsymmetricKeyLength = 384,
@@ -460,16 +866,143 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             LegacySequenceNumbers = false,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP384r1,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
             EphemeralKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP384r1,
             KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha384,
             SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes256Cbc,
             SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.HmacSha384,
+            SecureChannelEnhancements = false,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// The ECC brainpoolP384r1 is an optional high security policy that uses AES-GCM for symmetric encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo ECC_brainpoolP384r1_AES = new(SecurityPolicies.ECC_brainpoolP384r1_AES)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 384,
+            MaxAsymmetricKeyLength = 384,
+            SecureChannelNonceLength = 96,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP384r1,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP384r1,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha384,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes256Gcm,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.Aes256Gcm,
+            SecureChannelEnhancements = true,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// The ECC brainpoolP384r1 is an optional high security policy that uses ChaCha20Poly1305 for symmetric encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo ECC_brainpoolP384r1_ChaChaPoly = new(SecurityPolicies.ECC_brainpoolP384r1_ChaChaPoly)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 384,
+            MaxAsymmetricKeyLength = 384,
+            SecureChannelNonceLength = 96,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            CertificateKeyFamily = CertificateKeyFamily.ECC,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP384r1,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.EcdsaSha384,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.BrainpoolP384r1,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha384,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.ChaCha20Poly1305,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.ChaCha20Poly1305,
+            SecureChannelEnhancements = true,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// The RSA_DH_AES_GCM is an high security policy that uses AES GCM for symmetric encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo RSA_DH_AES_GCM = new(SecurityPolicies.RSA_DH_AES_GCM)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 128 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 2048,
+            MaxAsymmetricKeyLength = 4096,
+            SecureChannelNonceLength = 96,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPssSha256,
+            CertificateKeyFamily = CertificateKeyFamily.RSA,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSADH,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.RSADH,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.Aes256Gcm,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.Aes128Gcm,
+            SecureChannelEnhancements = true,
+            IsDeprecated = false
+        };
+
+        /// <summary>
+        /// The RSA_DH_ChaChaPoly is an high security policy that uses ChaCha20Poly1305 for symmetric encryption.
+        /// </summary>
+        public readonly static SecurityPolicyInfo RSA_DH_ChaChaPoly = new(SecurityPolicies.RSA_DH_ChaChaPoly)
+        {
+            DerivedSignatureKeyLength = 0,
+            SymmetricEncryptionKeyLength = 256 / 8,
+            InitializationVectorLength = 96 / 8,
+            SymmetricSignatureLength = 128 / 8,
+            MinAsymmetricKeyLength = 2048,
+            MaxAsymmetricKeyLength = 4096,
+            SecureChannelNonceLength = 64,
+            LegacySequenceNumbers = false,
+            AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPssSha256,
+            CertificateKeyFamily = CertificateKeyFamily.RSA,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSADH,
+            CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
+            EphemeralKeyAlgorithm = CertificateKeyAlgorithm.RSADH,
+            KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
+            SymmetricEncryptionAlgorithm = SymmetricEncryptionAlgorithm.ChaCha20Poly1305,
+            SymmetricSignatureAlgorithm = SymmetricSignatureAlgorithm.ChaCha20Poly1305,
+            SecureChannelEnhancements = true,
             IsDeprecated = false
         };
     }
 
+    /// <summary>
+    /// The algorithm family used to generate key pairs.
+    /// </summary>
+    public enum CertificateKeyFamily
+    {
+        /// <summary>
+        /// Does not apply.
+        /// </summary>
+        None,
+
+        /// <summary>
+        /// The RSA algorithm.
+        /// </summary>
+        RSA,
+
+        /// <summary>
+        /// Ellipic curve algorithms.
+        /// </summary>
+        ECC
+    }
+
     /// <summary>
     /// The algorithm used to generate key pairs.
     /// </summary>
@@ -655,9 +1188,14 @@ public enum SymmetricSignatureAlgorithm
         ChaCha20Poly1305,
 
         /// <summary>
-        /// AES GCM with 128 bit tag
+        /// AES GCM with 128 bit key
         /// </summary>
-        Aes128Gcm
+        Aes128Gcm,
+
+        /// <summary>
+        /// AES GCM with 256 bit key
+        /// </summary>
+        Aes256Gcm
     }
 
     /// <summary>
diff --git a/Stack/Opc.Ua.Core/Stack/Client/ClientChannelManager.cs b/Stack/Opc.Ua.Core/Stack/Client/ClientChannelManager.cs
index c3bc1d12a7..3d28cbe6a7 100644
--- a/Stack/Opc.Ua.Core/Stack/Client/ClientChannelManager.cs
+++ b/Stack/Opc.Ua.Core/Stack/Client/ClientChannelManager.cs
@@ -361,6 +361,18 @@ private sealed class ClientChannel : ITransportChannel
             /// <inheritdoc/>
             public IServiceMessageContext MessageContext => m_channel.MessageContext;
 
+            /// <inheritdoc/>
+            public byte[] SecureChannelHash => m_channel?.SecureChannelHash ?? [];
+
+            /// <inheritdoc/>
+            public byte[] SessionActivationSecret => m_channel?.SessionActivationSecret ?? [];
+
+            /// <inheritdoc/>
+            public byte[] ClientChannelCertificate => m_channel?.ClientChannelCertificate ?? [];
+
+            /// <inheritdoc/>
+            public byte[] ServerChannelCertificate => m_channel?.ServerChannelCertificate ?? [];
+
             /// <inheritdoc/>
             public int OperationTimeout
             {
diff --git a/Stack/Opc.Ua.Core/Stack/Configuration/EndpointDescription.cs b/Stack/Opc.Ua.Core/Stack/Configuration/EndpointDescription.cs
index aa8eb51d58..50edbb619d 100644
--- a/Stack/Opc.Ua.Core/Stack/Configuration/EndpointDescription.cs
+++ b/Stack/Opc.Ua.Core/Stack/Configuration/EndpointDescription.cs
@@ -89,12 +89,12 @@ public UserTokenPolicy FindUserTokenPolicy(string policyId, string tokenSecurity
                     else if ((
                             policy.SecurityPolicyUri != null &&
                             tokenSecurityPolicyUri != null &&
-                            EccUtils.IsEccPolicy(policy.SecurityPolicyUri) &&
-                            EccUtils.IsEccPolicy(tokenSecurityPolicyUri)
+                            CryptoUtils.IsEccPolicy(policy.SecurityPolicyUri) &&
+                            CryptoUtils.IsEccPolicy(tokenSecurityPolicyUri)
                         ) ||
                         (
-                            !EccUtils.IsEccPolicy(policy.SecurityPolicyUri) &&
-                            !EccUtils.IsEccPolicy(tokenSecurityPolicyUri)))
+                            !CryptoUtils.IsEccPolicy(policy.SecurityPolicyUri) &&
+                            !CryptoUtils.IsEccPolicy(tokenSecurityPolicyUri)))
                     {
                         sameEncryptionAlgorithm ??= policy;
                     }
@@ -159,12 +159,12 @@ public UserTokenPolicy FindUserTokenPolicy(
                     else if ((
                             policy.SecurityPolicyUri != null &&
                             tokenSecurityPolicyUri != null &&
-                            EccUtils.IsEccPolicy(policy.SecurityPolicyUri) &&
-                            EccUtils.IsEccPolicy(tokenSecurityPolicyUri)
+                            CryptoUtils.IsEccPolicy(policy.SecurityPolicyUri) &&
+                            CryptoUtils.IsEccPolicy(tokenSecurityPolicyUri)
                         ) ||
                         (
-                            !EccUtils.IsEccPolicy(policy.SecurityPolicyUri) &&
-                            !EccUtils.IsEccPolicy(tokenSecurityPolicyUri)))
+                            !CryptoUtils.IsEccPolicy(policy.SecurityPolicyUri) &&
+                            !CryptoUtils.IsEccPolicy(tokenSecurityPolicyUri)))
                     {
                         sameEncryptionAlgorithm ??= policy;
                     }
diff --git a/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs b/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs
index 11cd9fd7a8..4d2770443d 100644
--- a/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs
@@ -118,17 +118,22 @@ public IServiceMessageContext MessageContext
             => m_quotas?.MessageContext ?? throw BadNotConnected();
 
         /// <inheritdoc/>
-        public ChannelToken? CurrentToken => null;
+        public byte[] SecureChannelHash => [];
+
+        /// <inheritdoc/>
+        public byte[] SessionActivationSecret => [];
+
+        /// <inheritdoc/>
+        public byte[] ClientChannelCertificate { get; private set; } = [];
+
+        /// <inheritdoc/>
+        public byte[] ServerChannelCertificate { get; private set; } = [];
 
         /// <inheritdoc/>
         public event ChannelTokenActivatedEventHandler OnTokenActivated
         {
-            add
-            {
-            }
-            remove
-            {
-            }
+            add {}
+            remove {}
         }
 
         /// <inheritdoc/>
@@ -395,6 +400,7 @@ private void CreateHttpClient()
                     }
 #endif
                     handler.ClientCertificates.Add(clientCertificate);
+                    ClientChannelCertificate = clientCertificate.RawData;
                 }
 
                 Func<
@@ -441,7 +447,7 @@ private void CreateHttpClient()
                             }
 
                             m_quotas.CertificateValidator?.ValidateAsync(validationChain, default).GetAwaiter().GetResult();
-
+                            ServerChannelCertificate = cert.RawData;
                             return true;
                         }
                         catch (Exception ex)
@@ -469,6 +475,7 @@ private void CreateHttpClient()
 #pragma warning disable CA5400 // HttpClient is created without enabling CheckCertificateRevocationList
                 m_client = new HttpClient(handler);
 #pragma warning restore CA5400 // HttpClient is created without enabling CheckCertificateRevocationList
+
             }
             catch (Exception ex)
             {
diff --git a/Stack/Opc.Ua.Core/Stack/Server/SecureChannelContext.cs b/Stack/Opc.Ua.Core/Stack/Server/SecureChannelContext.cs
index e55aff3a90..547dd89f32 100644
--- a/Stack/Opc.Ua.Core/Stack/Server/SecureChannelContext.cs
+++ b/Stack/Opc.Ua.Core/Stack/Server/SecureChannelContext.cs
@@ -26,14 +26,26 @@ public class SecureChannelContext
         /// <param name="secureChannelId">The secure channel identifier.</param>
         /// <param name="endpointDescription">The endpoint description.</param>
         /// <param name="messageEncoding">The message encoding.</param>
+        /// <param name="secureChannelHash">The unique hash for the secure channel calculated during channel creation.</param>
+        /// <param name="sessionActivationSecret">A secret used to re-activate sessions on a new secure channel.</param>
+        /// <param name="clientChannelCertificate">The client certificate used to establsih the secure channel.</param>
+        /// <param name="serverChannelCertificate">The server certificate used to establsih the secure channel.</param>
         public SecureChannelContext(
             string secureChannelId,
             EndpointDescription endpointDescription,
-            RequestEncoding messageEncoding)
+            RequestEncoding messageEncoding,
+            byte[] clientChannelCertificate,
+            byte[] serverChannelCertificate,
+            byte[] secureChannelHash = null,
+            byte[] sessionActivationSecret = null)
         {
             SecureChannelId = secureChannelId;
             EndpointDescription = endpointDescription;
             MessageEncoding = messageEncoding;
+            ClientChannelCertificate = clientChannelCertificate;
+            ServerChannelCertificate = serverChannelCertificate;
+            SecureChannelHash = secureChannelHash;
+            SessionActivationSecret = sessionActivationSecret;
         }
 
         /// <summary>
@@ -54,6 +66,26 @@ public SecureChannelContext(
         /// <value>The message encoding.</value>
         public RequestEncoding MessageEncoding { get; }
 
+        /// <summary>
+        /// The unique hash for the secure channel calculated during channel creation.
+        /// </summary>
+        public byte[] SecureChannelHash { get; }
+
+        /// <summary>
+        /// A secret used to re-activate sessions on a new secure channel.
+        /// </summary>
+        public byte[] SessionActivationSecret { get; }
+
+        /// <summary>
+        /// The client certificate used to establsih the secure channel.
+        /// </summary>
+        public byte[] ClientChannelCertificate { get; }
+
+        /// <summary>
+        /// The server certificate used to establsih the secure channel.
+        /// </summary>
+        public byte[] ServerChannelCertificate { get; }
+
         /// <summary>
         /// The active secure channel for the thread.
         /// </summary>
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs b/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs
index e2e8cbf835..39d21c6234 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs
@@ -101,6 +101,16 @@ public void Dispose()
         /// </summary>
         public SecurityPolicyInfo SecurityPolicy { get; set; }
 
+        /// <summary>
+        /// The secret used to compute the keys.
+        /// </summary>
+        internal byte[] Secret { get; set; }
+
+        /// <summary>
+        /// The previous server nonce used to compute the keys.
+        /// </summary>
+        internal byte[] PreviousSecret { get; set; }
+
         /// <summary>
         /// The nonce provided by the client.
         /// </summary>
@@ -140,5 +150,10 @@ public void Dispose()
         /// The initialization vector by the server when encrypting a message.
         /// </summary>
         internal byte[] ServerInitializationVector { get; set; }
+
+        /// <summary>
+        /// The secret used to re-activate sessions on a new secure channel.
+        /// </summary>
+        internal byte[] SessionActivationSecret { get; set; }
     }
 }
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs b/Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs
index a5cf6303b6..2d0f4f3ebb 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs
@@ -10,6 +10,11 @@
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */
 
+using System;
+using System.Globalization;
+using System.Text;
+using Microsoft.Extensions.Logging;
+
 namespace Opc.Ua.Bindings
 {
     /// <summary>
@@ -141,6 +146,46 @@ public static bool IsValid(uint messageType)
 
             }
         }
+
+        internal static string GetTypeAndSize(ArraySegment<byte> chunk)
+        {
+            StringBuilder sb = new StringBuilder();
+
+            for (int ii = 0; ii < 1; ii++)
+            {
+                uint size = BitConverter.ToUInt32(chunk.Array ?? [], 4);
+                sb.Append(Encoding.ASCII.GetString(chunk.Array ?? [], 0, 4));
+                sb.Append("=>");
+                sb.Append(BitConverter.ToUInt32(chunk.Array ?? [], 4));
+                sb.Append((size != chunk.Count) ? " X " : " O ");
+                sb.Append(chunk.Count);
+            }
+
+            return sb.ToString();
+        }
+
+        internal static string KeyToString(ArraySegment<byte> key)
+        {
+            byte[] bytes = new byte[key.Count];
+            Buffer.BlockCopy(key.Array ?? [], key.Offset, bytes, 0, key.Count);
+            return KeyToString(bytes);
+        }
+
+        internal static string KeyToString(byte[] key)
+        {
+            if (key == null || key.Length == 0)
+            {
+                return "0:---";
+            }
+
+            if (key.Length <= 16)
+            {
+                return key.Length.ToString(CultureInfo.InvariantCulture) + ":" + Utils.ToHexString(key);
+            }
+
+            var text = Utils.ToHexString(key);
+            return $"{key.Length}:{text.Substring(0, 8)}...{text.Substring(text.Length-8, 8)}";
+        }
     }
 
     /// <summary>
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs
index ca15fe824a..bb8185ffbf 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs
@@ -13,6 +13,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading;
@@ -256,7 +257,7 @@ public override void Reconnect(
                     State = TcpChannelState.Open;
 
                     // send response.
-                    SendOpenSecureChannelResponse(requestId, token, request);
+                    SendOpenSecureChannelResponse(requestId, token, request, true);
 
                     // send any queued responses.
                     ResetQueuedResponses(OnChannelReconnected);
@@ -286,6 +287,8 @@ protected override bool HandleIncomingMessage(
             {
                 SetResponseRequired(true);
 
+                m_logger.LogWarning("IN:{Id}", TcpMessageType.GetTypeAndSize(messageChunk));
+
                 try
                 {
                     // process a response.
@@ -549,13 +552,26 @@ private bool ProcessOpenSecureChannelRequest(
 
             try
             {
+                m_oscRequestSignature = null;
+                byte[] signature;
+
                 messageBody = ReadAsymmetricMessage(
                     messageChunk,
                     ServerCertificate,
                     out channelId,
                     out clientCertificate,
                     out requestId,
-                    out sequenceNumber);
+                    out sequenceNumber,
+                    m_oscRequestSignature,
+                    out signature);
+
+                // don't keep signature if secure channel enhancements are not used.
+                m_oscRequestSignature = (SecurityPolicy.SecureChannelEnhancements) ? signature : null;
+
+                Console.WriteLine($"OSC IN={TcpMessageType.KeyToString(messageBody)}");
+                Console.WriteLine($"oscRequestSignature={TcpMessageType.KeyToString(m_oscRequestSignature)}");
+                Console.WriteLine($"signatureHash={TcpMessageType.KeyToString(signature)}");
+                Console.WriteLine($"State={State}");
 
                 // check for replay attacks.
                 if (!VerifySequenceNumber(sequenceNumber, "ProcessOpenSecureChannelRequest"))
@@ -664,6 +680,8 @@ or StatusCodes.BadCertificateIssuerRevocationUnknown
                 token = CreateToken();
                 token.TokenId = GetNewTokenId();
                 token.ServerNonce = CreateNonce(ServerCertificate);
+                token.PreviousSecret = CurrentToken?.Secret;
+
                 // check the client nonce.
                 token.ClientNonce = request.ClientNonce;
                 if (!ValidateNonce(ClientCertificate, token.ClientNonce))
@@ -775,11 +793,11 @@ or StatusCodes.BadCertificateIssuerRevocationUnknown
                 // send the response.
                 if (requestType == SecurityTokenRequestType.Renew)
                 {
-                    SendOpenSecureChannelResponse(requestId, RenewedToken, request);
+                    SendOpenSecureChannelResponse(requestId, RenewedToken, request, true);
                 }
                 else
                 {
-                    SendOpenSecureChannelResponse(requestId, CurrentToken, request);
+                    SendOpenSecureChannelResponse(requestId, CurrentToken, request, false);
                 }
 
                 // notify reverse
@@ -851,7 +869,8 @@ protected override void CompleteReverseHello(Exception e)
         private void SendOpenSecureChannelResponse(
             uint requestId,
             ChannelToken token,
-            OpenSecureChannelRequest request)
+            OpenSecureChannelRequest request,
+            bool renew)
         {
             m_logger.LogDebug("ChannelId {Id}: SendOpenSecureChannelResponse()", ChannelId);
 
@@ -867,6 +886,7 @@ private void SendOpenSecureChannelResponse(
             response.ServerNonce = token.ServerNonce;
 
             byte[] buffer = BinaryEncoder.EncodeMessage(response, Quotas.MessageContext);
+            byte[] signature;
 
             BufferCollection chunksToSend = WriteAsymmetricMessage(
                 TcpMessageType.Open,
@@ -874,7 +894,14 @@ private void SendOpenSecureChannelResponse(
                 ServerCertificate,
                 ServerCertificateChain,
                 ClientCertificate,
-                new ArraySegment<byte>(buffer, 0, buffer.Length));
+                new ArraySegment<byte>(buffer, 0, buffer.Length),
+                m_oscRequestSignature,
+                out signature);
+
+            if (!renew)
+            {
+                ComputeSecureChannelHash(signature);
+            }
 
             // write the message to the server.
             try
@@ -1326,6 +1353,7 @@ private bool ValidateDiscoveryServiceCall(
         private readonly ILogger m_logger;
         private SortedDictionary<uint, IServiceResponse> m_queuedResponses;
         private ReverseConnectAsyncResult m_pendingReverseHello;
+        private byte[] m_oscRequestSignature;
 
         private static readonly string s_implementationString =
             ".NET Standard ServerChannel UA-TCP " + Utils.GetAssemblyBuildNumber();
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs b/Stack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs
index 844ab24ffe..8434a2e327 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs
@@ -1012,7 +1012,11 @@ private async void OnRequestReceivedAsync(
                     var context = new SecureChannelContext(
                         channel.GlobalChannelId,
                         channel.EndpointDescription,
-                        RequestEncoding.Binary);
+                        RequestEncoding.Binary,
+                        channel.ClientCertificate?.RawData,
+                        channel.ServerCertificate?.RawData,
+                        channel.SecureChannelHash,
+                        channel.SessionActivationSecret);
 
                     IServiceResponse response = await m_callback.ProcessRequestAsync(
                         context,
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs
index b878de8d11..ec408fe0eb 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs
@@ -51,7 +51,7 @@ protected set
         /// <summary>
         /// The certificate for the server.
         /// </summary>
-        protected X509Certificate2 ServerCertificate { get; private set; }
+        internal X509Certificate2 ServerCertificate { get; private set; }
 
         /// <summary>
         /// The server certificate chain.
@@ -66,7 +66,20 @@ protected set
         /// <summary>
         /// The security policy used with the channel.
         /// </summary>
-        protected string SecurityPolicyUri { get; private set; }
+        protected string SecurityPolicyUri
+        {
+            get => SecurityPolicy.Uri;
+
+            private set
+            {
+                SecurityPolicy = SecurityPolicies.GetInfo(value);
+            }
+        }
+
+        /// <summary>
+        /// The security policy used with the channel.
+        /// </summary>
+        protected SecurityPolicyInfo SecurityPolicy { get; private set; }
 
         /// <summary>
         /// Whether the channel is restricted to discovery operations.
@@ -76,7 +89,7 @@ protected set
         /// <summary>
         /// The certificate for the client.
         /// </summary>
-        protected X509Certificate2 ClientCertificate { get; set; }
+        internal X509Certificate2 ClientCertificate { get; set; }
 
         /// <summary>
         /// The client certificate chain.
@@ -170,33 +183,16 @@ protected static void CompareCertificates(
         /// </summary>
         protected byte[] CreateNonce(X509Certificate2 certificate)
         {
-            switch (SecurityPolicyUri)
+            switch (SecurityPolicy.CertificateKeyFamily)
             {
-                case SecurityPolicies.Basic128Rsa15:
-                case SecurityPolicies.Basic256:
-                case SecurityPolicies.Basic256Sha256:
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
-                    uint length = Nonce.GetNonceLength(SecurityPolicyUri);
-
-                    if (length > 0)
-                    {
-                        return Nonce.CreateRandomNonceData(length);
-                    }
-                    break;
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                    m_localNonce = Nonce.CreateNonce(SecurityPolicyUri);
+                case CertificateKeyFamily.RSA:
+                    return Nonce.CreateRandomNonceData(SecurityPolicy.SecureChannelNonceLength);
+                case CertificateKeyFamily.ECC:
+                    m_localNonce = Nonce.CreateNonce(SecurityPolicy);
                     return m_localNonce.Data;
                 default:
                     return null;
             }
-
-            return null;
         }
 
         /// <summary>
@@ -211,18 +207,14 @@ protected bool ValidateNonce(X509Certificate2 certificate, byte[] nonce)
             }
 
             // check the length.
-            if (nonce == null || nonce.Length != Nonce.GetNonceLength(SecurityPolicyUri))
+            if (nonce == null || nonce.Length != SecurityPolicy.SecureChannelNonceLength)
             {
                 return false;
             }
 
-            switch (SecurityPolicyUri)
+            switch (SecurityPolicy.CertificateKeyFamily)
             {
-                case SecurityPolicies.Basic128Rsa15:
-                case SecurityPolicies.Basic256:
-                case SecurityPolicies.Basic256Sha256:
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
+                case CertificateKeyFamily.RSA:
                     // try to catch programming errors by rejecting nonces with all zeros.
                     for (int ii = 0; ii < nonce.Length; ii++)
                     {
@@ -231,19 +223,13 @@ protected bool ValidateNonce(X509Certificate2 certificate, byte[] nonce)
                             return true;
                         }
                     }
-
-                    return false;
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                    m_remoteNonce = Nonce.CreateNonce(SecurityPolicyUri, nonce);
+                    break;
+                case CertificateKeyFamily.ECC:
+                    m_remoteNonce = Nonce.CreateNonce(SecurityPolicy, nonce);
                     return true;
-                default:
-                    return false;
             }
+
+            return false;
         }
 
         /// <summary>
@@ -251,19 +237,17 @@ protected bool ValidateNonce(X509Certificate2 certificate, byte[] nonce)
         /// </summary>
         protected int GetPlainTextBlockSize(X509Certificate2 receiverCertificate)
         {
-            switch (SecurityPolicyUri)
+            switch (SecurityPolicy.AsymmetricEncryptionAlgorithm)
             {
-                case SecurityPolicies.Basic256:
-                case SecurityPolicies.Basic256Sha256:
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
+                case AsymmetricEncryptionAlgorithm.RsaOaepSha1:
                     return RsaUtils.GetPlainTextBlockSize(
                         receiverCertificate,
                         RsaUtils.Padding.OaepSHA1);
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
+                case AsymmetricEncryptionAlgorithm.RsaOaepSha256:
                     return RsaUtils.GetPlainTextBlockSize(
                         receiverCertificate,
                         RsaUtils.Padding.OaepSHA256);
-                case SecurityPolicies.Basic128Rsa15:
+                case AsymmetricEncryptionAlgorithm.RsaPkcs15Sha1:
                     return RsaUtils.GetPlainTextBlockSize(
                         receiverCertificate,
                         RsaUtils.Padding.Pkcs1);
@@ -277,13 +261,11 @@ protected int GetPlainTextBlockSize(X509Certificate2 receiverCertificate)
         /// </summary>
         protected int GetCipherTextBlockSize(X509Certificate2 receiverCertificate)
         {
-            switch (SecurityPolicyUri)
+            switch (SecurityPolicy.AsymmetricEncryptionAlgorithm)
             {
-                case SecurityPolicies.Basic256:
-                case SecurityPolicies.Basic256Sha256:
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
-                case SecurityPolicies.Basic128Rsa15:
+                case AsymmetricEncryptionAlgorithm.RsaOaepSha1:
+                case AsymmetricEncryptionAlgorithm.RsaOaepSha256:
+                case AsymmetricEncryptionAlgorithm.RsaPkcs15Sha1:
                     return RsaUtils.GetCipherTextBlockSize(receiverCertificate);
                 default:
                     return 1;
@@ -382,21 +364,17 @@ protected int GetAsymmetricHeaderSize(
         /// </summary>
         protected int GetAsymmetricSignatureSize(X509Certificate2 senderCertificate)
         {
-            switch (SecurityPolicyUri)
+            switch (SecurityPolicy.AsymmetricSignatureAlgorithm)
             {
-                case SecurityPolicies.Basic128Rsa15:
-                case SecurityPolicies.Basic256:
-                case SecurityPolicies.Basic256Sha256:
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha1:
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha256:
+                case AsymmetricSignatureAlgorithm.RsaPssSha256:
                     return RsaUtils.GetSignatureLength(senderCertificate);
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                    return EccUtils.GetSignatureLength(senderCertificate);
+                case AsymmetricSignatureAlgorithm.EcdsaSha256:
+                case AsymmetricSignatureAlgorithm.EcdsaSha384:
+                case AsymmetricSignatureAlgorithm.EcdsaPure25519:
+                case AsymmetricSignatureAlgorithm.EcdsaPure448:
+                    return CryptoUtils.GetSignatureLength(senderCertificate);
                 default:
                     return 0;
             }
@@ -534,13 +512,16 @@ protected BufferCollection WriteAsymmetricMessage(
             X509Certificate2 receiverCertificate,
             ArraySegment<byte> messageBody)
         {
+            byte[] unused = null;
             return WriteAsymmetricMessage(
                 messageType,
                 requestId,
                 senderCertificate,
                 null,
                 receiverCertificate,
-                messageBody);
+                messageBody,
+                null,
+                out unused);
         }
 
         /// <summary>
@@ -554,8 +535,12 @@ protected BufferCollection WriteAsymmetricMessage(
             X509Certificate2 senderCertificate,
             X509Certificate2Collection senderCertificateChain,
             X509Certificate2 receiverCertificate,
-            ArraySegment<byte> messageBody)
+            ArraySegment<byte> messageBody,
+            byte[] oscRequestSignature,
+            out byte[] signature)
         {
+            signature = null;
+
             bool success = false;
             var chunksToSend = new BufferCollection();
 
@@ -704,10 +689,30 @@ protected BufferCollection WriteAsymmetricMessage(
                     // put the message size after encryption into the header.
                     UpdateMessageSize(buffer, 0, cipherTextSize + headerSize);
 
+                    ArraySegment<byte> dataToSign;
+
+                    if (oscRequestSignature != null && SecurityPolicy.SecureChannelEnhancements)
+                    {
+                        // copy osc request signature if provided before verifying.
+                        dataToSign = new ArraySegment<byte>(
+                            buffer,
+                            0,
+                            encoder.Position + oscRequestSignature.Length);
+
+                        Array.Copy(
+                            oscRequestSignature,
+                            0,
+                            buffer,
+                            encoder.Position,
+                            oscRequestSignature.Length);
+                    }
+                    else
+                    {
+                        dataToSign = new ArraySegment<byte>(buffer, 0, encoder.Position);
+                    }
+
                     // write the signature.
-                    byte[] signature = Sign(
-                        new ArraySegment<byte>(buffer, 0, encoder.Position),
-                        senderCertificate);
+                    signature = Sign(dataToSign, senderCertificate);
 
                     if (signature != null)
                     {
@@ -748,6 +753,10 @@ protected BufferCollection WriteAsymmetricMessage(
 
                 // ensure the buffers don't get clean up on exit.
                 success = true;
+
+                Console.WriteLine($"OSC IN={TcpMessageType.KeyToString(messageBody)}");
+                Console.WriteLine($"OSC OUT={TcpMessageType.KeyToString(chunksToSend[0])}");
+
                 return chunksToSend;
             }
             catch (Exception ex)
@@ -961,6 +970,25 @@ protected virtual bool SetEndpointUrl(string endpointUrl)
             return false;
         }
 
+        /// <summary>
+        /// Computes the SecureChannelHash.
+        /// </summary>
+        protected void ComputeSecureChannelHash(byte[] signature)
+        {
+            SecureChannelHash = null;
+            if (SecurityPolicy.SecureChannelEnhancements)
+            {
+                HashAlgorithm hash = SecurityPolicy.KeyDerivationAlgorithm switch
+                {
+                    KeyDerivationAlgorithm.HKDFSha384 => SHA384.Create(),
+                    _ => SHA256.Create()
+                };
+
+                Console.WriteLine($"signature={TcpMessageType.KeyToString(signature)}");
+                SecureChannelHash = hash.ComputeHash(signature, 0, signature.Length);
+            }
+        }
+
         /// <summary>
         /// Processes an OpenSecureChannel request message.
         /// </summary>
@@ -971,8 +999,12 @@ protected ArraySegment<byte> ReadAsymmetricMessage(
             out uint channelId,
             out X509Certificate2 senderCertificate,
             out uint requestId,
-            out uint sequenceNumber)
+            out uint sequenceNumber,
+            byte[] oscRequestSignature,
+            out byte[] signature)
         {
+            signature = null;
+
             int headerSize;
             using (var decoder = new BinaryDecoder(buffer, Quotas.MessageContext))
             {
@@ -1079,20 +1111,39 @@ protected ArraySegment<byte> ReadAsymmetricMessage(
             // extract signature.
             int signatureSize = GetAsymmetricSignatureSize(senderCertificate);
 
-            byte[] signature = new byte[signatureSize];
+            signature = new byte[signatureSize];
 
             for (int ii = 0; ii < signatureSize; ii++)
             {
-                signature[ii] = plainText.Array[
-                    plainText.Offset + plainText.Count - signatureSize + ii];
+                signature[ii] = plainText.Array[plainText.Offset + plainText.Count - signatureSize + ii];
             }
 
-            // verify the signature.
-            var dataToVerify = new ArraySegment<byte>(
-                plainText.Array,
-                plainText.Offset,
-                plainText.Count - signatureSize);
+            ArraySegment<byte> dataToVerify;
 
+            if (oscRequestSignature != null && SecurityPolicy.SecureChannelEnhancements)
+            {
+                // copy osc request signature if provided before verifying.
+                dataToVerify = new ArraySegment<byte>(
+                    plainText.Array,
+                    plainText.Offset,
+                    plainText.Count - signatureSize + oscRequestSignature.Length);
+
+                Array.Copy(
+                    oscRequestSignature,
+                    dataToVerify.Offset,
+                    dataToVerify.Array,
+                    dataToVerify.Count - oscRequestSignature.Length,
+                    oscRequestSignature.Length);
+            }
+            else
+            {
+                dataToVerify = new ArraySegment<byte>(
+                    plainText.Array,
+                    plainText.Offset,
+                    plainText.Count - signatureSize);
+            }
+
+            // verify the signature.
             if (!Verify(dataToVerify, signature, senderCertificate))
             {
                 m_logger.LogWarning("Could not verify signature on message.");
@@ -1177,38 +1228,35 @@ protected ArraySegment<byte> ReadAsymmetricMessage(
         /// </remarks>
         protected byte[] Sign(ArraySegment<byte> dataToSign, X509Certificate2 senderCertificate)
         {
-            switch (SecurityPolicyUri)
+            var info = SecurityPolicies.GetInfo(SecurityPolicyUri);
+
+            switch (info.AsymmetricSignatureAlgorithm)
             {
-                case SecurityPolicies.Basic256:
-                case SecurityPolicies.Basic128Rsa15:
+                case AsymmetricSignatureAlgorithm.None:
+                    return null;
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha1:
                     return Rsa_Sign(
                         dataToSign,
                         senderCertificate,
                         HashAlgorithmName.SHA1,
                         RSASignaturePadding.Pkcs1);
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Basic256Sha256:
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha256:
                     return Rsa_Sign(
                         dataToSign,
                         senderCertificate,
                         HashAlgorithmName.SHA256,
                         RSASignaturePadding.Pkcs1);
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
+                case AsymmetricSignatureAlgorithm.RsaPssSha256:
                     return Rsa_Sign(
                         dataToSign,
                         senderCertificate,
                         HashAlgorithmName.SHA256,
                         RSASignaturePadding.Pss);
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                    return EccUtils.Sign(dataToSign, senderCertificate, HashAlgorithmName.SHA256);
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    return EccUtils.Sign(dataToSign, senderCertificate, HashAlgorithmName.SHA384);
+                case AsymmetricSignatureAlgorithm.EcdsaSha256:
+                case AsymmetricSignatureAlgorithm.EcdsaSha384:
+                    return CryptoUtils.Sign(dataToSign, senderCertificate, info.AsymmetricSignatureAlgorithm);
                 default:
-                    return null;
+                    throw new ServiceResultException(StatusCodes.BadSecurityPolicyRejected);
             }
         }
 
@@ -1225,50 +1273,40 @@ protected bool Verify(
             byte[] signature,
             X509Certificate2 senderCertificate)
         {
-            // verify signature.
-            switch (SecurityPolicyUri)
+            var info = SecurityPolicies.GetInfo(SecurityPolicyUri);
+
+            switch (info.AsymmetricSignatureAlgorithm)
             {
-                case SecurityPolicies.None:
+                case AsymmetricSignatureAlgorithm.None:
                     return true;
-                case SecurityPolicies.Basic128Rsa15:
-                case SecurityPolicies.Basic256:
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha1:
                     return Rsa_Verify(
                         dataToVerify,
                         signature,
                         senderCertificate,
                         HashAlgorithmName.SHA1,
                         RSASignaturePadding.Pkcs1);
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Basic256Sha256:
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha256:
                     return Rsa_Verify(
                         dataToVerify,
                         signature,
                         senderCertificate,
                         HashAlgorithmName.SHA256,
                         RSASignaturePadding.Pkcs1);
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
+                case AsymmetricSignatureAlgorithm.RsaPssSha256:
                     return Rsa_Verify(
                         dataToVerify,
                         signature,
                         senderCertificate,
                         HashAlgorithmName.SHA256,
                         RSASignaturePadding.Pss);
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                    return EccUtils.Verify(
+                case AsymmetricSignatureAlgorithm.EcdsaSha256:
+                case AsymmetricSignatureAlgorithm.EcdsaSha384:
+                    return CryptoUtils.Verify(
                         dataToVerify,
                         signature,
                         senderCertificate,
-                        HashAlgorithmName.SHA256);
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    return EccUtils.Verify(
-                        dataToVerify,
-                        signature,
-                        senderCertificate,
-                        HashAlgorithmName.SHA384);
+                        info.AsymmetricSignatureAlgorithm);
                 default:
                     return false;
             }
@@ -1298,6 +1336,8 @@ protected ArraySegment<byte> Encrypt(
                         receiverCertificate,
                         RsaUtils.Padding.OaepSHA1);
                 case SecurityPolicies.Aes256_Sha256_RsaPss:
+                case SecurityPolicies.RSA_DH_AES_GCM:
+                case SecurityPolicies.RSA_DH_ChaChaPoly:
                     return Rsa_Encrypt(
                         dataToEncrypt,
                         headerToCopy,
@@ -1309,6 +1349,25 @@ protected ArraySegment<byte> Encrypt(
                         headerToCopy,
                         receiverCertificate,
                         RsaUtils.Padding.Pkcs1);
+                case SecurityPolicies.ECC_nistP256:
+                case SecurityPolicies.ECC_nistP256_AES:
+                case SecurityPolicies.ECC_nistP256_ChaChaPoly:
+                case SecurityPolicies.ECC_brainpoolP256r1:
+                case SecurityPolicies.ECC_brainpoolP256r1_AES:
+                case SecurityPolicies.ECC_brainpoolP256r1_ChaChaPoly:
+                case SecurityPolicies.ECC_curve25519:
+                case SecurityPolicies.ECC_curve25519_AES:
+                case SecurityPolicies.ECC_curve25519_ChaChaPoly:
+                case SecurityPolicies.ECC_curve448:
+                case SecurityPolicies.ECC_curve448_AES:
+                case SecurityPolicies.ECC_curve448_ChaChaPoly:
+                case SecurityPolicies.ECC_nistP384:
+                case SecurityPolicies.ECC_nistP384_AES:
+                case SecurityPolicies.ECC_nistP384_ChaChaPoly:
+                case SecurityPolicies.ECC_brainpoolP384r1:
+                case SecurityPolicies.ECC_brainpoolP384r1_AES:
+                case SecurityPolicies.ECC_brainpoolP384r1_ChaChaPoly:
+                    goto default;
                 default:
                     byte[] encryptedBuffer = BufferManager.TakeBuffer(SendBufferSize, "Encrypt");
 
@@ -1355,6 +1414,8 @@ protected ArraySegment<byte> Decrypt(
                         receiverCertificate,
                         RsaUtils.Padding.OaepSHA1);
                 case SecurityPolicies.Aes256_Sha256_RsaPss:
+                case SecurityPolicies.RSA_DH_AES_GCM:
+                case SecurityPolicies.RSA_DH_ChaChaPoly:
                     return Rsa_Decrypt(
                         dataToDecrypt,
                         headerToCopy,
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Rsa.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Rsa.cs
index a03c2ba721..d4915b7286 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Rsa.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Rsa.cs
@@ -42,12 +42,21 @@ private static byte[] Rsa_Sign(
                     "No private key for certificate.");
 
             // create the signature.
-            return rsa.SignData(
+            var signature = rsa.SignData(
                 dataToSign.Array,
                 dataToSign.Offset,
                 dataToSign.Count,
                 algorithm,
                 padding);
+
+#if xDEBUG
+            var data = new ReadOnlySpan<byte>(dataToSign.Array, dataToSign.Offset, dataToSign.Count).ToArray()
+            Console.WriteLine($"dataToSign={TcpMessageType.KeyToString(data)}");
+            Console.WriteLine($"algorithm={algorithm} padding={padding}");
+            Console.WriteLine($"signingCertificate={signingCertificate.Thumbprint}");
+            Console.WriteLine($"signature={TcpMessageType.KeyToString(signature)}");
+#endif
+            return signature;
         }
 
         /// <summary>
@@ -68,6 +77,13 @@ private bool Rsa_Verify(
                     StatusCodes.BadSecurityChecksFailed,
                     "No public key for certificate.");
 
+#if xDEBUG
+            var data = new ReadOnlySpan<byte>(dataToVerify.Array, dataToVerify.Offset, dataToVerify.Count).ToArray()
+            Console.WriteLine($"dataToVerify={TcpMessageType.KeyToString(data)}");
+            Console.WriteLine($"algorithm={algorithm} padding={padding}");
+            Console.WriteLine($"signingCertificate={signingCertificate.Thumbprint}");
+            Console.WriteLine($"signature={TcpMessageType.KeyToString(signature)}");
+#endif
             // verify signature.
             if (!rsa.VerifyData(
                     dataToVerify.Array,
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
index 562272fbf7..dec6ec6358 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
@@ -135,13 +135,7 @@ protected void DiscardTokens()
         /// <exception cref="ServiceResultException"></exception>
         protected void CalculateSymmetricKeySizes()
         {
-            var securityPolicyUri = SecurityPolicyUri;
-            if (securityPolicyUri.StartsWith(SecurityPolicies.BaseUri, StringComparison.Ordinal))
-            {
-                securityPolicyUri = securityPolicyUri.Substring(SecurityPolicies.BaseUri.Length);
-            }
-
-            SecurityPolicyInfo info = SecurityPolicies.GetInfo(securityPolicyUri)
+            SecurityPolicyInfo info = SecurityPolicies.GetInfo(SecurityPolicyUri)
                 ?? throw ServiceResultException.Create(
                     StatusCodes.BadSecurityPolicyRejected,
                     "Unsupported security policy: {0}",
@@ -160,9 +154,15 @@ private void DeriveKeysWithPSHA(
             ChannelToken token,
             bool isServer)
         {
+            using HMAC hmac = Utils.CreateHMAC(algorithmName, secret);
+
             int length = m_signatureKeySize + m_encryptionKeySize + EncryptionBlockSize;
 
-            using HMAC hmac = Utils.CreateHMAC(algorithmName, secret);
+            if (!isServer && SecurityPolicy.SecureChannelEnhancements)
+            {
+                length += hmac.HashSize/8;
+            }
+      
             byte[] output = Utils.PSHA(hmac, null, seed, 0, length);
 
             byte[] signingKey = new byte[m_signatureKeySize];
@@ -184,6 +184,19 @@ private void DeriveKeysWithPSHA(
                 token.ClientSigningKey = signingKey;
                 token.ClientEncryptingKey = encryptingKey;
                 token.ClientInitializationVector = iv;
+                token.SessionActivationSecret = null;
+
+                if (SecurityPolicy.SecureChannelEnhancements)
+                {
+                    token.SessionActivationSecret = new byte[hmac.HashSize / 8];
+
+                    Buffer.BlockCopy(
+                        output,
+                        m_signatureKeySize + m_encryptionKeySize + EncryptionBlockSize,
+                        token.SessionActivationSecret,
+                        0,
+                        token.SessionActivationSecret.Length);
+                }
             }
         }
 
@@ -197,12 +210,32 @@ private void DeriveKeysWithHKDF(
                 token.SecurityPolicy.SymmetricEncryptionKeyLength +
                 token.SecurityPolicy.InitializationVectorLength;
 
+            int secretLength = 0;
+
+            if (!isServer && SecurityPolicy.SecureChannelEnhancements)
+            {
+                secretLength = token.SecurityPolicy.KeyDerivationAlgorithm switch
+                {
+                    KeyDerivationAlgorithm.HKDFSha256 => 32,
+                    KeyDerivationAlgorithm.HKDFSha384 => 48,
+                    _ => 32
+                };
+            }
+
+            length += secretLength;
+
             byte[] prk = m_localNonce.DeriveKey(
-                m_remoteNonce,
+                m_remoteNonce.Data,
                 salt,
-                token.SecurityPolicy.GetKeyDerivationHashAlgorithmName(),
+                token.SecurityPolicy.KeyDerivationAlgorithm,
                 length);
 
+#if xDEBUG
+            m_logger.LogWarning("LocalNonce={LocalNonce}", TcpMessageType.KeyToString(m_localNonce.Data));
+            m_logger.LogWarning("RemoteNonce={RemoteNonce}", TcpMessageType.KeyToString(m_remoteNonce.Data));
+            m_logger.LogWarning("PRK={PRK}", TcpMessageType.KeyToString(prk));
+#endif
+
             byte[] signingKey = new byte[m_signatureKeySize];
             byte[] encryptingKey = new byte[m_encryptionKeySize];
             byte[] iv = new byte[EncryptionBlockSize];
@@ -222,6 +255,19 @@ private void DeriveKeysWithHKDF(
                 token.ClientSigningKey = signingKey;
                 token.ClientEncryptingKey = encryptingKey;
                 token.ClientInitializationVector = iv;
+                token.SessionActivationSecret = null;
+
+                if (SecurityPolicy.SecureChannelEnhancements)
+                {
+                    token.SessionActivationSecret = new byte[secretLength];
+
+                    Buffer.BlockCopy(
+                        prk,
+                        m_signatureKeySize + m_encryptionKeySize + EncryptionBlockSize,
+                        token.SessionActivationSecret,
+                        0,
+                        token.SessionActivationSecret.Length);
+                }
             }
         }
 
@@ -230,22 +276,7 @@ private void DeriveKeysWithHKDF(
         /// </summary>
         protected void ComputeKeys(ChannelToken token)
         {
-            // Strip BaseUri prefix to get short name for dictionary lookup
-            var securityPolicyUri = SecurityPolicyUri;
-            if (securityPolicyUri.StartsWith(SecurityPolicies.BaseUri, StringComparison.Ordinal))
-            {
-                securityPolicyUri = securityPolicyUri.Substring(SecurityPolicies.BaseUri.Length);
-            }
-
-            token.SecurityPolicy = SecurityPolicies.GetInfo(securityPolicyUri);
-
-            if (token.SecurityPolicy == null)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityPolicyRejected,
-                    "Unsupported security policy: {0}",
-                    SecurityPolicyUri);
-            }
+            token.SecurityPolicy = SecurityPolicies.GetInfo(SecurityPolicyUri);
 
             if (SecurityMode == MessageSecurityMode.None)
             {
@@ -255,45 +286,53 @@ protected void ComputeKeys(ChannelToken token)
             byte[] serverSecret = token.ServerNonce;
             byte[] clientSecret = token.ClientNonce;
 
-            m_logger?.LogInformation(
-                "[ComputeKeys] KeyDerivationAlgorithm: {Algo}",
-                token.SecurityPolicy.KeyDerivationAlgorithm);
-
-            if (token.SecurityPolicy.KeyDerivationAlgorithm == KeyDerivationAlgorithm.PSha1 ||
-                token.SecurityPolicy.KeyDerivationAlgorithm == KeyDerivationAlgorithm.PSha256)
+            switch (token.SecurityPolicy.KeyDerivationAlgorithm)
             {
-                HashAlgorithmName algorithmName = token.SecurityPolicy.GetKeyDerivationHashAlgorithmName();
-                DeriveKeysWithPSHA(algorithmName, serverSecret, clientSecret, token, false);
-                DeriveKeysWithPSHA(algorithmName, clientSecret, serverSecret, token, true);
-            }
-            else
-            {
-                byte[] keyData = SecurityMode == MessageSecurityMode.Sign
-                    ? token.SecurityPolicy.KeyDataLength
-                    : token.SecurityPolicy.KeyDataLength;
-
-                byte[] serverSalt = Utils.Append(
-                    keyData,
-                    s_hkdfServerLabel,
-                    serverSecret,
-                    clientSecret);
-                byte[] clientSalt = Utils.Append(
-                    keyData,
-                    s_hkdfClientLabel,
-                    clientSecret,
-                    serverSecret);
-
-#if DEBUG
-                m_logger.LogDebug("KeyData={KeyData}", Utils.ToHexString(keyData));
-                m_logger.LogDebug("ClientSecret={ClientSecret}", Utils.ToHexString(clientSecret));
-                m_logger.LogDebug("ServerSecret={ServerSecret}", Utils.ToHexString(serverSecret));
-                m_logger.LogDebug("ServerSalt={ServerSalt}", Utils.ToHexString(serverSalt));
-                m_logger.LogDebug("ClientSalt={ClientSalt}", Utils.ToHexString(clientSalt));
+                case KeyDerivationAlgorithm.HKDFSha256:
+                case KeyDerivationAlgorithm.HKDFSha384:
+                {
+                    token.Secret = m_localNonce.GenerateSecret(m_remoteNonce, token.PreviousSecret);
+
+                    byte[] length = token.SecurityPolicy.KeyDataLength;
+
+                    byte[] serverSalt = Utils.Append(
+                        length,
+                        s_hkdfServerLabel,
+                        serverSecret,
+                        clientSecret);
+
+                    byte[] clientSalt = Utils.Append(
+                        length,
+                        s_hkdfClientLabel,
+                        clientSecret,
+                        serverSecret);
+
+                    DeriveKeysWithHKDF(token, serverSalt, true);
+                    DeriveKeysWithHKDF(token, clientSalt, false);
+
+#if xDEBUG
+                    m_logger.LogWarning("ServerSecret={ServerSecret}", TcpMessageType.KeyToString(serverSecret));
+                    m_logger.LogWarning("ClientSecret={ClientSecret}", TcpMessageType.KeyToString(clientSecret));
+                    m_logger.LogWarning("ServerSalt={ServerSalt}", TcpMessageType.KeyToString(serverSalt));
+                    m_logger.LogWarning("ClientSalt={ClientSalt}", TcpMessageType.KeyToString(clientSalt));
+                    m_logger.LogWarning("ServerEncryptingKey={ServerEncryptingKey}", TcpMessageType.KeyToString(token.ServerEncryptingKey));
+                    m_logger.LogWarning("ServerInitializationVector={ServerIV}", TcpMessageType.KeyToString(token.ServerInitializationVector));
+                    m_logger.LogWarning("ClientEncryptingKey={ClientEncryptingKey}", TcpMessageType.KeyToString(token.ClientEncryptingKey));
+                    m_logger.LogWarning("ClientInitializationVector={ClientIV}", TcpMessageType.KeyToString(token.ClientInitializationVector));
 #endif
+                    break;
+                }
 
-                DeriveKeysWithHKDF(token, serverSalt, true);
-                DeriveKeysWithHKDF(token, clientSalt, false);
+                default:
+                case KeyDerivationAlgorithm.PSha1:
+                case KeyDerivationAlgorithm.PSha256:
+                    HashAlgorithmName algorithmName = token.SecurityPolicy.GetKeyDerivationHashAlgorithmName();
+                    DeriveKeysWithPSHA(algorithmName, serverSecret, clientSecret, token, false);
+                    DeriveKeysWithPSHA(algorithmName, clientSecret, serverSecret, token, true);
+                    break;
             }
+
+            SessionActivationSecret = token.SessionActivationSecret;
         }
 
         /// <summary>
@@ -317,20 +356,21 @@ protected BufferCollection WriteSymmetricMessage(
                 int maxCipherTextSize = SendBufferSize - TcpMessageLimits.SymmetricHeaderSize;
                 int maxCipherBlocks = maxCipherTextSize / EncryptionBlockSize;
                 int maxPlainTextSize = maxCipherBlocks * EncryptionBlockSize;
+
+                int paddingCountSize =
+                    (SecurityMode != MessageSecurityMode.SignAndEncrypt || token.SecurityPolicy.NoSymmetricEncryptionPadding)
+                    ? 0
+                    : 1;
+
                 int maxPayloadSize =
                     maxPlainTextSize -
                     SymmetricSignatureSize -
-                    1 -
-                    TcpMessageLimits.SequenceHeaderSize;
+                    TcpMessageLimits.SequenceHeaderSize -
+                    paddingCountSize;
+
                 const int headerSize = TcpMessageLimits.SymmetricHeaderSize +
                     TcpMessageLimits.SequenceHeaderSize;
 
-                // no padding byte for authenticated encryption.
-                if (token.SecurityPolicy.NoSymmetricEncryptionPadding)
-                {
-                    maxPayloadSize++;
-                }
-
                 // write the body to stream.
                 var ostrm = new ArraySegmentStream(
                     BufferManager,
@@ -370,14 +410,13 @@ protected BufferCollection WriteSymmetricMessage(
                     byte[] buffer = BufferManager.TakeBuffer(
                         SendBufferSize,
                         "WriteSymmetricMessage");
+
                     chunksToProcess.Add(new ArraySegment<byte>(buffer, 0, 0));
                 }
 
+                //Console.WriteLine($"WriteSymmetricMessage:{chunksToProcess[0].Offset}:{chunksToProcess[0].Count}");
                 var chunksToSend = new BufferCollection(chunksToProcess.Capacity);
 
-#if NETSTANDARD2_1_OR_GREATER || NET6_0_OR_GREATER
-                Span<byte> paddingBuffer = stackalloc byte[EncryptionBlockSize];
-#endif
                 int messageSize = 0;
 
                 for (int ii = 0; ii < chunksToProcess.Count; ii++)
@@ -393,6 +432,7 @@ protected BufferCollection WriteSymmetricMessage(
 
                     var strm = new MemoryStream(chunkToProcess.Array, 0, SendBufferSize);
                     using var encoder = new BinaryEncoder(strm, Quotas.MessageContext, false);
+
                     // check if the message needs to be aborted.
                     if (MessageLimitsExceeded(
                         isRequest,
@@ -423,6 +463,7 @@ protected BufferCollection WriteSymmetricMessage(
 
                         limitsExceeded = true;
                     }
+
                     // check if the message is complete.
                     else if (ii == chunksToProcess.Count - 1)
                     {
@@ -438,28 +479,22 @@ protected BufferCollection WriteSymmetricMessage(
 
                     count += TcpMessageLimits.SequenceHeaderSize;
                     count += chunkToProcess.Count;
-                    count += SymmetricSignatureSize;
+                    count += paddingCountSize;
 
-                    // calculate the padding.
                     int padding = 0;
 
-                    if (SecurityMode == MessageSecurityMode.SignAndEncrypt &&
-                        !token.SecurityPolicy.NoSymmetricEncryptionPadding)
+                    if (paddingCountSize > 0)
                     {
-                        // reserve one byte for the padding size.
-                        count++;
+                        padding = EncryptionBlockSize - (count % EncryptionBlockSize);
 
-                        // use padding as helper to calc the real padding
-                        padding = count % EncryptionBlockSize;
-                        if (padding != 0)
+                        if (padding < EncryptionBlockSize)
                         {
-                            padding = EncryptionBlockSize - padding;
+                            count += padding;
                         }
-
-                        count += padding;
                     }
 
                     count += TcpMessageLimits.SymmetricHeaderSize;
+                    count += SymmetricSignatureSize;
 
                     encoder.WriteUInt32(null, (uint)count);
                     encoder.WriteUInt32(null, ChannelId);
@@ -467,7 +502,6 @@ protected BufferCollection WriteSymmetricMessage(
 
                     uint sequenceNumber = GetNewSequenceNumber();
                     encoder.WriteUInt32(null, sequenceNumber);
-
                     encoder.WriteUInt32(null, requestId);
 
                     // skip body.
@@ -476,63 +510,27 @@ protected BufferCollection WriteSymmetricMessage(
                     // update message size count.
                     messageSize += chunkToProcess.Count;
 
-                    // write padding.
-                    if (SecurityMode == MessageSecurityMode.SignAndEncrypt &&
-                        !token.SecurityPolicy.NoSymmetricEncryptionPadding)
-                    {
-#if NETSTANDARD2_1_OR_GREATER || NET6_0_OR_GREATER
-                        if (padding > 1)
-                        {
-                            Span<byte> buffer = paddingBuffer[..(padding + 1)];
-                            buffer.Fill((byte)padding);
-                            encoder.WriteRawBytes(buffer);
-                        }
-                        else
-#endif
-                        {
-                            for (int jj = 0; jj <= padding; jj++)
-                            {
-                                encoder.WriteByte(null, (byte)padding);
-                            }
-                        }
-                    }
+                    ArraySegment<byte> dataToSend;
 
-                    // calculate and write signature.
                     if (SecurityMode != MessageSecurityMode.None)
                     {
-                        if (token.SecurityPolicy.NoSymmetricEncryptionPadding)
-                        {
-                            strm.Seek(SymmetricSignatureSize, SeekOrigin.Current);
-                        }
-                        else
-                        {
-                            byte[] signature = Sign(
-                                token,
-                                new ArraySegment<byte>(chunkToProcess.Array, 0, encoder.Position),
-                                isRequest);
-
-                            if (signature != null)
-                            {
-                                encoder.WriteRawBytes(signature, 0, signature.Length);
-                            }
-                        }
-                    }
-
-                    if ((SecurityMode == MessageSecurityMode.SignAndEncrypt &&
-                        !token.SecurityPolicy.NoSymmetricEncryptionPadding) ||
-                        (SecurityMode != MessageSecurityMode.None && token.SecurityPolicy.NoSymmetricEncryptionPadding))
-                    {
-                        // encrypt the data.
-                        var dataToEncrypt = new ArraySegment<byte>(
+                        dataToSend = new ArraySegment<byte>(
                             chunkToProcess.Array,
                             TcpMessageLimits.SymmetricHeaderSize,
                             encoder.Position - TcpMessageLimits.SymmetricHeaderSize);
-                        Encrypt(token, dataToEncrypt, isRequest);
+
+                        dataToSend = EncryptAndSign(token, dataToSend, isRequest);
+                    }
+                    else
+                    {
+                        dataToSend = new ArraySegment<byte>(
+                            chunkToProcess.Array,
+                            0,
+                            encoder.Position);
                     }
 
                     // add the header into chunk.
-                    chunksToSend.Add(
-                        new ArraySegment<byte>(chunkToProcess.Array, 0, encoder.Position));
+                    chunksToSend.Add(dataToSend);
                 }
 
                 // ensure the buffers don't get cleaned up on exit.
@@ -547,6 +545,21 @@ protected BufferCollection WriteSymmetricMessage(
                 }
             }
         }
+        private ArraySegment<byte> EncryptAndSign(
+            ChannelToken token,
+            ArraySegment<byte> dataToEncrypt,
+            bool useClientKeys)
+        {
+            return CryptoUtils.SymmetricEncryptAndSign(
+                dataToEncrypt,
+                token.SecurityPolicy,
+                useClientKeys ? token.ClientEncryptingKey : token.ServerEncryptingKey,
+                useClientKeys ? token.ClientInitializationVector : token.ServerInitializationVector,
+                useClientKeys ? token.ClientSigningKey : token.ServerSigningKey,
+                this.SecurityMode == MessageSecurityMode.Sign,
+                token.TokenId,
+                (uint)(m_localSequenceNumber - 1)); // already incremented to create this message. need the last one sent.
+        }
 
         /// <summary>
         /// Decrypts and verifies a message chunk.
@@ -580,6 +593,7 @@ protected ArraySegment<byte> ReadSymmetricMessage(
             {
                 ActivateToken(RenewedToken);
             }
+
             // check if activation of the new token should be forced.
             else if (RenewedToken != null && CurrentToken.ActivationRequired)
             {
@@ -633,700 +647,55 @@ protected ArraySegment<byte> ReadSymmetricMessage(
 
             int headerSize = decoder.Position;
 
-            int decryptedCount = buffer.Count - headerSize;
-            if (SecurityMode == MessageSecurityMode.SignAndEncrypt)
-            {
-                // decrypt the message.
-                decryptedCount = Decrypt(
-                    token,
-                    new ArraySegment<byte>(
-                        buffer.Array,
-                        buffer.Offset + headerSize,
-                        buffer.Count - headerSize),
-                    isRequest);
-            }
+            var dataToProcess = new ArraySegment<byte>(
+                buffer.Array,
+                buffer.Offset,
+                buffer.Count);
 
-            int paddingCount = 0;
-            if (SecurityMode != MessageSecurityMode.None &&
-                !token.SecurityPolicy.NoSymmetricEncryptionPadding)
+            if (SecurityMode != MessageSecurityMode.None)
             {
-                int signatureStart =
-                    buffer.Offset +
-                    headerSize +
-                    decryptedCount -
-                    SymmetricSignatureSize;
-
-                // extract signature.
-                byte[] signature = new byte[SymmetricSignatureSize];
-                Array.Copy(buffer.Array, signatureStart, signature, 0, signature.Length);
-
-                // verify the signature.
-                if (!Verify(
-                        token,
-                        signature,
-                        new ArraySegment<byte>(
-                            buffer.Array,
-                            buffer.Offset,
-                            headerSize + decryptedCount - SymmetricSignatureSize),
-                        isRequest))
-                {
-                    m_logger.LogError("ChannelId {Id}: Could not verify signature on message.", Id);
-                    throw ServiceResultException.Create(
-                        StatusCodes.BadSecurityChecksFailed,
-                        "Could not verify the signature on the message.");
-                }
+                dataToProcess = new ArraySegment<byte>(
+                    buffer.Array,
+                    buffer.Offset + headerSize,
+                    buffer.Count - headerSize);
 
-                if (SecurityMode == MessageSecurityMode.SignAndEncrypt)
-                {
-                    // verify padding.
-                    int paddingStart = signatureStart - 1;
-                    paddingCount = buffer.Array[paddingStart];
-
-                    for (int ii = paddingStart - paddingCount; ii < paddingStart; ii++)
-                    {
-                        if (buffer.Array[ii] != paddingCount)
-                        {
-                            throw ServiceResultException.Create(
-                                StatusCodes.BadSecurityChecksFailed,
-                                "Could not verify the padding in the message.");
-                        }
-                    }
-
-                    // add byte for size.
-                    paddingCount++;
-                }
-            }
-            else if (SecurityMode != MessageSecurityMode.None)
-            {
-                // AEAD algorithms are verified during decrypt.
-                paddingCount = 0;
+                dataToProcess = DecryptAndVerify(
+                    token,
+                    dataToProcess,
+                    isRequest);
             }
 
             // extract request id and sequence number.
             sequenceNumber = decoder.ReadUInt32(null);
             requestId = decoder.ReadUInt32(null);
 
-            // return an the data contained in the message.
-            int startOfBody =
-                buffer.Offset +
-                TcpMessageLimits.SymmetricHeaderSize +
-                TcpMessageLimits.SequenceHeaderSize;
-            int sizeOfBody =
-                decryptedCount -
-                TcpMessageLimits.SequenceHeaderSize -
-                paddingCount -
-                (SecurityMode != MessageSecurityMode.None &&
-                 !token.SecurityPolicy.NoSymmetricEncryptionPadding
-                    ? SymmetricSignatureSize
-                    : 0);
-
-            return new ArraySegment<byte>(buffer.Array, startOfBody, sizeOfBody);
-        }
-
-        /// <summary>
-        /// Returns the symmetric signature for the data.
-        /// </summary>
-        protected byte[] Sign(ChannelToken token, ArraySegment<byte> dataToSign, bool useClientKeys)
-        {
-            switch (SecurityPolicyUri)
-            {
-                case SecurityPolicies.Basic128Rsa15:
-                case SecurityPolicies.Basic256:
-                case SecurityPolicies.Basic256Sha256:
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                case SecurityPolicies.ECC_nistP256:
-                    return SymmetricSign(token, dataToSign, useClientKeys);
-                default:
-                    return null;
-            }
-        }
+            headerSize += TcpMessageLimits.SequenceHeaderSize;
 
-        /// <summary>
-        /// Returns the symmetric signature for the data.
-        /// </summary>
-        protected bool Verify(
-            ChannelToken token,
-            byte[] signature,
-            ArraySegment<byte> dataToVerify,
-            bool useClientKeys)
-        {
-            // verify signature.
-            switch (SecurityPolicyUri)
-            {
-                case SecurityPolicies.None:
-                    return true;
-                case SecurityPolicies.Basic128Rsa15:
-                case SecurityPolicies.Basic256:
-                case SecurityPolicies.Basic256Sha256:
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    return SymmetricVerify(token, signature, dataToVerify, useClientKeys);
-                default:
-                    return false;
-            }
+            // return only the data contained in the message.
+            return new ArraySegment<byte>(
+                dataToProcess.Array,
+                dataToProcess.Offset + headerSize,
+                dataToProcess.Count - headerSize);
         }
 
-        /// <summary>
-        /// Encrypts and signs the data in a buffer using symmetric encryption.
-        /// </summary>
-        /// <exception cref="NotSupportedException"></exception>
-        protected void Encrypt(
-            ChannelToken token,
-            ArraySegment<byte> dataToEncrypt,
-            bool useClientKeys)
-        {
-            byte[] encryptingKey = useClientKeys ? token.ClientEncryptingKey : token.ServerEncryptingKey;
-            byte[] iv = useClientKeys ? token.ClientInitializationVector : token.ServerInitializationVector;
-            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
-
-            bool signOnly = SecurityMode == MessageSecurityMode.Sign;
-
-            if (SecurityPolicyUri == SecurityPolicies.None)
-            {
-                return;
-            }
-
-            // For CBC based policies the caller already applied padding and signatures.
-            if (token.SecurityPolicy.SymmetricEncryptionAlgorithm is SymmetricEncryptionAlgorithm.Aes128Cbc
-                or SymmetricEncryptionAlgorithm.Aes256Cbc)
-            {
-                if (signOnly)
-                {
-                    return;
-                }
-
-                using var aes = Aes.Create();
-                aes.Mode = CipherMode.CBC;
-                aes.Padding = PaddingMode.None;
-                aes.Key = encryptingKey;
-                aes.IV = iv;
-
-                using ICryptoTransform encryptor = aes.CreateEncryptor();
-                encryptor.TransformBlock(
-                    dataToEncrypt.Array,
-                    dataToEncrypt.Offset,
-                    dataToEncrypt.Count,
-                    dataToEncrypt.Array,
-                    dataToEncrypt.Offset);
-                return;
-            }
-
-            ArraySegment<byte> result = EccUtils.SymmetricEncryptAndSign(
-                dataToEncrypt,
-                token.SecurityPolicy,
-                encryptingKey,
-                iv,
-                signingKey,
-                signOnly);
-
-            // Copy result back to original buffer if different
-            if (result.Array != dataToEncrypt.Array || result.Offset != dataToEncrypt.Offset)
-            {
-                Buffer.BlockCopy(result.Array, result.Offset, dataToEncrypt.Array, dataToEncrypt.Offset, result.Count);
-            }
-        }
-
-        /// <summary>
-        /// Decrypts and verifies the data in a buffer using symmetric encryption.
-        /// </summary>
-        /// <exception cref="NotSupportedException"></exception>
-        protected int Decrypt(
+        private ArraySegment<byte> DecryptAndVerify(
             ChannelToken token,
             ArraySegment<byte> dataToDecrypt,
             bool useClientKeys)
         {
-            if (SecurityPolicyUri == SecurityPolicies.None)
-            {
-                return dataToDecrypt.Count;
-            }
-
-            byte[] encryptingKey = useClientKeys ? token.ClientEncryptingKey : token.ServerEncryptingKey;
-            byte[] iv = useClientKeys ? token.ClientInitializationVector : token.ServerInitializationVector;
-            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
-
-            bool signOnly = SecurityMode == MessageSecurityMode.Sign;
-
-            // For CBC based policies the caller will verify signatures and remove padding.
-            if (token.SecurityPolicy.SymmetricEncryptionAlgorithm is SymmetricEncryptionAlgorithm.Aes128Cbc
-                or SymmetricEncryptionAlgorithm.Aes256Cbc)
-            {
-                if (signOnly)
-                {
-                    return dataToDecrypt.Count;
-                }
-
-                using var aes = Aes.Create();
-                aes.Mode = CipherMode.CBC;
-                aes.Padding = PaddingMode.None;
-                aes.Key = encryptingKey;
-                aes.IV = iv;
-
-                using ICryptoTransform decryptor = aes.CreateDecryptor();
-                decryptor.TransformBlock(
-                    dataToDecrypt.Array,
-                    dataToDecrypt.Offset,
-                    dataToDecrypt.Count,
-                    dataToDecrypt.Array,
-                    dataToDecrypt.Offset);
-
-                return dataToDecrypt.Count;
-            }
-
-            ArraySegment<byte> result = EccUtils.SymmetricDecryptAndVerify(
+            return CryptoUtils.SymmetricDecryptAndVerify(
                 dataToDecrypt,
                 token.SecurityPolicy,
-                encryptingKey,
-                iv,
-                signingKey,
-                signOnly);
-
-            // Copy result back to original buffer if different
-            if (result.Array != dataToDecrypt.Array || result.Offset != dataToDecrypt.Offset)
-            {
-                Buffer.BlockCopy(result.Array, result.Offset, dataToDecrypt.Array, dataToDecrypt.Offset, result.Count);
-            }
-
-            // return the decrypted size (without authentication tag/padding)
-            return result.Count - dataToDecrypt.Offset;
-        }
-
-#if NETSTANDARD2_1_OR_GREATER || NET6_0_OR_GREATER
-        /// <summary>
-        /// Signs the message using HMAC.
-        /// </summary>
-        private static byte[] SymmetricSign(
-            ChannelToken token,
-            ReadOnlySpan<byte> dataToSign,
-            bool useClientKeys)
-        {
-            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
-
-            using HMAC hmac = token.SecurityPolicy.CreateSignatureHmac(signingKey);
-
-            // compute hash.
-            int hashSizeInBytes = hmac.HashSize >> 3;
-            byte[] signature = new byte[hashSizeInBytes];
-            bool result = hmac.TryComputeHash(dataToSign, signature, out int bytesWritten);
-
-            // check result
-            if (!result || bytesWritten != hashSizeInBytes)
-            {
-                ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "The computed hash doesn't match the expected size.");
-            }
-
-            // return signature.
-            return signature;
-        }
-#else
-        /// <summary>
-        /// Signs the message using HMAC.
-        /// </summary>
-        private static byte[] SymmetricSign(
-            ChannelToken token,
-            ArraySegment<byte> dataToSign,
-            bool useClientKeys)
-        {
-            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
-
-            using HMAC hmac = token.SecurityPolicy.CreateSignatureHmac(signingKey);
-            
-            // compute hash.
-            var istrm = new MemoryStream(
-                dataToSign.Array,
-                dataToSign.Offset,
-                dataToSign.Count,
-                false);
-            byte[] signature = hmac.ComputeHash(istrm);
-            istrm.Dispose();
-
-            // return signature.
-            return signature;
-        }
-#endif
-
-#if NETSTANDARD2_1_OR_GREATER || NET6_0_OR_GREATER
-        /// <summary>
-        /// Verifies a HMAC for a message.
-        /// </summary>
-        private bool SymmetricVerify(
-            ChannelToken token,
-            ReadOnlySpan<byte> signature,
-            ReadOnlySpan<byte> dataToVerify,
-            bool useClientKeys)
-        {
-            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
-
-            using HMAC hmac = token.SecurityPolicy.CreateSignatureHmac(signingKey);
-
-            // compute hash.
-            int hashSizeInBytes = hmac.HashSize >> 3;
-            Span<byte> computedSignature = stackalloc byte[hashSizeInBytes];
-            bool result = hmac.TryComputeHash(
-                dataToVerify,
-                computedSignature,
-                out int bytesWritten);
-            System.Diagnostics.Debug.Assert(bytesWritten == hashSizeInBytes);
-            // compare signatures.
-            if (!result || !computedSignature.SequenceEqual(signature))
-            {
-                string expectedSignature = Utils.ToHexString(computedSignature.ToArray());
-                string messageType = Encoding.UTF8.GetString(dataToVerify[..4]);
-                int messageLength = BitConverter.ToInt32(dataToVerify[4..]);
-                string actualSignature = Utils.ToHexString(signature);
-#else
-        /// <summary>
-        /// Verifies a HMAC for a message.
-        /// </summary>
-        private bool SymmetricVerify(
-            ChannelToken token,
-            byte[] signature,
-            ArraySegment<byte> dataToVerify,
-            bool useClientKeys)
-        {
-            byte[] signingKey = useClientKeys ? token.ClientSigningKey : token.ServerSigningKey;
-
-            using HMAC hmac = token.SecurityPolicy.CreateSignatureHmac(signingKey);
-
-            var istrm = new MemoryStream(
-                dataToVerify.Array,
-                dataToVerify.Offset,
-                dataToVerify.Count,
-                false);
-            byte[] computedSignature = hmac.ComputeHash(istrm);
-            istrm.Dispose();
-            // compare signatures.
-            if (!Utils.IsEqual(computedSignature, signature))
-            {
-                string expectedSignature = Utils.ToHexString(computedSignature);
-                string messageType = Encoding.UTF8
-                    .GetString(dataToVerify.Array, dataToVerify.Offset, 4);
-                int messageLength = BitConverter.ToInt32(
-                    dataToVerify.Array,
-                    dataToVerify.Offset + 4);
-                string actualSignature = Utils.ToHexString(signature);
-#endif
-                m_logger.LogError(
-                    "Channel{Id}: Could not validate signature. ChannelId={ChannelId}, TokenId={TokenId}, MessageType={MessageType}, Length={Length} ExpectedSignature={ExpectedSignature} ActualSignature={ActualSignature}",
-                    Id,
-                    token.ChannelId,
-                    token.TokenId,
-                    messageType,
-                    messageLength,
-                    expectedSignature,
-                    actualSignature);
-
-                return false;
-            }
-
-            return true;
-        }
-
-
-
-#if CURVE25519
-        /// <summary>
-        /// Encrypts a message using a symmetric algorithm.
-        /// </summary>
-        private static void SymmetricEncryptWithChaCha20Poly1305(
-            ChannelToken token,
-            uint lastSequenceNumber,
-            ArraySegment<byte> dataToEncrypt,
-            bool useClientKeys)
-        {
-            var signingKey = (useClientKeys) ? token.ClientSigningKey : token.ServerSigningKey;
-
-            if (signingKey == null)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "Token missing symmetric key object.");
-            }
-
-            var encryptingKey = (useClientKeys) ? token.ClientEncryptingKey : token.ServerEncryptingKey;
-
-            if (encryptingKey == null)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "Token missing symmetric key object.");
-            }
-
-            var iv = (useClientKeys) ? token.ClientInitializationVector : token.ServerInitializationVector;
-
-            if (iv == null)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "Token missing symmetric key object.");
-            }
-
-            // Utils.Trace($"EncryptKey={Utils.ToHexString(encryptingKey)}");
-            // Utils.Trace($"EncryptIV1={Utils.ToHexString(iv)}");
-            ApplyChaCha20Poly1305Mask(token, lastSequenceNumber, iv);
-            // Utils.Trace($"EncryptIV2={Utils.ToHexString(iv)}");
-
-            int signatureLength = 16;
-
-            var plaintext = dataToEncrypt.Array;
-            int headerSize = dataToEncrypt.Offset;
-            int plainTextLength = dataToEncrypt.Offset + dataToEncrypt.Count - signatureLength;
-
-            // Utils.Trace($"OUT={headerSize}|{plainTextLength}|{signatureLength}|[{plainTextLength + signatureLength}]");
-
-            AeadParameters parameters = new AeadParameters(
-                new KeyParameter(encryptingKey),
-                signatureLength * 8,
-                iv,
-                null);
-
-            ChaCha20Poly1305 encryptor = new ChaCha20Poly1305();
-            encryptor.Init(true, parameters);
-            encryptor.ProcessAadBytes(plaintext, 0, headerSize);
-
-            byte[] ciphertext = new byte[encryptor.GetOutputSize(plainTextLength - headerSize) + headerSize];
-            Buffer.BlockCopy(plaintext, 0, ciphertext, 0, headerSize);
-            int length = encryptor.ProcessBytes(
-                plaintext,
-                headerSize,
-                plainTextLength - headerSize,
-                ciphertext,
-                headerSize);
-            length += encryptor.DoFinal(ciphertext, length + headerSize);
-
-            if (ciphertext.Length - headerSize != length)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    $"Cipher text not the expected size. [{ciphertext.Length - headerSize} != {length}]");
-            }
-
-            Buffer.BlockCopy(ciphertext, 0, plaintext, 0, plainTextLength + signatureLength);
-
-            // byte[] mac = new byte[16];
-            // Buffer.BlockCopy(plaintext, plainTextLength, mac, 0, signatureLength);
-            // Utils.Trace($"EncryptMAC1={Utils.ToHexString(encryptor.GetMac())}");
-            // Utils.Trace($"EncryptMAC2={Utils.ToHexString(mac)}");
-        }
-
-        /// <summary>
-        /// Encrypts a message using a symmetric algorithm.
-        /// </summary>
-        private static void SymmetricSignWithPoly1305(
-            ChannelToken token,
-            uint lastSequenceNumber,
-            ArraySegment<byte> dataToEncrypt,
-            bool useClientKeys)
-        {
-            var signingKey = (useClientKeys) ? token.ClientSigningKey : token.ServerSigningKey;
-
-            if (signingKey == null)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "Token missing symmetric key object.");
-            }
-
-            ApplyChaCha20Poly1305Mask(token, lastSequenceNumber, signingKey);
-
-            using (var hash = SHA256.Create())
-            {
-                signingKey = hash.ComputeHash(signingKey);
-            }
-
-            // Utils.Trace($"SigningKey={Utils.ToHexString(signingKey)}");
-
-            int signatureLength = 16;
-
-            var plaintext = dataToEncrypt.Array;
-            int headerSize = dataToEncrypt.Offset;
-            int plainTextLength = dataToEncrypt.Offset + dataToEncrypt.Count - signatureLength;
-
-            // Utils.Trace($"OUT={headerSize}|{plainTextLength}|{signatureLength}|[{plainTextLength + signatureLength}]");
-
-            Poly1305 poly = new Poly1305();
-
-            poly.Init(new KeyParameter(signingKey, 0, signingKey.Length));
-            poly.BlockUpdate(plaintext, 0, plainTextLength);
-            int length = poly.DoFinal(plaintext, plainTextLength);
-
-            if (signatureLength != length)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    $"Signed data not the expected size. [{plainTextLength + signatureLength} != {length}]");
-            }
-        }
-
-        /// <summary>
-        /// Decrypts a message using a symmetric algorithm.
-        /// </summary>
-        private static void SymmetricDecryptWithChaCha20Poly1305(
-            ChannelToken token,
-            uint lastSequenceNumber,
-            ArraySegment<byte> dataToDecrypt,
-            bool useClientKeys)
-        {
-            var encryptingKey = (useClientKeys) ? token.ClientEncryptingKey : token.ServerEncryptingKey;
-
-            if (encryptingKey == null)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "Token missing symmetric key object.");
-            }
-
-            var iv = (useClientKeys) ? token.ClientInitializationVector : token.ServerInitializationVector;
-
-            if (iv == null)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "Token missing symmetric key object.");
-            }
-
-            // Utils.Trace($"DecryptKey={Utils.ToHexString(encryptingKey)}");
-            // Utils.Trace($"DecryptIV1={Utils.ToHexString(iv)}");
-            ApplyChaCha20Poly1305Mask(token, lastSequenceNumber, iv);
-            // Utils.Trace($"DecryptIV2={Utils.ToHexString(iv)}");
-
-            int signatureLength = 16;
-
-            var ciphertext = dataToDecrypt.Array;
-            int headerSize = dataToDecrypt.Offset;
-            int cipherTextLength = dataToDecrypt.Offset + dataToDecrypt.Count - signatureLength;
-
-            // Utils.Trace($"OUT={headerSize}|{cipherTextLength}|{signatureLength}|[{cipherTextLength + signatureLength}]");
-
-            byte[] mac = new byte[16];
-            Buffer.BlockCopy(ciphertext, cipherTextLength, mac, 0, signatureLength);
-            // Utils.Trace($"DecryptMAC={Utils.ToHexString(mac)}");
-
-            AeadParameters parameters = new AeadParameters(
-                new KeyParameter(encryptingKey),
-                signatureLength * 8,
-                iv,
-                null);
-
-            ChaCha20Poly1305 decryptor = new ChaCha20Poly1305();
-            decryptor.Init(false, parameters);
-            decryptor.ProcessAadBytes(ciphertext, 0, headerSize);
-
-            var plaintext = new byte[
-                decryptor.GetOutputSize(cipherTextLength + signatureLength - headerSize) + headerSize
-            ];
-            Buffer.BlockCopy(ciphertext, headerSize, plaintext, 0, headerSize);
-
-            int length = decryptor.ProcessBytes(
-                ciphertext,
-                headerSize,
-                cipherTextLength + signatureLength - headerSize,
-                plaintext,
-                headerSize);
-            length += decryptor.DoFinal(plaintext, length + headerSize);
-
-            if (plaintext.Length - headerSize != length)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    $"Plain text not the expected size. [{plaintext.Length - headerSize} != {length}]");
-            }
-
-            Buffer.BlockCopy(plaintext, 0, ciphertext, 0, cipherTextLength);
-        }
-
-        /// <summary>
-        /// Encrypts a message using a symmetric algorithm.
-        /// </summary>
-        private static void SymmetricVerifyWithPoly1305(
-            ChannelToken token,
-            uint lastSequenceNumber,
-            ArraySegment<byte> dataToDecrypt,
-            bool useClientKeys)
-        {
-            var signingKey = (useClientKeys) ? token.ClientSigningKey : token.ServerSigningKey;
-
-            if (signingKey == null)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "Token missing symmetric key object.");
-            }
-
-            ApplyChaCha20Poly1305Mask(token, lastSequenceNumber, signingKey);
-            // Utils.Trace($"SigningKey={Utils.ToHexString(signingKey)}");
-
-            using (var hash = SHA256.Create())
-            {
-                signingKey = hash.ComputeHash(signingKey);
-            }
-
-            int signatureLength = 16;
-
-            var plaintext = dataToDecrypt.Array;
-            int headerSize = dataToDecrypt.Offset;
-            int plainTextLength = dataToDecrypt.Offset + dataToDecrypt.Count - signatureLength;
-
-            // Utils.Trace($"OUT={headerSize}|{plainTextLength}|{signatureLength}|[{plainTextLength + signatureLength}]");
-
-            Poly1305 poly = new Poly1305();
-
-            poly.Init(new KeyParameter(signingKey, 0, signingKey.Length));
-            poly.BlockUpdate(plaintext, 0, plainTextLength);
-
-            byte[] mac = new byte[poly.GetMacSize()];
-            int length = poly.DoFinal(mac, 0);
-
-            if (signatureLength != length)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    $"Signed data not the expected size. [{plainTextLength + signatureLength} != {length}]");
-            }
-
-            for (int ii = 0; ii < mac.Length; ii++)
-            {
-                if (mac[ii] != plaintext[plainTextLength + ii])
-                {
-                    throw ServiceResultException.Create(StatusCodes.BadSecurityChecksFailed, $"Invaid MAC on data.");
-                }
-            }
-        }
-
-        private static void ApplyChaCha20Poly1305Mask(ChannelToken token, uint lastSequenceNumber, byte[] iv)
-        {
-            iv[0] ^= (byte)((token.TokenId & 0x000000FF));
-            iv[1] ^= (byte)((token.TokenId & 0x0000FF00) >> 8);
-            iv[2] ^= (byte)((token.TokenId & 0x00FF0000) >> 16);
-            iv[3] ^= (byte)((token.TokenId & 0xFF000000) >> 24);
-            iv[4] ^= (byte)((lastSequenceNumber & 0x000000FF));
-            iv[5] ^= (byte)((lastSequenceNumber & 0x0000FF00) >> 8);
-            iv[6] ^= (byte)((lastSequenceNumber & 0x00FF0000) >> 16);
-            iv[7] ^= (byte)((lastSequenceNumber & 0xFF000000) >> 24);
+                useClientKeys ? token.ClientEncryptingKey : token.ServerEncryptingKey,
+                useClientKeys ? token.ClientInitializationVector : token.ServerInitializationVector,
+                useClientKeys ? token.ClientSigningKey : token.ServerSigningKey,
+                this.SecurityMode == MessageSecurityMode.Sign,
+                token.TokenId,
+                (uint)m_remoteSequenceNumber);
         }
-#endif
 
         private static readonly byte[] s_hkdfClientLabel = Encoding.UTF8.GetBytes("opcua-client");
         private static readonly byte[] s_hkdfServerLabel = Encoding.UTF8.GetBytes("opcua-server");
-        private static readonly byte[] s_hkdfAes128SignOnlyKeyLength = BitConverter.GetBytes(
-            (ushort)32);
-        private static readonly byte[] s_hkdfAes256SignOnlyKeyLength = BitConverter.GetBytes(
-            (ushort)48);
-        private static readonly byte[] s_hkdfAes128SignAndEncryptKeyLength = BitConverter.GetBytes(
-            (ushort)64);
-        private static readonly byte[] s_hkdfAes256SignAndEncryptKeyLength = BitConverter.GetBytes(
-            (ushort)96);
-        private static readonly byte[] s_hkdfChaCha20Poly1305KeyLength = BitConverter.GetBytes(
-            (ushort)76);
         private int m_signatureKeySize;
         private int m_encryptionKeySize;
     }
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.cs
index 2e24e6729d..f396c3ad8b 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.cs
@@ -238,6 +238,18 @@ protected virtual void Dispose(bool disposing)
         /// </summary>
         public string GlobalChannelId { get; private set; }
 
+        /// <inheritdoc/>
+        internal byte[] SecureChannelHash { get; set; }
+
+        /// <inheritdoc/>
+        internal byte[] SessionActivationSecret { get; set; }
+
+        /// <inheritdoc/>
+        public byte[] ClientChannelCertificate { get; protected set; }
+
+        /// <inheritdoc/>
+        public byte[] ServerChannelCertificate { get; protected set; }
+
         /// <summary>
         /// Raised when the state of the channel changes.
         /// </summary>
@@ -271,7 +283,7 @@ protected void ChannelStateChanged(TcpChannelState state, ServiceResult reason)
         /// </summary>
         protected uint GetNewSequenceNumber()
         {
-            bool isLegacy = !EccUtils.IsEccPolicy(SecurityPolicyUri);
+            bool isLegacy = !CryptoUtils.IsEccPolicy(SecurityPolicyUri);
 
             long newSeqNumber = Interlocked.Increment(ref m_sequenceNumber);
             bool maxValueOverflow = isLegacy
@@ -320,8 +332,8 @@ protected bool VerifySequenceNumber(uint sequenceNumber, string context)
             // Accept the first sequence number depending on security policy
             if (m_firstReceivedSequenceNumber &&
                 (
-                    !EccUtils.IsEccPolicy(SecurityPolicyUri) ||
-                    (EccUtils.IsEccPolicy(SecurityPolicyUri) && (sequenceNumber == 0))))
+                    !CryptoUtils.IsEccPolicy(SecurityPolicyUri) ||
+                    (CryptoUtils.IsEccPolicy(SecurityPolicyUri) && (sequenceNumber == 0))))
             {
                 m_remoteSequenceNumber = sequenceNumber;
                 m_firstReceivedSequenceNumber = false;
@@ -342,8 +354,8 @@ protected bool VerifySequenceNumber(uint sequenceNumber, string context)
                 // only one rollover per token is allowed and with valid values depending on security policy
                 if (!m_sequenceRollover &&
                     (
-                        !EccUtils.IsEccPolicy(SecurityPolicyUri) ||
-                        (EccUtils.IsEccPolicy(SecurityPolicyUri) && (sequenceNumber == 0))))
+                        !CryptoUtils.IsEccPolicy(SecurityPolicyUri) ||
+                        (CryptoUtils.IsEccPolicy(SecurityPolicyUri) && (sequenceNumber == 0))))
                 {
                     m_sequenceRollover = true;
                     m_remoteSequenceNumber = sequenceNumber;
@@ -617,6 +629,8 @@ protected void BeginWriteMessage(BufferCollection buffers, object state)
 
             try
             {
+                m_logger.LogWarning("OUT:{Id}", TcpMessageType.GetTypeAndSize(buffers[0]));
+
                 Interlocked.Increment(ref m_activeWriteRequests);
                 args.BufferList = buffers;
                 args.Completed += OnWriteComplete;
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs
index 355c2b44f0..453cbde83b 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs
@@ -18,6 +18,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 using System.Diagnostics;
 using System.Globalization;
 using System.IO;
+using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading;
@@ -535,6 +536,11 @@ private void SendOpenSecureChannelRequest(bool renew)
             ChannelToken token = CreateToken();
             token.ClientNonce = CreateNonce(ClientCertificate);
 
+            if (renew)
+            {
+                token.PreviousSecret = CurrentToken?.Secret;
+            }
+
             // construct the request.
             var request = new OpenSecureChannelRequest();
             request.RequestHeader.Timestamp = DateTime.UtcNow;
@@ -549,6 +555,11 @@ private void SendOpenSecureChannelRequest(bool renew)
             // encode the request.
             byte[] buffer = BinaryEncoder.EncodeMessage(request, Quotas.MessageContext);
 
+            ClientChannelCertificate = ClientCertificate?.RawData;
+            ServerChannelCertificate = ServerCertificate?.RawData;
+
+            byte[] signature;
+
             // write the asymmetric message.
             BufferCollection? chunksToSend = WriteAsymmetricMessage(
                 TcpMessageType.Open,
@@ -556,7 +567,12 @@ private void SendOpenSecureChannelRequest(bool renew)
                 ClientCertificate,
                 ClientCertificateChain,
                 ServerCertificate,
-                new ArraySegment<byte>(buffer, 0, buffer.Length));
+                new ArraySegment<byte>(buffer, 0, buffer.Length),
+                m_oscRequestSignature,
+                out signature);
+
+            // don't keep signature if secure channel enhancements are not used.
+            m_oscRequestSignature = (SecurityPolicy.SecureChannelEnhancements) ? signature : null;
 
             // save token.
             m_requestedToken = token;
@@ -611,13 +627,29 @@ private bool ProcessOpenSecureChannelResponse(
             uint sequenceNumber;
             try
             {
+                byte[] signature;
+
+                Console.WriteLine($"OSC IN={TcpMessageType.KeyToString(messageChunk)}");
+
                 messageBody = ReadAsymmetricMessage(
                     messageChunk,
                     ClientCertificate,
                     out channelId,
                     out serverCertificate,
                     out requestId,
-                    out sequenceNumber);
+                    out sequenceNumber,
+                    m_oscRequestSignature,
+                    out signature);
+
+                if (PreviousToken == null)
+                {
+                    ComputeSecureChannelHash(signature);
+                }
+
+                Console.WriteLine($"OSC OUT={TcpMessageType.KeyToString(messageBody)}");
+                Console.WriteLine($"oscRequestSignature={TcpMessageType.KeyToString(m_oscRequestSignature)}");
+                Console.WriteLine($"signature={TcpMessageType.KeyToString(signature)}");
+                Console.WriteLine($"State={State}");
             }
             catch (Exception e)
             {
@@ -783,6 +815,8 @@ protected override bool HandleIncomingMessage(
             uint messageType,
             ArraySegment<byte> messageChunk)
         {
+            //m_logger.LogWarning("IN:{Size}", TcpMessageType.GetTypeAndSize(messageChunk));
+
             // process a response.
             if (TcpMessageType.IsType(messageType, TcpMessageType.Message))
             {
@@ -1748,5 +1782,6 @@ private bool ProcessResponseMessage(uint messageType, ArraySegment<byte> message
         private List<QueuedOperation>? m_queuedOperations;
         private readonly ILogger m_logger;
         private readonly ITelemetryContext m_telemetry;
+        private byte[]? m_oscRequestSignature;
     }
 }
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs
index 0b84cfee04..fa3ad84191 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs
@@ -104,7 +104,16 @@ public IServiceMessageContext MessageContext
             => m_quotas?.MessageContext ?? throw BadNotConnected();
 
         /// <inheritdoc/>
-        public ChannelToken? CurrentToken => m_channel?.CurrentToken;
+        public byte[] SecureChannelHash => m_channel?.SecureChannelHash ?? [];
+
+        /// <inheritdoc/>
+        public byte[] SessionActivationSecret => m_channel?.SessionActivationSecret ?? [];
+
+        /// <inheritdoc/>
+        public byte[] ClientChannelCertificate => m_channel?.ClientChannelCertificate ?? [];
+
+        /// <inheritdoc/>
+        public byte[] ServerChannelCertificate => m_channel?.ServerChannelCertificate ?? [];
 
         /// <inheritdoc/>
         public int OperationTimeout { get; set; }
@@ -428,6 +437,8 @@ private UaSCUaBinaryClientChannel CreateChannel(
                 }
             }
 
+            var id = Guid.NewGuid().ToString();
+
             // create the channel.
             var channel = new UaSCUaBinaryClientChannel(
                 Guid.NewGuid().ToString(),
diff --git a/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs b/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs
index 9d59e71634..772ae91045 100644
--- a/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs
@@ -34,11 +34,6 @@ public delegate void ChannelTokenActivatedEventHandler(
     /// </summary>
     public interface ISecureChannel
     {
-        /// <summary>
-        /// Gets the channel's current security token.
-        /// </summary>
-        ChannelToken? CurrentToken { get; }
-
         /// <summary>
         /// Register for token change events
         /// </summary>
@@ -99,6 +94,26 @@ public interface ITransportChannel : IDisposable
         /// </summary>
         EndpointConfiguration EndpointConfiguration { get; }
 
+        /// <summary>
+        /// The unique identifier for the secure channel.
+        /// </summary>
+        byte[] SecureChannelHash { get; }
+
+        /// <summary>
+        /// A secret used to re-activate sessions on a new secure channel.
+        /// </summary>
+        byte[] SessionActivationSecret { get; }
+
+        /// <summary>
+        /// The client certificate used to establsih the secure channel.
+        /// </summary>
+        byte[] ClientChannelCertificate { get; }
+
+        /// <summary>
+        /// The server certificate used to establsih the secure channel.
+        /// </summary>
+        byte[] ServerChannelCertificate { get; }
+
         /// <summary>
         /// Gets the context used when serializing messages exchanged
         /// via the channel. Throws if the channel is not yet opened.
diff --git a/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs b/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs
index 1e683d3be8..8f0029fb8f 100644
--- a/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs
@@ -41,8 +41,20 @@ public IServiceMessageContext MessageContext
             => throw Unexpected(nameof(MessageContext));
 
         /// <inheritdoc/>
-        public ChannelToken CurrentToken
-            => throw Unexpected(nameof(CurrentToken));
+        public byte[] SecureChannelHash
+            => throw Unexpected(nameof(SecureChannelHash));
+
+        /// <inheritdoc/>
+        public byte[] SessionActivationSecret
+            => throw Unexpected(nameof(SessionActivationSecret));
+
+        /// <inheritdoc/>
+        public byte[] ClientChannelCertificate
+            => throw Unexpected(nameof(ClientChannelCertificate));
+
+        /// <inheritdoc/>
+        public byte[] ServerChannelCertificate
+            => throw Unexpected(nameof(ServerChannelCertificate));
 
         /// <inheritdoc/>
         public int OperationTimeout { get; set; }
diff --git a/Stack/Opc.Ua.Core/Stack/Types/UserNameIdentityToken.cs b/Stack/Opc.Ua.Core/Stack/Types/UserNameIdentityToken.cs
index d7cfd9ba19..959660105d 100644
--- a/Stack/Opc.Ua.Core/Stack/Types/UserNameIdentityToken.cs
+++ b/Stack/Opc.Ua.Core/Stack/Types/UserNameIdentityToken.cs
@@ -58,7 +58,7 @@ public override void Encrypt(
             }
 
             // handle RSA encryption.
-            if (!EccUtils.IsEccPolicy(securityPolicyUri))
+            if (!CryptoUtils.IsEccPolicy(securityPolicyUri))
             {
                 byte[] dataToEncrypt = Utils.Append(DecryptedPassword, receiverNonce);
 
@@ -98,7 +98,7 @@ public override void Encrypt(
                     receiverCertificate,
                     receiverEphemeralKey,
                     senderCertificate,
-                    Nonce.CreateNonce(securityPolicyUri),
+                    Nonce.CreateNonce(SecurityPolicies.GetInfo(securityPolicyUri)),
                     null,
                     doNotEncodeSenderCertificate);
 
@@ -138,7 +138,7 @@ public override void Decrypt(
             }
 
             // handle RSA encryption.
-            if (!EccUtils.IsEccPolicy(securityPolicyUri))
+            if (!CryptoUtils.IsEccPolicy(securityPolicyUri))
             {
                 var encryptedData = new EncryptedData
                 {
diff --git a/Stack/Opc.Ua.Core/Stack/Types/X509IdentityToken.cs b/Stack/Opc.Ua.Core/Stack/Types/X509IdentityToken.cs
index 7dae91b6d1..e2e51ed695 100644
--- a/Stack/Opc.Ua.Core/Stack/Types/X509IdentityToken.cs
+++ b/Stack/Opc.Ua.Core/Stack/Types/X509IdentityToken.cs
@@ -50,9 +50,11 @@ public override SignatureData Sign(
             X509Certificate2 certificate = Certificate ??
                 CertificateFactory.Create(m_certificateData);
 
-            SignatureData signatureData = SecurityPolicies.Sign(
+            var info = SecurityPolicies.GetInfo(securityPolicyUri);
+
+            SignatureData signatureData = SecurityPolicies.CreateSignatureData(
+                info,
                 certificate,
-                securityPolicyUri,
                 dataToSign);
 
             m_certificateData = certificate.RawData;
@@ -75,11 +77,13 @@ public override bool Verify(
                 X509Certificate2 certificate = Certificate ??
                     CertificateFactory.Create(m_certificateData);
 
-                bool valid = SecurityPolicies.Verify(
+                var info = SecurityPolicies.GetInfo(securityPolicyUri);
+
+                bool valid = SecurityPolicies.VerifySignatureData(
+                    signatureData,
+                    info,
                     certificate,
-                    securityPolicyUri,
-                    dataToVerify,
-                    signatureData);
+                    dataToVerify);
 
                 m_certificateData = certificate.RawData;
 
diff --git a/Stack/Opc.Ua.Types/Diagnostics/TelemetryUtils.cs b/Stack/Opc.Ua.Types/Diagnostics/TelemetryUtils.cs
index 7cdbdadda8..0a9788e9da 100644
--- a/Stack/Opc.Ua.Types/Diagnostics/TelemetryUtils.cs
+++ b/Stack/Opc.Ua.Types/Diagnostics/TelemetryUtils.cs
@@ -141,7 +141,7 @@ public void Dispose()
             [Conditional("DEBUG")]
             private static void DebugCheck()
             {
-                Debug.Fail("Using a NullLogger");
+                //Debug.Fail("Using a NullLogger");
             }
         }
 
diff --git a/Stack/Opc.Ua.Types/Encoders/BinaryDecoder.cs b/Stack/Opc.Ua.Types/Encoders/BinaryDecoder.cs
index ef43b211dc..0d775566fa 100644
--- a/Stack/Opc.Ua.Types/Encoders/BinaryDecoder.cs
+++ b/Stack/Opc.Ua.Types/Encoders/BinaryDecoder.cs
@@ -228,7 +228,8 @@ public IEncodeable DecodeMessage(Type expectedType)
             // lookup message type.
             Type actualType =
                 Context.Factory.GetSystemType(absoluteId)
-                ?? throw ServiceResultException.Create(
+                ??
+                throw ServiceResultException.Create(
                     StatusCodes.BadDecodingError,
                     "Cannot decode message with type id: {0}.",
                     absoluteId);
diff --git a/UA Reference.sln b/UA Reference.sln
index 4ef54f8e4e..9915517938 100644
--- a/UA Reference.sln	
+++ b/UA Reference.sln	
@@ -70,6 +70,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Stack", "Stack", "{2DC9F7F3
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Opc.Ua.Types", "Stack\Opc.Ua.Types\Opc.Ua.Types.csproj", "{1A3E53FF-C13F-78A9-22B0-2045136C1904}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecurityTestClient", "Applications\SecurityTestClient\SecurityTestClient.csproj", "{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -213,6 +215,18 @@ Global
 		{1A3E53FF-C13F-78A9-22B0-2045136C1904}.Release|x64.Build.0 = Release|Any CPU
 		{1A3E53FF-C13F-78A9-22B0-2045136C1904}.Release|x86.ActiveCfg = Release|Any CPU
 		{1A3E53FF-C13F-78A9-22B0-2045136C1904}.Release|x86.Build.0 = Release|Any CPU
+		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Debug|x64.Build.0 = Debug|Any CPU
+		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Debug|x86.Build.0 = Debug|Any CPU
+		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Release|x64.ActiveCfg = Release|Any CPU
+		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Release|x64.Build.0 = Release|Any CPU
+		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Release|x86.ActiveCfg = Release|Any CPU
+		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -231,6 +245,7 @@ Global
 		{4B72937F-5A57-4CEA-B9FE-B4C45CF7B284} = {ACBF012E-08A7-4939-88CF-D6B610E35AC5}
 		{83CC0D9C-40CD-487A-BF45-C4A8C1B8BF69} = {07AA31A3-97A1-4A6F-9E88-97B5198997B7}
 		{1A3E53FF-C13F-78A9-22B0-2045136C1904} = {2DC9F7F3-6698-4875-88A3-50678170A810}
+		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8} = {07AA31A3-97A1-4A6F-9E88-97B5198997B7}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {33FA5BCB-C827-4D44-AECF-F51342DFE64A}

From a579c625296a3bdf3c4783d780d65c9dba488647 Mon Sep 17 00:00:00 2001
From: Randy Armstrong <randy@sparhawksoftware.com>
Date: Wed, 26 Nov 2025 19:36:59 -0800
Subject: [PATCH 05/15] Add support for SessionTransferToken. Removed obsolete
 SoftwareCertificate code.

---
 .../ConsoleReferenceClient/RunTest.cs         |  10 +-
 .../generate_user_certificate.ps1             |  13 +-
 .../Quickstarts.ReferenceServer.Config.xml    |  20 +--
 Libraries/Opc.Ua.Client/Session/Session.cs    | 140 +++++++-----------
 .../Opc.Ua.Server/Diagnostics/AuditEvents.cs  |  19 ---
 .../Opc.Ua.Server/Server/StandardServer.cs    | 110 ++++++--------
 Libraries/Opc.Ua.Server/Session/ISession.cs   |   7 +
 .../Opc.Ua.Server/Session/ISessionManager.cs  |  11 ++
 Libraries/Opc.Ua.Server/Session/Session.cs    |  46 ++++++
 .../Opc.Ua.Server/Session/SessionManager.cs   |  28 ++++
 .../Schema/SecuredApplicationHelpers.cs       |   8 +-
 .../Certificates/CertificateIdentifier.cs     |  12 +-
 .../Security/Certificates/CryptoUtils.cs      |   4 +-
 .../Security/Certificates/Nonce.cs            |   5 +
 .../Security/Constants/SecurityPolicies.cs    |  26 ++--
 .../Security/Constants/SecurityPolicyInfo.cs  | 117 +++++++++++++--
 Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs |  15 +-
 .../Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs |   4 +
 .../Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs |  29 ++--
 .../Stack/Tcp/UaSCBinaryChannel.Symmetric.cs  |   1 +
 .../Stack/Tcp/UaSCBinaryClientChannel.cs      |  14 +-
 21 files changed, 396 insertions(+), 243 deletions(-)

diff --git a/Applications/ConsoleReferenceClient/RunTest.cs b/Applications/ConsoleReferenceClient/RunTest.cs
index a129e6dbb6..469877b595 100644
--- a/Applications/ConsoleReferenceClient/RunTest.cs
+++ b/Applications/ConsoleReferenceClient/RunTest.cs
@@ -25,6 +25,7 @@ internal sealed class RunTest
         private ISession m_session;
 
         const string ServerUrl = "opc.tcp://localhost:62541";
+        //const string ServerUrl = "opc.tcp://WhiteCat:4880/Softing/OpcUa/TestServer";
         const int kMaxSearchDepth = 128;
         const int ReconnectPeriod = 1000;
         const int ReconnectPeriodExponentialBackoff = 15000;
@@ -107,9 +108,12 @@ public async Task<bool> RunAsync(ManualResetEvent quitEvent, CancellationToken c
                     ServerUrl,
                     ct).ConfigureAwait(false);
 
+                // endpoints = endpoints.Where(x => x.SecurityPolicyUri == SecurityPolicies.ECC_nistP256_AesGcm).ToList();
+
                 var endpointConfiguration = EndpointConfiguration.Create(m_configuration);
                 var sessionFactory = new DefaultSessionFactory(m_context);
                 var userNameidentity = new UserIdentity("sysadmin", new UTF8Encoding(false).GetBytes("demo"));
+                // var userNameidentity = new UserIdentity("usr", new UTF8Encoding(false).GetBytes("pwd"));
 
                 foreach (var ii in endpoints)
                 {
@@ -119,7 +123,7 @@ public async Task<bool> RunAsync(ManualResetEvent quitEvent, CancellationToken c
 
                     var certificateIdentity = await LoadUserCertificateAsync(thumbprint, "password", ct).ConfigureAwait(false);
 
-                    foreach (var identity in new UserIdentity[] { userNameidentity, certificateIdentity })
+                    foreach (var identity in new UserIdentity[] { userNameidentity })
                     {
                         try
                         {
@@ -144,7 +148,7 @@ public async Task<bool> RunAsync(ManualResetEvent quitEvent, CancellationToken c
 
                             m_logger.LogWarning("Waiting for SecureChannel renew");
 
-                            for (int count = 0; count < 10; count++)
+                            for (int count = 0; count < 15; count++)
                             {
                                 var result = await session.ReadAsync(
                                     null,
@@ -167,6 +171,8 @@ public async Task<bool> RunAsync(ManualResetEvent quitEvent, CancellationToken c
                                 await Task.Delay(5000, ct).ConfigureAwait(false);
                             }
 
+                            await session.UpdateSessionAsync(identity, null, ct).ConfigureAwait(false);
+
                             await session.CloseAsync(true, ct: ct).ConfigureAwait(false);
                         }
                         catch (Exception e)
diff --git a/Applications/ConsoleReferenceClient/generate_user_certificate.ps1 b/Applications/ConsoleReferenceClient/generate_user_certificate.ps1
index bb3a12a470..3174d24855 100644
--- a/Applications/ConsoleReferenceClient/generate_user_certificate.ps1
+++ b/Applications/ConsoleReferenceClient/generate_user_certificate.ps1
@@ -29,6 +29,8 @@ foreach ($d in @($certDir, $privateDir)) {
 foreach ($curve in $curves) {
 
     Write-Host "Generating certificate for curve: $curve"
+    
+    $signatureAlgorithm = if ($curve -match 'P384') { 'SHA384' } else { 'SHA256' }
 
     # Create certificate parameters and dynamically insert the curve
     $params = @{
@@ -38,10 +40,11 @@ foreach ($curve in $curves) {
             '2.5.29.37={text}1.3.6.1.5.5.7.3.2'
             '2.5.29.17={text}upn=iama.tester@example.com'
         )
-        KeyUsage          = 'DigitalSignature'
-        KeyAlgorithm      = "ECDSA_$curve"    # <-- dynamic!
-        CurveExport       = 'CurveName'
-        CertStoreLocation = 'Cert:\CurrentUser\My'
+        KeyUsage           = @('DigitalSignature', 'NonRepudiation')
+        KeyAlgorithm       = "ECDSA_$curve"    # <-- dynamic!
+        CurveExport        = 'CurveName'
+        HashAlgorithm = $signatureAlgorithm
+        CertStoreLocation  = 'Cert:\CurrentUser\My'
     }
 
     # 1. Create cert
@@ -68,7 +71,7 @@ $rsaParams = @{
         '2.5.29.37={text}1.3.6.1.5.5.7.3.2'
         '2.5.29.17={text}upn=iama.tester@example.com'
     )
-    KeyUsage          = 'DigitalSignature'
+    KeyUsage          = @('DigitalSignature','DataEncipherment','NonRepudiation','KeyEncipherment')
     KeyAlgorithm      = 'RSA'
     KeyLength         = 2048
     CertStoreLocation = 'Cert:\CurrentUser\My'
diff --git a/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml b/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
index f1cfad96bf..5ce4d8f4c5 100644
--- a/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
+++ b/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
@@ -140,27 +140,27 @@
         <SecurityMode>Sign_2</SecurityMode>
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss</SecurityPolicyUri>-->
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AES</SecurityPolicyUri>
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AesGcmGcm</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_ChaChaPoly</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384_AES</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_AES</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384_AesGcm</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_AesGcmGcm</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_ChaChaPoly</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_AES</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_AesGcmGcm</SecurityPolicyUri>-->
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>
       </ServerSecurityPolicy>
       <ServerSecurityPolicy>
         
         <SecurityMode>SignAndEncrypt_3</SecurityMode>
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss</SecurityPolicyUri>-->
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AES</SecurityPolicyUri>
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AesGcmGcm</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_ChaChaPoly</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384_AES</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384_AesGcm</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384_ChaChaPoly</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_AES</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_AesGcmGcm</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_ChaChaPoly</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_AES</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_AesGcmGcm</SecurityPolicyUri>-->
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>
       </ServerSecurityPolicy>
       <!--
       <ServerSecurityPolicy>
diff --git a/Libraries/Opc.Ua.Client/Session/Session.cs b/Libraries/Opc.Ua.Client/Session/Session.cs
index c8fbd97628..07b15386b7 100644
--- a/Libraries/Opc.Ua.Client/Session/Session.cs
+++ b/Libraries/Opc.Ua.Client/Session/Session.cs
@@ -1196,8 +1196,6 @@ await m_configuration
             byte[] serverCertificateData = response.ServerCertificate;
             SignatureData serverSignature = response.ServerSignature;
             EndpointDescriptionCollection serverEndpoints = response.ServerEndpoints;
-            SignedSoftwareCertificateCollection serverSoftwareCertificates = response
-                .ServerSoftwareCertificates;
 
             m_sessionTimeout = response.RevisedSessionTimeout;
             m_maxRequestMessageSize = response.MaxRequestMessageSize;
@@ -1233,8 +1231,6 @@ await m_configuration
                     m_clientNonce,
                     serverNonce);
 
-                HandleSignedSoftwareCertificates(serverSoftwareCertificates);
-
                 //  process additional header
                 ProcessResponseAdditionalHeader(response.ResponseHeader, serverCertificate);
 
@@ -1298,8 +1294,7 @@ await m_configuration
                     m_endpoint.Description.SecurityMode != MessageSecurityMode.None);
 
                 // send the software certificates assigned to the client.
-                SignedSoftwareCertificateCollection clientSoftwareCertificates
-                    = GetSoftwareCertificates();
+                SignedSoftwareCertificateCollection clientSoftwareCertificates = new();
 
                 // copy the preferred locales if provided.
                 if (preferredLocales != null && preferredLocales.Count > 0)
@@ -1309,14 +1304,14 @@ SignedSoftwareCertificateCollection clientSoftwareCertificates
 
                 // activate session.
                 ActivateSessionResponse activateResponse = await ActivateSessionAsync(
-                        null,
-                        clientSignature,
-                        clientSoftwareCertificates,
-                        m_preferredLocales,
-                        new ExtensionObject(identityToken),
-                        userTokenSignature,
-                        ct)
-                    .ConfigureAwait(false);
+                    null,
+                    clientSignature,
+                    clientSoftwareCertificates,
+                    m_preferredLocales,
+                    new ExtensionObject(identityToken),
+                    userTokenSignature,
+                    ct)
+                .ConfigureAwait(false);
 
                 //  process additional header
                 ProcessResponseAdditionalHeader(activateResponse.ResponseHeader, serverCertificate);
@@ -1337,12 +1332,6 @@ SignedSoftwareCertificateCollection clientSoftwareCertificates
                     }
                 }
 
-                if (clientSoftwareCertificates?.Count > 0 &&
-                    (certificateResults == null || certificateResults.Count == 0))
-                {
-                    m_logger.LogInformation("Empty results were received for the ActivateSession call.");
-                }
-
                 // fetch namespaces.
                 await FetchNamespaceTablesAsync(ct).ConfigureAwait(false);
 
@@ -1354,6 +1343,7 @@ SignedSoftwareCertificateCollection clientSoftwareCertificates
                     m_previousServerNonce = m_serverNonce;
                     m_serverNonce = serverNonce;
                     m_serverCertificate = serverCertificate;
+                    m_sessionActivationSecret = TransportChannel.SessionActivationSecret;
 
                     // update system context.
                     m_systemContext.PreferredLocales = m_preferredLocales;
@@ -1523,11 +1513,16 @@ public async Task UpdateSessionAsync(
                 m_endpoint.Description.SecurityMode != MessageSecurityMode.None);
 
             // send the software certificates assigned to the client.
-            SignedSoftwareCertificateCollection clientSoftwareCertificates
-                = GetSoftwareCertificates();
+            SignedSoftwareCertificateCollection clientSoftwareCertificates = new();
+
+            // during debugging send the sesson transfer token on all activations.
+            RequestHeader? requestHeader = null;
+#if DEBUG
+            requestHeader = CreateRequestHeaderForSessionActivationToken(securityPolicy);
+#endif
 
             ActivateSessionResponse response = await ActivateSessionAsync(
-                null,
+                requestHeader,
                 clientSignature,
                 clientSoftwareCertificates,
                 preferredLocales,
@@ -2396,8 +2391,7 @@ public async Task ReconnectAsync(
                     m_endpoint.Description.SecurityMode != MessageSecurityMode.None);
 
                 // send the software certificates assigned to the client.
-                SignedSoftwareCertificateCollection clientSoftwareCertificates
-                    = GetSoftwareCertificates();
+                SignedSoftwareCertificateCollection clientSoftwareCertificates = new();
 
                 m_logger.LogInformation("Session REPLACING channel for {SessionId}.", SessionId);
 
@@ -2465,7 +2459,14 @@ SignedSoftwareCertificateCollection clientSoftwareCertificates
 
                 m_logger.LogInformation("Session RE-ACTIVATING {SessionId}.", SessionId);
 
-                var header = new RequestHeader { TimeoutHint = kReconnectTimeout };
+                var header = CreateRequestHeaderForSessionActivationToken(securityPolicy);
+
+                if (header == null)
+                {
+                    header = new RequestHeader();
+                }
+
+                header.TimeoutHint = kReconnectTimeout;
 
                 using var timeout = CancellationTokenSource.CreateLinkedTokenSource(ct);
                 timeout.CancelAfter(TimeSpan.FromMilliseconds(kReconnectTimeout / 2));
@@ -2696,14 +2697,6 @@ public bool RemoveTransferredSubscription(Subscription subscription)
             return true;
         }
 
-        /// <summary>
-        /// Returns the software certificates assigned to the application.
-        /// </summary>
-        protected virtual SignedSoftwareCertificateCollection GetSoftwareCertificates()
-        {
-            return [];
-        }
-
         /// <summary>
         /// Handles an error when validating the application instance certificate provided by the server.
         /// </summary>
@@ -2715,26 +2708,6 @@ protected virtual void OnApplicationCertificateError(
             throw new ServiceResultException(result);
         }
 
-        /// <summary>
-        /// Handles an error when validating software certificates provided by the server.
-        /// </summary>
-        /// <exception cref="ServiceResultException"></exception>
-        protected virtual void OnSoftwareCertificateError(
-            SignedSoftwareCertificate signedCertificate,
-            ServiceResult result)
-        {
-            throw new ServiceResultException(result);
-        }
-
-        /// <summary>
-        /// Inspects the software certificates provided by the server.
-        /// </summary>
-        protected virtual void ValidateSoftwareCertificates(
-            List<SoftwareCertificate> softwareCertificates)
-        {
-            // always accept valid certificates.
-        }
-
         /// <summary>
         /// Starts a timer to check that the connection to the server is still available.
         /// </summary>
@@ -4234,38 +4207,6 @@ private static void UpdateDescription(
             return (result, error);
         }
 
-        /// <summary>
-        /// Handles the validation of server software certificates and application callback.
-        /// </summary>
-        private void HandleSignedSoftwareCertificates(
-            SignedSoftwareCertificateCollection serverSoftwareCertificates)
-        {
-            // get a validator to check certificates provided by server.
-            CertificateValidator validator = m_configuration.CertificateValidator;
-
-            // validate software certificates.
-            var softwareCertificates = new List<SoftwareCertificate>();
-
-            foreach (SignedSoftwareCertificate signedCertificate in serverSoftwareCertificates)
-            {
-                ServiceResult result = SoftwareCertificate.Validate(
-                    validator,
-                    signedCertificate.CertificateData,
-                    m_telemetry,
-                    out SoftwareCertificate softwareCertificate);
-
-                if (ServiceResult.IsBad(result))
-                {
-                    OnSoftwareCertificateError(signedCertificate, result);
-                }
-
-                softwareCertificates.Add(softwareCertificate);
-            }
-
-            // check if software certificates meet application requirements.
-            ValidateSoftwareCertificates(softwareCertificates);
-        }
-
         /// <summary>
         /// Processes the response from a publish request.
         /// </summary>
@@ -4877,6 +4818,32 @@ private RequestHeader CreateRequestHeaderPerUserTokenPolicy(
             return requestHeader;
         }
 
+        private RequestHeader? CreateRequestHeaderForSessionActivationToken(SecurityPolicyInfo securityPolicy)
+        {
+            if (m_sessionActivationSecret == null)
+            {
+                return null;
+            }
+
+            var sessionActivationToken = securityPolicy.CreateSessionActivationToken(
+                TransportChannel.SecureChannelHash,
+                m_sessionActivationSecret);
+
+            var requestHeader = new RequestHeader();
+            var parameters = new AdditionalParametersType();
+
+            parameters.Parameters.Add(
+                new KeyValuePair
+                {
+                    Key = AdditionalParameterNames.SessionTransferToken,
+                    Value = sessionActivationToken
+                });
+
+            requestHeader.AdditionalHeader = new ExtensionObject(parameters);
+      
+            return requestHeader;
+        }
+
         /// <summary>
         /// Create a subscription the provided item options
         /// </summary>
@@ -5030,6 +4997,7 @@ protected virtual void ProcessResponseAdditionalHeader(
         private byte[]? m_serverNonce;
         private byte[]? m_clientNonce;
         private byte[]? m_previousServerNonce;
+        private byte[]? m_sessionActivationSecret;
         private X509Certificate2? m_serverCertificate;
         private uint m_publishCounter;
         private int m_tooManyPublishRequests;
diff --git a/Libraries/Opc.Ua.Server/Diagnostics/AuditEvents.cs b/Libraries/Opc.Ua.Server/Diagnostics/AuditEvents.cs
index 4c9175f522..e6bf0a2d65 100644
--- a/Libraries/Opc.Ua.Server/Diagnostics/AuditEvents.cs
+++ b/Libraries/Opc.Ua.Server/Diagnostics/AuditEvents.cs
@@ -1078,25 +1078,6 @@ public static void ReportAuditActivateSessionEvent(
                     Utils.Clone(session?.IdentityToken),
                     false);
 
-                if (softwareCertificates != null)
-                {
-                    // build the list of SignedSoftwareCertificate
-                    var signedSoftwareCertificates = new List<SignedSoftwareCertificate>();
-                    foreach (SoftwareCertificate softwareCertificate in softwareCertificates)
-                    {
-                        var item = new SignedSoftwareCertificate
-                        {
-                            CertificateData = softwareCertificate.SignedCertificate.RawData
-                        };
-                        signedSoftwareCertificates.Add(item);
-                    }
-                    e.SetChildValue(
-                        systemContext,
-                        BrowseNames.ClientSoftwareCertificates,
-                        signedSoftwareCertificates.ToArray(),
-                        false);
-                }
-
                 server.ReportAuditEvent(systemContext, e);
             }
             catch (Exception e)
diff --git a/Libraries/Opc.Ua.Server/Server/StandardServer.cs b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
index e5428998c8..42597a9e0b 100644
--- a/Libraries/Opc.Ua.Server/Server/StandardServer.cs
+++ b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
@@ -738,63 +738,8 @@ public override async Task<ActivateSessionResponse> ActivateSessionAsync(
 
             try
             {
-                if (context?.SecurityPolicyUri != SecurityPolicies.None)
-                {
-                    bool diagnosticsExist = false;
-
-                    if ((context.DiagnosticsMask & DiagnosticsMasks.OperationAll) != 0)
-                    {
-                        diagnosticInfos = [];
-                    }
-
-                    results = [];
-                    diagnosticInfos = [];
-
-                    foreach (SignedSoftwareCertificate signedCertificate in clientSoftwareCertificates)
-                    {
-                        ServiceResult result = SoftwareCertificate.Validate(
-                            CertificateValidator,
-                            signedCertificate.CertificateData,
-                            m_serverInternal.Telemetry,
-                            out SoftwareCertificate softwareCertificate);
-
-                        if (ServiceResult.IsBad(result))
-                        {
-                            results.Add(result.Code);
-
-                            // add diagnostics if requested.
-                            if ((context.DiagnosticsMask & DiagnosticsMasks.OperationAll) != 0)
-                            {
-                                DiagnosticInfo diagnosticInfo = ServerUtils.CreateDiagnosticInfo(
-                                    ServerInternal,
-                                    context,
-                                    result,
-                                    m_logger);
-                                diagnosticInfos.Add(diagnosticInfo);
-                                diagnosticsExist = true;
-                            }
-                        }
-                        else
-                        {
-                            softwareCertificates.Add(softwareCertificate);
-                            results.Add(StatusCodes.Good);
-
-                            // add diagnostics if requested.
-                            if ((context.DiagnosticsMask & DiagnosticsMasks.OperationAll) != 0)
-                            {
-                                diagnosticInfos.Add(null);
-                            }
-                        }
-                    }
-
-                    if (!diagnosticsExist && diagnosticInfos != null)
-                    {
-                        diagnosticInfos.Clear();
-                    }
-                }
-
-                // check if certificates meet the server's requirements.
-                ValidateSoftwareCertificates(softwareCertificates);
+                // validate the session transfer token if provided.
+                VerifySessionTransferToken(context, requestHeader);
 
                 // activate the session.
                 (bool identityChanged, serverNonce) = await ServerInternal.SessionManager.ActivateSessionAsync(
@@ -815,6 +760,7 @@ public override async Task<ActivateSessionResponse> ActivateSessionAsync(
 
                 ISession session = ServerInternal.SessionManager
                     .GetSession(requestHeader.AuthenticationToken);
+
                 var parameters =
                     ExtensionObject.ToEncodeable(
                         requestHeader.AdditionalHeader) as AdditionalParametersType;
@@ -880,6 +826,46 @@ public override async Task<ActivateSessionResponse> ActivateSessionAsync(
             }
         }
 
+        /// <summary>
+        /// Verifies the session transfer token.
+        /// </summary>
+        protected bool VerifySessionTransferToken(OperationContext context, RequestHeader requestHeader)
+        {
+            byte[] sessionTransferToken = null;
+
+            var parameters =
+                ExtensionObject.ToEncodeable(
+                    requestHeader.AdditionalHeader) as AdditionalParametersType;
+
+            if (parameters != null)
+            {
+                foreach (KeyValuePair ii in parameters.Parameters)
+                {
+                    if (ii.Key == AdditionalParameterNames.SessionTransferToken)
+                    {
+                        if (ii.Value.TypeInfo != TypeInfo.Scalars.ByteString || ii.Value.Value is not byte[])
+                        {
+                            m_logger.LogWarning(
+                                "SessionTransferToken has an invalid DataType. Ignored.");
+                        }
+
+                        if (ii.Value.Value is byte[] token)
+                        {
+                            sessionTransferToken = token;
+                            break;
+                        } 
+                    }
+                }
+            }
+
+            ServerInternal.SessionManager.ValidateSessionTransferToken(
+                context,
+                requestHeader.AuthenticationToken,
+                sessionTransferToken);
+
+            return true;
+        }
+
         /// <summary>
         /// Returns whether the error is a security error.
         /// </summary>
@@ -2772,16 +2758,6 @@ protected virtual void OnApplicationCertificateError(
             throw new ServiceResultException(result);
         }
 
-        /// <summary>
-        /// Inspects the software certificates provided by the server.
-        /// </summary>
-        /// <param name="softwareCertificates">The software certificates.</param>
-        protected virtual void ValidateSoftwareCertificates(
-            List<SoftwareCertificate> softwareCertificates)
-        {
-            // always accept valid certificates.
-        }
-
         /// <summary>
         /// Verifies that the request header is valid.
         /// </summary>
diff --git a/Libraries/Opc.Ua.Server/Session/ISession.cs b/Libraries/Opc.Ua.Server/Session/ISession.cs
index 46e1d908ec..2410277c73 100644
--- a/Libraries/Opc.Ua.Server/Session/ISession.cs
+++ b/Libraries/Opc.Ua.Server/Session/ISession.cs
@@ -108,6 +108,13 @@ public interface ISession : IDisposable
         /// </summary>
         SessionDiagnosticsDataType SessionDiagnostics { get; }
 
+        /// <summary>
+        /// Validates a session transfer token before activating the session.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="sessionActivationToken"></param>
+        void ValidateSessionTransferToken(OperationContext context, byte[] sessionActivationToken);
+
         /// <summary>
         /// Activates the session and binds it to the current secure channel.
         /// </summary>
diff --git a/Libraries/Opc.Ua.Server/Session/ISessionManager.cs b/Libraries/Opc.Ua.Server/Session/ISessionManager.cs
index 1eb759c751..98f6bdf514 100644
--- a/Libraries/Opc.Ua.Server/Session/ISessionManager.cs
+++ b/Libraries/Opc.Ua.Server/Session/ISessionManager.cs
@@ -141,6 +141,17 @@ ValueTask<CreateSessionResult> CreateSessionAsync(
         /// and that the sequence number is not out of order (update requests only).
         /// </remarks>
         OperationContext ValidateRequest(RequestHeader requestHeader, SecureChannelContext secureChannelContext, RequestType requestType);
+
+        /// <summary>
+        /// Validates the session transfer token prior to processing an ActivateSession request.
+        /// </summary>
+        /// <param name="context">The operation context in which the validation is performed.</param>
+        /// <param name="authenticationToken">The authentication token associated with the session.</param>
+        /// <param name="sessionActivationToken">The activation token used to verify the session transfer.</param>
+        void ValidateSessionTransferToken(
+            OperationContext context,
+            NodeId authenticationToken,
+            byte[] sessionActivationToken);
     }
 
     /// <summary>
diff --git a/Libraries/Opc.Ua.Server/Session/Session.cs b/Libraries/Opc.Ua.Server/Session/Session.cs
index 4420a0d698..25ff062497 100644
--- a/Libraries/Opc.Ua.Server/Session/Session.cs
+++ b/Libraries/Opc.Ua.Server/Session/Session.cs
@@ -95,6 +95,8 @@ public Session(
             m_clientIssuerCertificates = clientCertificateChain;
 
             SecureChannelId = context.ChannelContext.SecureChannelId;
+            m_secureChannelHash = context.ChannelContext.SecureChannelHash;
+            m_sessionActivationSecret = context.ChannelContext.SessionActivationSecret;
             MaxBrowseContinuationPoints = maxBrowseContinuationPoints;
             m_maxHistoryContinuationPoints = maxHistoryContinuationPoints;
             EndpointDescription = context.ChannelContext.EndpointDescription;
@@ -560,6 +562,48 @@ public void ValidateBeforeActivate(
 
                 TraceState("VALIDATED");
             }
+
+        }
+
+        /// <inheritdoc/>
+        public void ValidateSessionTransferToken(
+            OperationContext context,
+            byte[] sessionActivationToken)
+        {
+            var newSecurityMode = context.ChannelContext.EndpointDescription.SecurityMode;
+            var oldSecurityMode = EndpointDescription.SecurityMode;
+
+            var newSecurityPolicyUri = context.ChannelContext.EndpointDescription.SecurityPolicyUri;
+            var oldSecurityPolicyUri = EndpointDescription.SecurityPolicyUri;
+
+            if (newSecurityMode != oldSecurityMode)
+            {
+                throw new ServiceResultException(StatusCodes.BadSecurityModeRejected);
+            }
+
+            if (newSecurityPolicyUri != oldSecurityPolicyUri)
+            {
+                throw new ServiceResultException(StatusCodes.BadSecurityPolicyRejected);
+            }
+
+            var info = SecurityPolicies.GetInfo(oldSecurityPolicyUri);
+
+            // check if session activation token is required.
+            if (sessionActivationToken == null)
+            {
+                if (newSecurityMode == MessageSecurityMode.Sign && info.SecureChannelEnhancements)
+                {
+                    throw new ServiceResultException(StatusCodes.BadApplicationSignatureInvalid);
+                }
+            }
+
+            if (!info.ValidateSessionActivationToken(
+                    sessionActivationToken,
+                    context.ChannelContext.SecureChannelHash,
+                    m_sessionActivationSecret))
+            {
+                throw new ServiceResultException(StatusCodes.BadApplicationSignatureInvalid);
+            }
         }
 
         /// <summary>
@@ -1298,6 +1342,8 @@ private void UpdateDiagnosticCounters(
         private readonly string m_sessionName;
         private X509Certificate2 m_serverCertificate;
         private Nonce m_serverNonce;
+        private byte[] m_secureChannelHash;
+        private byte[] m_sessionActivationSecret;
         private string m_eccUserTokenSecurityPolicyUri;
         private Nonce m_eccUserTokenNonce;
         private readonly X509Certificate2Collection m_clientIssuerCertificates;
diff --git a/Libraries/Opc.Ua.Server/Session/SessionManager.cs b/Libraries/Opc.Ua.Server/Session/SessionManager.cs
index b18fc7c903..ce8d198b81 100644
--- a/Libraries/Opc.Ua.Server/Session/SessionManager.cs
+++ b/Libraries/Opc.Ua.Server/Session/SessionManager.cs
@@ -534,6 +534,34 @@ EventHandler<ValidateSessionLessRequestEventArgs> handler
             }
         }
 
+        /// <summary>
+        /// Validates the session transfer token prior to processing an ActivateSession request.
+        /// </summary>
+        public void ValidateSessionTransferToken(
+            OperationContext context,
+            NodeId authenticationToken,
+            byte[] sessionActivationToken)
+        {
+            ISession session = null;
+
+            if (!m_sessions.TryGetValue(authenticationToken, out session))
+            {
+                throw new ServiceResultException(StatusCodes.BadSessionIdInvalid);
+            }
+
+            if (session.SecureChannelId != context.ChannelContext.SecureChannelId)
+            {
+                session.ValidateSessionTransferToken(context, sessionActivationToken);
+            }
+#if DEBUG
+            // always check when debugging.
+            else if (sessionActivationToken != null)
+            {
+                session.ValidateSessionTransferToken(context, sessionActivationToken);
+            }
+#endif
+        }
+
         /// <summary>
         /// Creates a new instance of a session.
         /// </summary>
diff --git a/Stack/Opc.Ua.Core/Schema/SecuredApplicationHelpers.cs b/Stack/Opc.Ua.Core/Schema/SecuredApplicationHelpers.cs
index 9125c18515..02cc3665cd 100644
--- a/Stack/Opc.Ua.Core/Schema/SecuredApplicationHelpers.cs
+++ b/Stack/Opc.Ua.Core/Schema/SecuredApplicationHelpers.cs
@@ -379,15 +379,15 @@ public static byte CalculateSecurityLevel(
                 case SecurityPolicies.Aes256_Sha256_RsaPss:
                     result = 10;
                     break;
-                case SecurityPolicies.ECC_brainpoolP256r1_AES:
+                case SecurityPolicies.ECC_brainpoolP256r1_AesGcm:
                 case SecurityPolicies.ECC_brainpoolP256r1_ChaChaPoly:
-                case SecurityPolicies.ECC_nistP256_AES:
+                case SecurityPolicies.ECC_nistP256_AesGcm:
                 case SecurityPolicies.ECC_nistP256_ChaChaPoly:
                     result = 12;
                     break;
-                case SecurityPolicies.ECC_nistP384_AES:
+                case SecurityPolicies.ECC_nistP384_AesGcm:
                 case SecurityPolicies.ECC_nistP384_ChaChaPoly:
-                case SecurityPolicies.ECC_brainpoolP384r1_AES:
+                case SecurityPolicies.ECC_brainpoolP384r1_AesGcm:
                 case SecurityPolicies.ECC_brainpoolP384r1_ChaChaPoly:
                     result = 14;
                     break;
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/CertificateIdentifier.cs b/Stack/Opc.Ua.Core/Security/Certificates/CertificateIdentifier.cs
index ce2f2d3193..422a75532d 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/CertificateIdentifier.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/CertificateIdentifier.cs
@@ -783,32 +783,32 @@ public static IList<NodeId> MapSecurityPolicyToCertificateTypes(string securityP
                     result.Add(ObjectTypeIds.RsaSha256ApplicationCertificateType);
                     break;
                 case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_nistP256_AES:
+                case SecurityPolicies.ECC_nistP256_AesGcm:
                 case SecurityPolicies.ECC_nistP256_ChaChaPoly:
                     result.Add(ObjectTypeIds.EccNistP256ApplicationCertificateType);
                     goto case SecurityPolicies.ECC_nistP384;
                 case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_nistP384_AES:
+                case SecurityPolicies.ECC_nistP384_AesGcm:
                 case SecurityPolicies.ECC_nistP384_ChaChaPoly:
                     result.Add(ObjectTypeIds.EccNistP384ApplicationCertificateType);
                     break;
                 case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_brainpoolP256r1_AES:
+                case SecurityPolicies.ECC_brainpoolP256r1_AesGcm:
                 case SecurityPolicies.ECC_brainpoolP256r1_ChaChaPoly:
                     result.Add(ObjectTypeIds.EccBrainpoolP256r1ApplicationCertificateType);
                     goto case SecurityPolicies.ECC_brainpoolP384r1;
                 case SecurityPolicies.ECC_brainpoolP384r1:
-                case SecurityPolicies.ECC_brainpoolP384r1_AES:
+                case SecurityPolicies.ECC_brainpoolP384r1_AesGcm:
                 case SecurityPolicies.ECC_brainpoolP384r1_ChaChaPoly:
                     result.Add(ObjectTypeIds.EccBrainpoolP384r1ApplicationCertificateType);
                     break;
                 case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve25519_AES:
+                case SecurityPolicies.ECC_curve25519_AesGcm:
                 case SecurityPolicies.ECC_curve25519_ChaChaPoly:
                     result.Add(ObjectTypeIds.EccCurve25519ApplicationCertificateType);
                     break;
                 case SecurityPolicies.ECC_curve448:
-                case SecurityPolicies.ECC_curve448_AES:
+                case SecurityPolicies.ECC_curve448_AesGcm:
                 case SecurityPolicies.ECC_curve448_ChaChaPoly:
                     result.Add(ObjectTypeIds.EccCurve448ApplicationCertificateType);
                     break;
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs b/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs
index 262db18009..d1705aad70 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs
@@ -793,7 +793,8 @@ private static ArraySegment<byte> EncryptWithAesGcm(
                 tag,
                 extraData);
 
-#if xDEBUG
+#if DEBUG
+            Console.WriteLine($"E.encryptingKey={TcpMessageType.KeyToString(encryptingKey)}");
             Console.WriteLine($"E.iv={TcpMessageType.KeyToString(iv)}");
             Console.WriteLine($"E.extraData={TcpMessageType.KeyToString(extraData.ToArray())}");
             Console.WriteLine($"E.tag={TcpMessageType.KeyToString(tag)}");
@@ -862,6 +863,7 @@ private static ArraySegment<byte> DecryptWithAesGcm(
             iv = ApplyAeadMask(tokenId, lastSequenceNumber, iv);
 
 #if xDEBUG
+            Console.WriteLine($"D.encryptingKey={TcpMessageType.KeyToString(encryptingKey)}");
             Console.WriteLine($"D.iv={TcpMessageType.KeyToString(iv)}");
             Console.WriteLine($"D.extraData={TcpMessageType.KeyToString(extraData.ToArray())}");
             Console.WriteLine($"D.tag={TcpMessageType.KeyToString(tag.ToArray())}");
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs b/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs
index 0ce941cc9b..adf8d85eec 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs
@@ -68,6 +68,8 @@ internal byte[] GenerateSecret(
 
             ikm = m_ecdh.DeriveRawSecretAgreement(remoteNonce.m_ecdh.PublicKey);
 
+            Console.WriteLine($"GenerateSecretRaw:ikm={Opc.Ua.Bindings.TcpMessageType.KeyToString(ikm)}");
+
             if (previousSecret != null)
             {
                 for (int ii = 0; ii < ikm.Length && ii < previousSecret.Length; ii++)
@@ -75,6 +77,9 @@ internal byte[] GenerateSecret(
                     ikm[ii] ^= previousSecret[ii];
                 }
             }
+
+            Console.WriteLine($"GenerateSecret:ikm={Opc.Ua.Bindings.TcpMessageType.KeyToString(ikm)}");
+            Console.WriteLine($"GenerateSecret:previousSecret={Opc.Ua.Bindings.TcpMessageType.KeyToString(previousSecret)}");
 #endif
             return ikm;
         }
diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
index 7fac64d318..0d2f62265a 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
@@ -84,7 +84,7 @@ public static class SecurityPolicies
         /// <summary>
         /// The URI for the ECC_nistP256 security policy with AES-GCM.
         /// </summary>
-        public const string ECC_nistP256_AES = ECC_nistP256 + "_AES";
+        public const string ECC_nistP256_AesGcm = ECC_nistP256 + "_AesGcm";
 
         /// <summary>
         /// The URI for the ECC_nistP256 security policy with ChaCha20Poly1305.
@@ -99,7 +99,7 @@ public static class SecurityPolicies
         /// <summary>
         /// The URI for the ECC_nistP384 security policy with AES-GCM.
         /// </summary>
-        public const string ECC_nistP384_AES = ECC_nistP384 + "_AES";
+        public const string ECC_nistP384_AesGcm = ECC_nistP384 + "_AesGcm";
 
         /// <summary>
         /// The URI for the ECC_nistP384 security policy with ChaCha20Poly1305.
@@ -114,7 +114,7 @@ public static class SecurityPolicies
         /// <summary>
         /// The URI for the ECC_brainpoolP256r1 security policy with AES-GCM.
         /// </summary>
-        public const string ECC_brainpoolP256r1_AES = ECC_brainpoolP256r1 + "_AES";
+        public const string ECC_brainpoolP256r1_AesGcm = ECC_brainpoolP256r1 + "_AesGcm";
 
         /// <summary>
         /// The URI for the ECC_brainpoolP256r1 security policy with ChaCha20Poly1305.
@@ -129,7 +129,7 @@ public static class SecurityPolicies
         /// <summary>
         /// The URI for the ECC_brainpoolP384r1 security policy with AES-GCM.
         /// </summary>
-        public const string ECC_brainpoolP384r1_AES = ECC_brainpoolP384r1 + "_AES";
+        public const string ECC_brainpoolP384r1_AesGcm = ECC_brainpoolP384r1 + "_AesGcm";
 
         /// <summary>
         /// The URI for the ECC_brainpoolP384r1 security policy with ChaCha20Poly1305.
@@ -137,14 +137,14 @@ public static class SecurityPolicies
         public const string ECC_brainpoolP384r1_ChaChaPoly = ECC_brainpoolP384r1 + "_ChaChaPoly";
 
         /// <summary>
-        /// The URI for the ECC_curve25519 security policy.
+        /// The URI for the ECC_curve25519 security policy.brainpoolP384r1_AesGcm
         /// </summary>
         public const string ECC_curve25519 = BaseUri + "ECC_curve25519";
 
         /// <summary>
         /// The URI for the ECC_curve25519 security policy with AES-GCM.
         /// </summary>
-        public const string ECC_curve25519_AES = ECC_curve25519 + "_AES";
+        public const string ECC_curve25519_AesGcm = ECC_curve25519 + "_AesGcm";
 
         /// <summary>
         /// The URI for the ECC_curve25519 security policy with ChaCha20Poly1305.
@@ -159,7 +159,7 @@ public static class SecurityPolicies
         /// <summary>
         /// The URI for the ECC_curve448 security policy with AES-GCM.
         /// </summary>
-        public const string ECC_curve448_AES = ECC_curve448 + "_AES";
+        public const string ECC_curve448_AesGcm = ECC_curve448 + "_AesGcm";
 
         /// <summary>
         /// The URI for the ECC_curve448 security policy with ChaCha20Poly1305.
@@ -197,28 +197,28 @@ private static bool IsPlatformSupportedName(string name)
                 return true;
             }
             if (name.Equals(nameof(ECC_nistP256), StringComparison.Ordinal) ||
-                name.Equals(nameof(ECC_nistP256_AES), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_nistP256_AesGcm), StringComparison.Ordinal) ||
                 name.Equals(nameof(ECC_nistP256_ChaChaPoly), StringComparison.Ordinal))
             {
                 return Utils.IsSupportedCertificateType(
                     ObjectTypeIds.EccNistP256ApplicationCertificateType);
             }
             if (name.Equals(nameof(ECC_nistP384), StringComparison.Ordinal) ||
-                name.Equals(nameof(ECC_nistP384_AES), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_nistP384_AesGcm), StringComparison.Ordinal) ||
                 name.Equals(nameof(ECC_nistP384_ChaChaPoly), StringComparison.Ordinal))
             {
                 return Utils.IsSupportedCertificateType(
                     ObjectTypeIds.EccNistP384ApplicationCertificateType);
             }
             if (name.Equals(nameof(ECC_brainpoolP256r1), StringComparison.Ordinal) ||
-                name.Equals(nameof(ECC_brainpoolP256r1_AES), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_brainpoolP256r1_AesGcm), StringComparison.Ordinal) ||
                 name.Equals(nameof(ECC_brainpoolP256r1_ChaChaPoly), StringComparison.Ordinal))
             {
                 return Utils.IsSupportedCertificateType(
                     ObjectTypeIds.EccBrainpoolP256r1ApplicationCertificateType);
             }
             if (name.Equals(nameof(ECC_brainpoolP384r1), StringComparison.Ordinal) ||
-                name.Equals(nameof(ECC_brainpoolP384r1_AES), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_brainpoolP384r1_AesGcm), StringComparison.Ordinal) ||
                 name.Equals(nameof(ECC_brainpoolP384r1_ChaChaPoly), StringComparison.Ordinal))
             {
                 return Utils.IsSupportedCertificateType(
@@ -226,10 +226,10 @@ private static bool IsPlatformSupportedName(string name)
             }
 
             if (name.Equals(nameof(ECC_curve25519), StringComparison.Ordinal) ||
-                name.Equals(nameof(ECC_curve25519_AES), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_curve25519_AesGcm), StringComparison.Ordinal) ||
                 name.Equals(nameof(ECC_curve25519_ChaChaPoly), StringComparison.Ordinal) ||
                 name.Equals(nameof(ECC_curve448), StringComparison.Ordinal) ||
-                name.Equals(nameof(ECC_curve448_AES), StringComparison.Ordinal) ||
+                name.Equals(nameof(ECC_curve448_AesGcm), StringComparison.Ordinal) ||
                 name.Equals(nameof(ECC_curve448_ChaChaPoly), StringComparison.Ordinal))
             {
 #if CURVE25519
diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
index 0660d76119..fd776d5f01 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
@@ -309,6 +309,103 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             };
         }
 
+        /// <summary>
+        /// Validates a session activation token.
+        /// </summary>
+        public bool ValidateSessionActivationToken(
+            byte[] sessionActivationToken,
+            byte[] newSecureChannelHash,
+            byte[] oldSessionActivatationSecret)
+        {
+            if (SecureChannelEnhancements == false)
+            {
+                // tokens are not used when secure channel enhancements are disabled.
+                return true;
+            }
+
+            if (sessionActivationToken == null || sessionActivationToken.Length == 0)
+            {
+                return false;
+            }
+
+            if (oldSessionActivatationSecret == null || oldSessionActivatationSecret.Length == 0)
+            {
+                return false;
+            }
+
+            if (newSecureChannelHash == null || newSecureChannelHash.Length == 0)
+            {
+                return false;
+            }
+
+            HMAC hmac;
+            
+            switch (KeyDerivationAlgorithm)
+            {
+                default:
+                case KeyDerivationAlgorithm.HKDFSha256:
+                    hmac = new HMACSHA256(oldSessionActivatationSecret);
+                    break;
+                case KeyDerivationAlgorithm.HKDFSha384:
+                    hmac = new HMACSHA384(oldSessionActivatationSecret);
+                    break;
+            }
+
+            using (hmac)
+            {
+                byte[] expectedToken = hmac.ComputeHash(newSecureChannelHash);
+
+                if (!Utils.IsEqual(expectedToken, sessionActivationToken))
+                {
+                    return false;
+                }
+            }
+
+            return true;
+        }
+
+        /// <summary>
+        /// Creats a session activation token.
+        /// </summary>
+        public byte[] CreateSessionActivationToken(
+            byte[] newSecureChannelHash,
+            byte[] oldSessionActivatationSecret)
+        {
+            if (SecureChannelEnhancements == false)
+            {
+                // tokens are not used when secure channel enhancements are disabled.
+                return null;
+            }
+
+            if (oldSessionActivatationSecret == null || oldSessionActivatationSecret.Length == 0)
+            {
+                return null;
+            }
+
+            if (newSecureChannelHash == null || newSecureChannelHash.Length == 0)
+            {
+                return null;
+            }
+
+            HMAC hmac;
+
+            switch (KeyDerivationAlgorithm)
+            {
+                default:
+                case KeyDerivationAlgorithm.HKDFSha256:
+                    hmac = new HMACSHA256(oldSessionActivatationSecret);
+                    break;
+                case KeyDerivationAlgorithm.HKDFSha384:
+                    hmac = new HMACSHA384(oldSessionActivatationSecret);
+                    break;
+            }
+
+            using (hmac)
+            {
+                return hmac.ComputeHash(newSecureChannelHash);
+            }
+        }
+
         /// <summary>
         /// The security policy that does not provide any security.
         /// </summary>
@@ -490,7 +587,7 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
         /// <summary>
         /// ECC curve25519 is a required minimum security policy. It uses AES-GCM for symmetric encryption.
         /// </summary>
-        public readonly static SecurityPolicyInfo ECC_curve25519_AES = new(SecurityPolicies.ECC_curve25519_AES)
+        public readonly static SecurityPolicyInfo ECC_curve25519_AesGcm = new(SecurityPolicies.ECC_curve25519_AesGcm)
         {
             DerivedSignatureKeyLength = 0,
             SymmetricEncryptionKeyLength = 128 / 8,
@@ -568,7 +665,7 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
         /// <summary>
         /// ECC curve448 is a required minimum security policy. It uses AES-GCM for symmetric encryption.
         /// </summary>
-        public readonly static SecurityPolicyInfo ECC_curve448_AES = new(SecurityPolicies.ECC_curve448_AES)
+        public readonly static SecurityPolicyInfo ECC_curve448_AesGcm = new(SecurityPolicies.ECC_curve448_AesGcm)
         {
             DerivedSignatureKeyLength = 0,
             SymmetricEncryptionKeyLength = 128 / 8,
@@ -644,12 +741,12 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
         };
 
         /// <summary>
-        /// The ECC_nistP256_AES is an ECC nistP256 variant that uses AES-GCM for symmetric encryption.
+        /// The ECC_nistP256_AesGcm is an ECC nistP256 variant that uses AES-GCM for symmetric encryption.
         /// </summary>
-        public readonly static SecurityPolicyInfo ECC_nistP256_AES = new(SecurityPolicies.ECC_nistP256_AES)
+        public readonly static SecurityPolicyInfo ECC_nistP256_AesGcm = new(SecurityPolicies.ECC_nistP256_AesGcm)
         {
             DerivedSignatureKeyLength = 0,
-            SymmetricEncryptionKeyLength = 128 / 8,
+            SymmetricEncryptionKeyLength = 256 / 8,
             InitializationVectorLength = 96 / 8,
             SymmetricSignatureLength = 128 / 8,
             MinAsymmetricKeyLength = 256,
@@ -670,7 +767,7 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
         };
 
         /// <summary>
-        /// The ECC_nistP256_AES is an ECC nistP256 variant that uses ChaCha20Poly1305 for symmetric encryption.
+        /// The ECC_nistP256_AesGcm is an ECC nistP256 variant that uses ChaCha20Poly1305 for symmetric encryption.
         /// </summary>
         public readonly static SecurityPolicyInfo ECC_nistP256_ChaChaPoly = new(SecurityPolicies.ECC_nistP256_ChaChaPoly)
         {
@@ -724,7 +821,7 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
         /// <summary>
         /// The ECC nistP384 is an optional high security policy that uses AES-GCM for symmetric encryption.
         /// </summary>
-        public readonly static SecurityPolicyInfo ECC_nistP384_AES = new(SecurityPolicies.ECC_nistP384_AES)
+        public readonly static SecurityPolicyInfo ECC_nistP384_AesGcm = new(SecurityPolicies.ECC_nistP384_AesGcm)
         {
             DerivedSignatureKeyLength = 0,
             SymmetricEncryptionKeyLength = 256 / 8,
@@ -800,9 +897,9 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
         };
 
         /// <summary>
-        /// The ECC_brainpoolP256r1_AES is an ECC brainpoolP256 variant that uses AES-GCM for symmetric encryption.
+        /// The ECC_brainpoolP256r1_AesGcm is an ECC brainpoolP256 variant that uses AES-GCM for symmetric encryption.
         /// </summary>
-        public readonly static SecurityPolicyInfo ECC_brainpoolP256r1_AES = new (SecurityPolicies.ECC_brainpoolP256r1_AES)
+        public readonly static SecurityPolicyInfo ECC_brainpoolP256r1_AesGcm = new (SecurityPolicies.ECC_brainpoolP256r1_AesGcm)
         {
             DerivedSignatureKeyLength = 0,
             SymmetricEncryptionKeyLength = 128 / 8,
@@ -880,7 +977,7 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
         /// <summary>
         /// The ECC brainpoolP384r1 is an optional high security policy that uses AES-GCM for symmetric encryption.
         /// </summary>
-        public readonly static SecurityPolicyInfo ECC_brainpoolP384r1_AES = new(SecurityPolicies.ECC_brainpoolP384r1_AES)
+        public readonly static SecurityPolicyInfo ECC_brainpoolP384r1_AesGcm = new(SecurityPolicies.ECC_brainpoolP384r1_AesGcm)
         {
             DerivedSignatureKeyLength = 0,
             SymmetricEncryptionKeyLength = 256 / 8,
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs b/Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs
index 2d0f4f3ebb..842bd793e4 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs
@@ -178,13 +178,24 @@ internal static string KeyToString(byte[] key)
                 return "0:---";
             }
 
+            byte checksum = 0;
+
+            foreach (var item in key)
+            {
+                checksum ^= item;
+            }
+
             if (key.Length <= 16)
             {
-                return key.Length.ToString(CultureInfo.InvariantCulture) + ":" + Utils.ToHexString(key);
+                return key.Length.ToString(CultureInfo.InvariantCulture) +
+                    ":" +
+                    Utils.ToHexString(key) +
+                    "=>" +
+                    checksum.ToString(CultureInfo.InvariantCulture);
             }
 
             var text = Utils.ToHexString(key);
-            return $"{key.Length}:{text.Substring(0, 8)}...{text.Substring(text.Length-8, 8)}";
+            return $"{key.Length}:{text.Substring(0, 8)}...{text.Substring(text.Length-8, 8)}=>{checksum}";
         }
     }
 
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs
index bb8185ffbf..39479cba4e 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs
@@ -903,6 +903,10 @@ private void SendOpenSecureChannelResponse(
                 ComputeSecureChannelHash(signature);
             }
 
+            Console.WriteLine($"OSC:m_oscRequestSignature={TcpMessageType.KeyToString(m_oscRequestSignature)}");
+            Console.WriteLine($"OSC:Signature={TcpMessageType.KeyToString(signature)}");
+            Console.WriteLine($"OSC:SecureChannelHash={TcpMessageType.KeyToString(SecureChannelHash)}");
+
             // write the message to the server.
             try
             {
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs
index ec408fe0eb..4f38b0385e 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs
@@ -719,6 +719,10 @@ protected BufferCollection WriteAsymmetricMessage(
                         encoder.WriteRawBytes(signature, 0, signature.Length);
                     }
 
+                    Console.WriteLine($"OSC:dataToSign={TcpMessageType.KeyToString(dataToSign)}");
+                    Console.WriteLine($"OSC:signature={TcpMessageType.KeyToString(signature)}");
+                    Console.WriteLine($"OSC:Thumbprint={senderCertificate?.Thumbprint}");
+
                     int messageSize = encoder.Close();
 
                     // encrypt the data.
@@ -754,9 +758,6 @@ protected BufferCollection WriteAsymmetricMessage(
                 // ensure the buffers don't get clean up on exit.
                 success = true;
 
-                Console.WriteLine($"OSC IN={TcpMessageType.KeyToString(messageBody)}");
-                Console.WriteLine($"OSC OUT={TcpMessageType.KeyToString(chunksToSend[0])}");
-
                 return chunksToSend;
             }
             catch (Exception ex)
@@ -984,8 +985,11 @@ protected void ComputeSecureChannelHash(byte[] signature)
                     _ => SHA256.Create()
                 };
 
-                Console.WriteLine($"signature={TcpMessageType.KeyToString(signature)}");
                 SecureChannelHash = hash.ComputeHash(signature, 0, signature.Length);
+
+                Console.ForegroundColor = ConsoleColor.Magenta;
+                Console.WriteLine($"SecureChannelHash={TcpMessageType.KeyToString(SecureChannelHash)}");
+                Console.ForegroundColor = ConsoleColor.White;
             }
         }
 
@@ -1143,6 +1147,11 @@ protected ArraySegment<byte> ReadAsymmetricMessage(
                     plainText.Count - signatureSize);
             }
 
+
+            Console.WriteLine($"OSC:dataToVerify={TcpMessageType.KeyToString(dataToVerify)}");
+            Console.WriteLine($"OSC:signature={TcpMessageType.KeyToString(signature)}");
+            Console.WriteLine($"OSC:Thumbprint={senderCertificate?.Thumbprint}");
+
             // verify the signature.
             if (!Verify(dataToVerify, signature, senderCertificate))
             {
@@ -1350,22 +1359,22 @@ protected ArraySegment<byte> Encrypt(
                         receiverCertificate,
                         RsaUtils.Padding.Pkcs1);
                 case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_nistP256_AES:
+                case SecurityPolicies.ECC_nistP256_AesGcm:
                 case SecurityPolicies.ECC_nistP256_ChaChaPoly:
                 case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_brainpoolP256r1_AES:
+                case SecurityPolicies.ECC_brainpoolP256r1_AesGcm:
                 case SecurityPolicies.ECC_brainpoolP256r1_ChaChaPoly:
                 case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve25519_AES:
+                case SecurityPolicies.ECC_curve25519_AesGcm:
                 case SecurityPolicies.ECC_curve25519_ChaChaPoly:
                 case SecurityPolicies.ECC_curve448:
-                case SecurityPolicies.ECC_curve448_AES:
+                case SecurityPolicies.ECC_curve448_AesGcm:
                 case SecurityPolicies.ECC_curve448_ChaChaPoly:
                 case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_nistP384_AES:
+                case SecurityPolicies.ECC_nistP384_AesGcm:
                 case SecurityPolicies.ECC_nistP384_ChaChaPoly:
                 case SecurityPolicies.ECC_brainpoolP384r1:
-                case SecurityPolicies.ECC_brainpoolP384r1_AES:
+                case SecurityPolicies.ECC_brainpoolP384r1_AesGcm:
                 case SecurityPolicies.ECC_brainpoolP384r1_ChaChaPoly:
                     goto default;
                 default:
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
index dec6ec6358..4c432ea313 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
@@ -249,6 +249,7 @@ private void DeriveKeysWithHKDF(
                 token.ServerSigningKey = signingKey;
                 token.ServerEncryptingKey = encryptingKey;
                 token.ServerInitializationVector = iv;
+                token.SessionActivationSecret = null;
             }
             else
             {
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs
index 453cbde83b..90dc254468 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs
@@ -558,6 +558,7 @@ private void SendOpenSecureChannelRequest(bool renew)
             ClientChannelCertificate = ClientCertificate?.RawData;
             ServerChannelCertificate = ServerCertificate?.RawData;
 
+            m_oscRequestSignature = null;
             byte[] signature;
 
             // write the asymmetric message.
@@ -629,8 +630,6 @@ private bool ProcessOpenSecureChannelResponse(
             {
                 byte[] signature;
 
-                Console.WriteLine($"OSC IN={TcpMessageType.KeyToString(messageChunk)}");
-
                 messageBody = ReadAsymmetricMessage(
                     messageChunk,
                     ClientCertificate,
@@ -641,15 +640,14 @@ private bool ProcessOpenSecureChannelResponse(
                     m_oscRequestSignature,
                     out signature);
 
-                if (PreviousToken == null)
+                if (State == TcpChannelState.Opening)
                 {
                     ComputeSecureChannelHash(signature);
                 }
 
-                Console.WriteLine($"OSC OUT={TcpMessageType.KeyToString(messageBody)}");
-                Console.WriteLine($"oscRequestSignature={TcpMessageType.KeyToString(m_oscRequestSignature)}");
-                Console.WriteLine($"signature={TcpMessageType.KeyToString(signature)}");
-                Console.WriteLine($"State={State}");
+                Console.WriteLine($"OSC:m_oscRequestSignature={TcpMessageType.KeyToString(m_oscRequestSignature)}");
+                Console.WriteLine($"OSC:signature={TcpMessageType.KeyToString(signature)}");
+                Console.WriteLine($"OSC:SecureChannelHash={TcpMessageType.KeyToString(SecureChannelHash)}");
             }
             catch (Exception e)
             {
@@ -815,7 +813,7 @@ protected override bool HandleIncomingMessage(
             uint messageType,
             ArraySegment<byte> messageChunk)
         {
-            //m_logger.LogWarning("IN:{Size}", TcpMessageType.GetTypeAndSize(messageChunk));
+            m_logger.LogWarning("IN:{Size}", TcpMessageType.GetTypeAndSize(messageChunk));
 
             // process a response.
             if (TcpMessageType.IsType(messageType, TcpMessageType.Message))

From e1dd3113f73232c0c5e8025f92dbc182ac1fe92f Mon Sep 17 00:00:00 2001
From: Randy Armstrong <randy@sparhawksoftware.com>
Date: Wed, 26 Nov 2025 20:10:24 -0800
Subject: [PATCH 06/15] Fix NonceLength for None.

---
 Libraries/Opc.Ua.Server/Server/StandardServer.cs           | 2 +-
 Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs | 2 +-
 Stack/Opc.Ua.Core/Stack/Configuration/ServerProperties.cs  | 6 ------
 3 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/Libraries/Opc.Ua.Server/Server/StandardServer.cs b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
index 42597a9e0b..21cd33c6b2 100644
--- a/Libraries/Opc.Ua.Server/Server/StandardServer.cs
+++ b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
@@ -529,7 +529,7 @@ X509Certificate2Collection clientCertificateChain
                     serverEndpoints = GetEndpointDescriptions(endpointUrl, BaseAddresses, null);
 
                     // return the software certificates assigned to the server.
-                    serverSoftwareCertificates = [.. ServerProperties.SoftwareCertificates];
+                    serverSoftwareCertificates = new();
 
                     // sign the nonce provided by the client.
                     serverSignature = null;
diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
index fd776d5f01..5f67d33c6a 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
@@ -417,7 +417,7 @@ public byte[] CreateSessionActivationToken(
             SymmetricSignatureLength = 0,
             MinAsymmetricKeyLength = 0,
             MaxAsymmetricKeyLength = 0,
-            SecureChannelNonceLength = 0,
+            SecureChannelNonceLength = 32,
             LegacySequenceNumbers = false,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.None,
diff --git a/Stack/Opc.Ua.Core/Stack/Configuration/ServerProperties.cs b/Stack/Opc.Ua.Core/Stack/Configuration/ServerProperties.cs
index 780a41e78f..90c4f7218c 100644
--- a/Stack/Opc.Ua.Core/Stack/Configuration/ServerProperties.cs
+++ b/Stack/Opc.Ua.Core/Stack/Configuration/ServerProperties.cs
@@ -31,7 +31,6 @@ public ServerProperties()
             BuildNumber = string.Empty;
             BuildDate = DateTime.MinValue;
             DatatypeAssemblies = [];
-            SoftwareCertificates = [];
         }
 
         /// <summary>
@@ -68,10 +67,5 @@ public ServerProperties()
         /// The assemblies that contain encodeable types that could be uses a variable values.
         /// </summary>
         public StringCollection DatatypeAssemblies { get; }
-
-        /// <summary>
-        /// The software certificates granted to the server.
-        /// </summary>
-        public SignedSoftwareCertificateCollection SoftwareCertificates { get; }
     }
 }

From 9ecf7c9c08a72403ac83db456015865a1dbfdf0a Mon Sep 17 00:00:00 2001
From: Randy Armstrong <randy@sparhawksoftware.com>
Date: Mon, 8 Dec 2025 09:28:53 -0800
Subject: [PATCH 07/15] Add support for RSA_DH, more fixes from IOP testings.

---
 .../ConsoleReferenceClient/Program.cs         |  17 +
 .../ConsoleReferenceClient/RunTest.cs         |  12 +-
 .../Quickstarts.ReferenceServer.Config.xml    |  21 +-
 .../ReferenceServer/ReferenceServer.cs        |  30 +-
 Libraries/Opc.Ua.Client/Session/Session.cs    | 177 ++++---
 .../Opc.Ua.Server/Server/StandardServer.cs    |  22 +-
 Libraries/Opc.Ua.Server/Session/ISession.cs   |   9 +-
 Libraries/Opc.Ua.Server/Session/Session.cs    |  39 +-
 .../Schema/SecuredApplicationHelpers.cs       |   4 +
 .../Certificates/CertificateIdentifier.cs     |   2 +-
 .../Security/Certificates/CryptoUtils.cs      | 442 ++++++++++++++---
 .../Security/Certificates/EncryptedSecret.cs  | 296 ++++++-----
 .../Security/Certificates/Nonce.cs            | 468 +++++++++++++-----
 .../Security/Constants/SecurityPolicies.cs    |  72 +--
 .../Security/Constants/SecurityPolicyInfo.cs  | 131 +++--
 .../Stack/Client/ClientChannelManager.cs      |   2 +-
 .../Stack/Https/HttpsTransportChannel.cs      |   2 +-
 .../Stack/Server/SecureChannelContext.cs      |   8 +-
 .../Stack/Tcp/TcpListenerChannel.cs           |  65 ---
 Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs |  34 --
 .../Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs | 104 +++-
 .../Stack/Tcp/TcpTransportListener.cs         |   2 +-
 .../Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs | 255 ++++------
 .../Stack/Tcp/UaSCBinaryChannel.Rsa.cs        |  14 -
 .../Stack/Tcp/UaSCBinaryChannel.Symmetric.cs  | 115 ++---
 .../Stack/Tcp/UaSCBinaryChannel.cs            |   6 +-
 .../Stack/Tcp/UaSCBinaryClientChannel.cs      |  26 +-
 .../Stack/Tcp/UaSCBinaryTransportChannel.cs   |   2 +-
 .../Stack/Transport/ITransportChannel.cs      |   2 +-
 .../Stack/Transport/NullChannel.cs            |   4 +-
 .../Stack/Types/UserNameIdentityToken.cs      |  16 +-
 31 files changed, 1487 insertions(+), 912 deletions(-)

diff --git a/Applications/ConsoleReferenceClient/Program.cs b/Applications/ConsoleReferenceClient/Program.cs
index 5d47b107ac..4f9909aa5a 100644
--- a/Applications/ConsoleReferenceClient/Program.cs
+++ b/Applications/ConsoleReferenceClient/Program.cs
@@ -54,6 +54,23 @@ public static class Program
         /// <exception cref="ErrorExitException"></exception>
         public static async Task Main(string[] args)
         {
+            //foreach (var group in Enum.GetValues(typeof(RSADiffieHellmanGroup)))
+            //{
+            //    var alice = RSADiffieHellman.Create((RSADiffieHellmanGroup)group);
+            //    var bob = RSADiffieHellman.Create((RSADiffieHellmanGroup)group);
+
+            //    var aliceNonce = alice.GetNonce();
+            //    var bobNonce = bob.GetNonce();
+
+            //    var bobAtAlice = RSADiffieHellman.Create(bobNonce);
+            //    var aliceAtBob = RSADiffieHellman.Create(aliceNonce);
+
+            //    var secret1 = alice.DeriveRawSecretAgreement(bobAtAlice);
+            //    CryptoTrace.WriteLine(CryptoTrace.KeyToString(secret1));
+            //    var secret2 = bob.DeriveRawSecretAgreement(aliceAtBob);
+            //    CryptoTrace.WriteLine(CryptoTrace.KeyToString(secret2));
+            //}
+
             Console.WriteLine("OPC UA Console Reference Client");
 
             Console.WriteLine(
diff --git a/Applications/ConsoleReferenceClient/RunTest.cs b/Applications/ConsoleReferenceClient/RunTest.cs
index 469877b595..482e122285 100644
--- a/Applications/ConsoleReferenceClient/RunTest.cs
+++ b/Applications/ConsoleReferenceClient/RunTest.cs
@@ -123,7 +123,7 @@ public async Task<bool> RunAsync(ManualResetEvent quitEvent, CancellationToken c
 
                     var certificateIdentity = await LoadUserCertificateAsync(thumbprint, "password", ct).ConfigureAwait(false);
 
-                    foreach (var identity in new UserIdentity[] { userNameidentity })
+                    foreach (var identity in new UserIdentity[] { userNameidentity, certificateIdentity })
                     {
                         try
                         {
@@ -147,8 +147,9 @@ public async Task<bool> RunAsync(ManualResetEvent quitEvent, CancellationToken c
                                 ct).ConfigureAwait(false);
 
                             m_logger.LogWarning("Waiting for SecureChannel renew");
+                            await session.UpdateSessionAsync(identity, null, ct).ConfigureAwait(false);
 
-                            for (int count = 0; count < 15; count++)
+                            for (int count = 0; count < 8; count++)
                             {
                                 var result = await session.ReadAsync(
                                     null,
@@ -188,7 +189,10 @@ public async Task<bool> RunAsync(ManualResetEvent quitEvent, CancellationToken c
                             ii.SecurityMode);
 
                         m_logger.LogWarning("{Line}", new string('=', 80));
+                        //break;
                     }
+
+                    //break;
                 }
 
                 Console.WriteLine("Ctrl-C to stop.");
@@ -476,10 +480,12 @@ BrowseDescriptionCollection browseDescriptionCollection
                         {
                             // a real application needs to use secure randomness
 #pragma warning disable CA5394 // Do not use insecure randomness
-                            var padding = new byte[random.Next() % 4096];
+                            var padding = new byte[random.Next() % 128];
                             random.NextBytes(padding);
 #pragma warning restore CA5394 // Do not use insecure randomness
 
+                            m_logger.LogWarning("Sending Padding with {Length} Bytes", padding.Length);
+
                             requestHeader = new RequestHeader
                             {
                                 AdditionalHeader = new ExtensionObject(new Opc.Ua.AdditionalParametersType()
diff --git a/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml b/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
index 5ce4d8f4c5..41fe629bca 100644
--- a/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
+++ b/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
@@ -140,27 +140,32 @@
         <SecurityMode>Sign_2</SecurityMode>
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AesGcmGcm</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AesGcm</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_ChaChaPoly</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384_AesGcm</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_AesGcmGcm</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384_ChaChaPoly</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_AesGcm</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_ChaChaPoly</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_AesGcmGcm</SecurityPolicyUri>-->
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_AesGcm</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>-->
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_AesGcm</SecurityPolicyUri>
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_ChaChaPoly</SecurityPolicyUri>-->
       </ServerSecurityPolicy>
       <ServerSecurityPolicy>
         
         <SecurityMode>SignAndEncrypt_3</SecurityMode>
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AesGcmGcm</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AesGcm</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_ChaChaPoly</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384_AesGcm</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP384_ChaChaPoly</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_AesGcmGcm</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_AesGcm</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_ChaChaPoly</SecurityPolicyUri>-->
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_AesGcmGcm</SecurityPolicyUri>-->
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_AesGcm</SecurityPolicyUri>-->
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>-->
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_AesGcm</SecurityPolicyUri>
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_ChaChaPoly</SecurityPolicyUri>-->
       </ServerSecurityPolicy>
       <!--
       <ServerSecurityPolicy>
diff --git a/Applications/Quickstarts.Servers/ReferenceServer/ReferenceServer.cs b/Applications/Quickstarts.Servers/ReferenceServer/ReferenceServer.cs
index e296054226..089b4c372a 100644
--- a/Applications/Quickstarts.Servers/ReferenceServer/ReferenceServer.cs
+++ b/Applications/Quickstarts.Servers/ReferenceServer/ReferenceServer.cs
@@ -228,21 +228,21 @@ public override UserTokenPolicyCollection GetUserTokenPolicies(
                 description);
 
             // sample how to modify default user token policies
-            if (description.SecurityPolicyUri == SecurityPolicies.Aes256_Sha256_RsaPss &&
-                description.SecurityMode == MessageSecurityMode.SignAndEncrypt)
-            {
-                return [.. policies.Where(u => u.TokenType != UserTokenType.Certificate)];
-            }
-            else if (description.SecurityPolicyUri == SecurityPolicies.Aes128_Sha256_RsaOaep &&
-                description.SecurityMode == MessageSecurityMode.Sign)
-            {
-                return [.. policies.Where(u => u.TokenType != UserTokenType.Anonymous)];
-            }
-            else if (description.SecurityPolicyUri == SecurityPolicies.Aes128_Sha256_RsaOaep &&
-                description.SecurityMode == MessageSecurityMode.SignAndEncrypt)
-            {
-                return [.. policies.Where(u => u.TokenType != UserTokenType.UserName)];
-            }
+            //if (description.SecurityPolicyUri == SecurityPolicies.Aes256_Sha256_RsaPss &&
+            //    description.SecurityMode == MessageSecurityMode.SignAndEncrypt)
+            //{
+            //    return [.. policies.Where(u => u.TokenType != UserTokenType.Certificate)];
+            //}
+            //else if (description.SecurityPolicyUri == SecurityPolicies.Aes128_Sha256_RsaOaep &&
+            //    description.SecurityMode == MessageSecurityMode.Sign)
+            //{
+            //    return [.. policies.Where(u => u.TokenType != UserTokenType.Anonymous)];
+            //}
+            //else if (description.SecurityPolicyUri == SecurityPolicies.Aes128_Sha256_RsaOaep &&
+            //    description.SecurityMode == MessageSecurityMode.SignAndEncrypt)
+            //{
+            //    return [.. policies.Where(u => u.TokenType != UserTokenType.UserName)];
+            //}
             return policies;
         }
 
diff --git a/Libraries/Opc.Ua.Client/Session/Session.cs b/Libraries/Opc.Ua.Client/Session/Session.cs
index 07b15386b7..484bb06507 100644
--- a/Libraries/Opc.Ua.Client/Session/Session.cs
+++ b/Libraries/Opc.Ua.Client/Session/Session.cs
@@ -1239,7 +1239,7 @@ await m_configuration
 
                 // create the client signature.
                 byte[] dataToSign = securityPolicy.GetClientSignatureData(
-                    TransportChannel.SecureChannelHash,
+                    TransportChannel.ChannelThumbprint,
                     serverNonce,
                     serverCertificate?.RawData,
                     TransportChannel.ServerChannelCertificate,
@@ -1267,31 +1267,38 @@ await m_configuration
                     m_previousServerNonce,
                     m_endpoint.Description.SecurityMode);
 
-                // sign data with user token.
-                dataToSign = securityPolicy.GetUserTokenSignatureData(
-                    TransportChannel.SecureChannelHash,
-                    serverNonce,
-                    serverCertificate?.RawData,
-                    TransportChannel.ServerChannelCertificate,
-                    m_instanceCertificate?.RawData,
-                    TransportChannel.ClientChannelCertificate,
-                    m_clientNonce ?? []);
+                SignatureData? userTokenSignature = null;
 
-                SignatureData userTokenSignature = identityToken.Sign(
-                    dataToSign,
-                    tokenSecurityPolicyUri,
-                    m_telemetry);
+                if (identityToken is X509IdentityToken)
+                {
+                    // sign data with user token.
+                    dataToSign = securityPolicy.GetUserTokenSignatureData(
+                        TransportChannel.ChannelThumbprint,
+                        serverNonce,
+                        serverCertificate?.RawData,
+                        TransportChannel.ServerChannelCertificate,
+                        m_instanceCertificate?.RawData,
+                        TransportChannel.ClientChannelCertificate,
+                        m_clientNonce ?? []);
 
-                // encrypt token.
-                identityToken.Encrypt(
-                    serverCertificate,
-                    serverNonce,
-                    m_userTokenSecurityPolicyUri,
-                    MessageContext,
-                    m_eccServerEphemeralKey,
-                    m_instanceCertificate,
-                    m_instanceCertificateChain,
-                    m_endpoint.Description.SecurityMode != MessageSecurityMode.None);
+                    userTokenSignature = identityToken.Sign(
+                        dataToSign,
+                        tokenSecurityPolicyUri,
+                        m_telemetry);
+                }
+                else
+                {
+                    // encrypt token.
+                    identityToken.Encrypt(
+                        serverCertificate,
+                        serverNonce,
+                        m_userTokenSecurityPolicyUri,
+                        MessageContext,
+                        m_eccServerEphemeralKey,
+                        m_instanceCertificate,
+                        m_instanceCertificateChain,
+                        m_endpoint.Description.SecurityMode != MessageSecurityMode.None);
+                }
 
                 // send the software certificates assigned to the client.
                 SignedSoftwareCertificateCollection clientSoftwareCertificates = new();
@@ -1302,9 +1309,11 @@ await m_configuration
                     m_preferredLocales = [.. preferredLocales];
                 }
 
+                var header = CreateRequestHeaderForSessionActivationToken(securityPolicy, null, tokenSecurityPolicyUri);
+
                 // activate session.
                 ActivateSessionResponse activateResponse = await ActivateSessionAsync(
-                    null,
+                    header,
                     clientSignature,
                     clientSoftwareCertificates,
                     m_preferredLocales,
@@ -1430,7 +1439,7 @@ public async Task UpdateSessionAsync(
 
             // create the client signature.
             byte[] dataToSign = securityPolicy.GetClientSignatureData(
-                TransportChannel.SecureChannelHash,
+                TransportChannel.ChannelThumbprint,
                 serverNonce,
                 m_serverCertificate?.RawData,
                 TransportChannel.ServerChannelCertificate,
@@ -1450,10 +1459,14 @@ public async Task UpdateSessionAsync(
                 m_endpoint.Description.FindUserTokenPolicy(
                     identity.TokenType,
                     identity.IssuedTokenType,
-                    securityPolicyUri)
-                ?? throw ServiceResultException.Create(
-                    StatusCodes.BadIdentityTokenRejected,
-                    "Endpoint does not support the user identity type provided.");
+                    securityPolicyUri);
+
+            if (identityPolicy == null)
+            {
+                throw ServiceResultException.Create(
+                      StatusCodes.BadIdentityTokenRejected,
+                      "Endpoint does not support the user identity type provided.");
+            }
 
             // select the security policy for the user token.
             string tokenSecurityPolicyUri = identityPolicy.SecurityPolicyUri;
@@ -1486,7 +1499,7 @@ public async Task UpdateSessionAsync(
             identityToken.PolicyId = identityPolicy.PolicyId;
 
             dataToSign = securityPolicy.GetUserTokenSignatureData(
-                TransportChannel.SecureChannelHash,
+                TransportChannel.ChannelThumbprint,
                 serverNonce,
                 m_serverCertificate?.RawData,
                 TransportChannel.ServerChannelCertificate,
@@ -1516,10 +1529,14 @@ public async Task UpdateSessionAsync(
             SignedSoftwareCertificateCollection clientSoftwareCertificates = new();
 
             // during debugging send the sesson transfer token on all activations.
-            RequestHeader? requestHeader = null;
+            RequestHeader? requestHeader = CreateRequestHeaderForSessionActivationToken(
+                securityPolicy,
 #if DEBUG
-            requestHeader = CreateRequestHeaderForSessionActivationToken(securityPolicy);
+                m_sessionActivationSecret,
+#else
+                null,
 #endif
+                tokenSecurityPolicyUri);
 
             ActivateSessionResponse response = await ActivateSessionAsync(
                 requestHeader,
@@ -2314,7 +2331,7 @@ public async Task ReconnectAsync(
 
                 // create the client signature.
                 byte[] dataToSign = securityPolicy.GetClientSignatureData(
-                    TransportChannel.SecureChannelHash,
+                    TransportChannel.ChannelThumbprint,
                     m_serverNonce,
                     m_serverCertificate?.RawData,
                     TransportChannel.ServerChannelCertificate,
@@ -2366,7 +2383,7 @@ public async Task ReconnectAsync(
                 identityToken.PolicyId = identityPolicy.PolicyId;
 
                 dataToSign = securityPolicy.GetUserTokenSignatureData(
-                    TransportChannel.SecureChannelHash,
+                    TransportChannel.ChannelThumbprint,
                     m_serverNonce,
                     m_serverCertificate?.RawData,
                     TransportChannel.ServerChannelCertificate,
@@ -2459,7 +2476,10 @@ public async Task ReconnectAsync(
 
                 m_logger.LogInformation("Session RE-ACTIVATING {SessionId}.", SessionId);
 
-                var header = CreateRequestHeaderForSessionActivationToken(securityPolicy);
+                var header = CreateRequestHeaderForSessionActivationToken(
+                    securityPolicy,
+                    m_sessionActivationSecret,
+                    tokenSecurityPolicyUri);
 
                 if (header == null)
                 {
@@ -3917,7 +3937,7 @@ private void ValidateServerSignature(
             SecurityPolicyInfo securityPolicy = SecurityPolicies.GetInfo(m_endpoint.Description.SecurityPolicyUri);
 
             byte[] dataToSign = securityPolicy.GetServerSignatureData(
-                TransportChannel.SecureChannelHash,
+                TransportChannel.ChannelThumbprint,
                 clientNonce,
                 TransportChannel.ServerChannelCertificate,
                 clientCertificateData,
@@ -3926,7 +3946,7 @@ private void ValidateServerSignature(
 
             if (!SecurityPolicies.VerifySignatureData(
                     serverSignature,
-                    m_endpoint.Description.SecurityPolicyUri,
+                    securityPolicy,
                     serverCertificate,
                     dataToSign))
             {
@@ -3934,7 +3954,7 @@ private void ValidateServerSignature(
                 if (clientCertificateChainData != null)
                 {
                     dataToSign = securityPolicy.GetServerSignatureData(
-                        TransportChannel.SecureChannelHash,
+                        TransportChannel.ChannelThumbprint,
                         clientNonce,
                         TransportChannel.ServerChannelCertificate,
                         clientCertificateChainData,
@@ -3943,7 +3963,7 @@ private void ValidateServerSignature(
 
                     if (!SecurityPolicies.VerifySignatureData(
                             serverSignature,
-                            m_endpoint.Description.SecurityPolicyUri,
+                            securityPolicy,
                             serverCertificate,
                             dataToSign))
                     {
@@ -4805,42 +4825,74 @@ private RequestHeader CreateRequestHeaderPerUserTokenPolicy(
             {
                 userTokenSecurityPolicyUri = m_endpoint.Description.SecurityPolicyUri;
             }
+
             m_userTokenSecurityPolicyUri = userTokenSecurityPolicyUri;
 
-            if (CryptoUtils.IsEccPolicy(userTokenSecurityPolicyUri))
+            var securityPolicy = SecurityPolicies.GetInfo(userTokenSecurityPolicyUri);
+
+            if (securityPolicy.EphemeralKeyAlgorithm != CertificateKeyAlgorithm.None)
             {
                 var parameters = new AdditionalParametersType();
                 parameters.Parameters.Add(
                     new KeyValuePair { Key = AdditionalParameterNames.ECDHPolicyUri, Value = userTokenSecurityPolicyUri });
                 requestHeader.AdditionalHeader = new ExtensionObject(parameters);
+
+                m_logger.LogWarning("Request EphemeralKey for {Policy}.", userTokenSecurityPolicyUri);
             }
 
             return requestHeader;
         }
 
-        private RequestHeader? CreateRequestHeaderForSessionActivationToken(SecurityPolicyInfo securityPolicy)
+        private RequestHeader? CreateRequestHeaderForSessionActivationToken(
+            SecurityPolicyInfo securityPolicy,
+            byte[]? sessionActivationSecret,
+            string userTokenSecurityPolicyUri)
         {
-            if (m_sessionActivationSecret == null)
+            var requestHeader = new RequestHeader();
+            var parameters = new AdditionalParametersType();
+
+            if (sessionActivationSecret != null)
             {
-                return null;
-            }
+                var sessionTransferToken = securityPolicy.CreateSessionTransferToken(
+                    TransportChannel.ChannelThumbprint,
+                    sessionActivationSecret);
 
-            var sessionActivationToken = securityPolicy.CreateSessionActivationToken(
-                TransportChannel.SecureChannelHash,
-                m_sessionActivationSecret);
+                if (sessionTransferToken != null && sessionTransferToken.Length > 0)
+                {
+                    parameters.Parameters.Add(
+                        new KeyValuePair
+                        {
+                            Key = AdditionalParameterNames.SessionTransferToken,
+                            Value = sessionTransferToken
+                        });
 
-            var requestHeader = new RequestHeader();
-            var parameters = new AdditionalParametersType();
+                    m_logger.LogWarning("Sending SessionTransferToken {Policy}.", CryptoTrace.KeyToString(sessionTransferToken));
+                }
+            }
+
+            if (userTokenSecurityPolicyUri != null)
+            {
+                var userTokenSecurityPolicy = SecurityPolicies.GetInfo(userTokenSecurityPolicyUri);
 
-            parameters.Parameters.Add(
-                new KeyValuePair
+                if (userTokenSecurityPolicy.CertificateKeyFamily == CertificateKeyFamily.ECC)
                 {
-                    Key = AdditionalParameterNames.SessionTransferToken,
-                    Value = sessionActivationToken
-                });
+                    parameters.Parameters.Add(
+                        new KeyValuePair
+                        {
+                            Key = AdditionalParameterNames.ECDHPolicyUri,
+                            Value = userTokenSecurityPolicyUri
+                        });
+
+                    m_logger.LogWarning("Requesting new EphmeralKey using {SecurityPolicyUri}.", userTokenSecurityPolicyUri);
+                }
+            }
+
+            if (parameters.Parameters.Count == 0)
+            {
+                return null;
+            }
 
             requestHeader.AdditionalHeader = new ExtensionObject(parameters);
-      
             return requestHeader;
         }
 
@@ -4867,18 +4919,23 @@ protected virtual void ProcessResponseAdditionalHeader(
                 {
                     if (ii.Key == AdditionalParameterNames.Padding)
                     {
-                        if (ii.Value.TypeInfo != TypeInfo.Scalars.ByteString || ii.Value.Value is not byte[])
+                        var padding = ii.Value.Value as byte[];
+
+                        if (ii.Value.TypeInfo != TypeInfo.Scalars.ByteString || padding == null)
                         {
                             m_logger.LogWarning(
                                 "Server returned invalid message padding. Ignored.");
                         }
-
-                        if (ii.Value.Value is byte[] padding && padding.Length > 4096)
+                        else if (padding.Length > 128)
                         {
                             m_logger.LogWarning(
                                 "Server returned a {Size}byte message padding that is too long. Ignored.",
                                 padding.Length);
                         }
+                        else
+                        {
+                            m_logger.LogWarning("Ignoring Padding with {Length} Bytes", padding.Length);
+                        }
 
                         continue;
                     }
@@ -4914,6 +4971,8 @@ protected virtual void ProcessResponseAdditionalHeader(
                         m_eccServerEphemeralKey = Nonce.CreateNonce(
                             SecurityPolicies.GetInfo(m_userTokenSecurityPolicyUri),
                             key.PublicKey);
+
+                        m_logger.LogWarning("Updating ServerEphemeralKey: {Key}", CryptoTrace.KeyToString(m_eccServerEphemeralKey.Data));
                     }
                 }
             }
diff --git a/Libraries/Opc.Ua.Server/Server/StandardServer.cs b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
index 21cd33c6b2..3b31f171db 100644
--- a/Libraries/Opc.Ua.Server/Server/StandardServer.cs
+++ b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
@@ -540,7 +540,7 @@ X509Certificate2Collection clientCertificateChain
                         SecurityPolicyInfo securityPolicy = SecurityPolicies.GetInfo(context.SecurityPolicyUri);
 
                         byte[] dataToSign = securityPolicy.GetServerSignatureData(
-                            context.ChannelContext.SecureChannelHash,
+                            context.ChannelContext.ChannelThumbprint,
                             clientNonce,
                             context.ChannelContext.ServerChannelCertificate,
                             parsedClientCertificate.RawData,
@@ -652,17 +652,22 @@ protected virtual AdditionalParametersType CreateSessionProcessAdditionalParamet
                     if (ii.Key == AdditionalParameterNames.ECDHPolicyUri)
                     {
                         string policyUri = ii.Value.ToString();
+                        m_logger.LogWarning("Received request for new EphmeralKey using {SecurityPolicyUri}.", policyUri);
 
-                        if (CryptoUtils.IsEccPolicy(policyUri))
+                        var securityPolicy = SecurityPolicies.GetInfo(policyUri);
+
+                        if (securityPolicy.EphemeralKeyAlgorithm != CertificateKeyAlgorithm.None)
                         {
-                            session.SetEccUserTokenSecurityPolicy(policyUri);
-                            EphemeralKeyType key = session.GetNewEccKey();
+                            session.SetUserTokenSecurityPolicy(policyUri);
+                            EphemeralKeyType key = session.GetNewEphmeralKey();
                             response.Parameters.Add(
                                 new KeyValuePair
                                 {
                                     Key = AdditionalParameterNames.ECDHKey,
                                     Value = new ExtensionObject(key)
                                 });
+
+                            m_logger.LogWarning("Returning new EphmeralKey: {PublicKey}.", CryptoTrace.KeyToString(key.PublicKey));
                         }
                         else
                         {
@@ -672,6 +677,8 @@ protected virtual AdditionalParametersType CreateSessionProcessAdditionalParamet
                                     Key = AdditionalParameterNames.ECDHKey,
                                     Value = StatusCodes.BadSecurityPolicyRejected
                                 });
+
+                            m_logger.LogWarning("Rejecting request for new EphmeralKey using {SecurityPolicyUri}.", policyUri);
                         }
                     }
                 }
@@ -692,13 +699,15 @@ protected virtual AdditionalParametersType ActivateSessionProcessAdditionalParam
         {
             AdditionalParametersType response = null;
 
-            EphemeralKeyType key = session.GetNewEccKey();
+            EphemeralKeyType key = session.GetNewEphmeralKey();
 
             if (key != null)
             {
                 response = new AdditionalParametersType();
                 response.Parameters
                     .Add(new KeyValuePair { Key = AdditionalParameterNames.ECDHKey, Value = new ExtensionObject(key) });
+
+                m_logger.LogWarning("Returning new EphmeralKey: {PublicKey}.", CryptoTrace.KeyToString(key.PublicKey));
             }
 
             return response;
@@ -851,9 +860,10 @@ protected bool VerifySessionTransferToken(OperationContext context, RequestHeade
 
                         if (ii.Value.Value is byte[] token)
                         {
+                            m_logger.LogWarning("SessionTransferToken received: {PublicKey}.", CryptoTrace.KeyToString(token));
                             sessionTransferToken = token;
                             break;
-                        } 
+                        }
                     }
                 }
             }
diff --git a/Libraries/Opc.Ua.Server/Session/ISession.cs b/Libraries/Opc.Ua.Server/Session/ISession.cs
index 2410277c73..a081fc545d 100644
--- a/Libraries/Opc.Ua.Server/Session/ISession.cs
+++ b/Libraries/Opc.Ua.Server/Session/ISession.cs
@@ -43,6 +43,11 @@ public interface ISession : IDisposable
         /// </summary>
         bool Activated { get; }
 
+        /// <summary>
+        /// The application instance certificate associated with the server.
+        /// </summary>
+        X509Certificate2 ServerCertificate { get; }
+
         /// <summary>
         /// The application instance certificate associated with the client.
         /// </summary>
@@ -136,7 +141,7 @@ bool Activate(
         /// Create new ECC ephemeral key
         /// </summary>
         /// <returns>A new ephemeral key</returns>
-        EphemeralKeyType GetNewEccKey();
+        EphemeralKeyType GetNewEphmeralKey();
 
         /// <summary>
         /// Checks if the secure channel is currently valid.
@@ -180,7 +185,7 @@ bool Activate(
         /// <summary>
         /// Set the ECC security policy URI
         /// </summary>
-        void SetEccUserTokenSecurityPolicy(string securityPolicyUri);
+        void SetUserTokenSecurityPolicy(string securityPolicyUri);
 
         /// <summary>
         /// Updates the requested locale ids.
diff --git a/Libraries/Opc.Ua.Server/Session/Session.cs b/Libraries/Opc.Ua.Server/Session/Session.cs
index 25ff062497..904495fcb5 100644
--- a/Libraries/Opc.Ua.Server/Session/Session.cs
+++ b/Libraries/Opc.Ua.Server/Session/Session.cs
@@ -95,7 +95,7 @@ public Session(
             m_clientIssuerCertificates = clientCertificateChain;
 
             SecureChannelId = context.ChannelContext.SecureChannelId;
-            m_secureChannelHash = context.ChannelContext.SecureChannelHash;
+            m_channelThumbprint = context.ChannelContext.ChannelThumbprint;
             m_sessionActivationSecret = context.ChannelContext.SessionActivationSecret;
             MaxBrowseContinuationPoints = maxBrowseContinuationPoints;
             m_maxHistoryContinuationPoints = maxHistoryContinuationPoints;
@@ -240,6 +240,11 @@ protected virtual void Dispose(bool disposing)
         /// </summary>
         public byte[] ClientNonce { get; }
 
+        /// <summary>
+        /// The application instance certificate associated with the server.
+        /// </summary>
+        public X509Certificate2 ServerCertificate => m_serverCertificate;
+
         /// <summary>
         /// The application instance certificate associated with the client.
         /// </summary>
@@ -288,12 +293,12 @@ public DateTime ClientLastContactTime
         /// <summary>
         /// Set the ECC security policy URI
         /// </summary>
-        public virtual void SetEccUserTokenSecurityPolicy(string securityPolicyUri)
+        public virtual void SetUserTokenSecurityPolicy(string securityPolicyUri)
         {
             lock (m_lock)
             {
-                m_eccUserTokenSecurityPolicyUri = securityPolicyUri;
-                m_eccUserTokenNonce = null;
+                m_userTokenSecurityPolicyUri = securityPolicyUri;
+                m_userTokenNonce = null;
             }
         }
 
@@ -301,23 +306,23 @@ public virtual void SetEccUserTokenSecurityPolicy(string securityPolicyUri)
         /// Create new ECC ephemeral key
         /// </summary>
         /// <returns>A new ephemeral key</returns>
-        public virtual EphemeralKeyType GetNewEccKey()
+        public virtual EphemeralKeyType GetNewEphmeralKey()
         {
             lock (m_lock)
             {
-                if (m_eccUserTokenSecurityPolicyUri == null)
+                if (m_userTokenSecurityPolicyUri == null)
                 {
                     return null;
                 }
 
-                m_eccUserTokenNonce = Nonce.CreateNonce(m_eccUserTokenSecurityPolicyUri);
+                m_userTokenNonce = Nonce.CreateNonce(m_userTokenSecurityPolicyUri);
 
-                var key = new EphemeralKeyType { PublicKey = m_eccUserTokenNonce.Data };
+                var key = new EphemeralKeyType { PublicKey = m_userTokenNonce.Data };
 
                 key.Signature = CryptoUtils.Sign(
                     new ArraySegment<byte>(key.PublicKey),
                     m_serverCertificate,
-                    m_eccUserTokenSecurityPolicyUri);
+                    m_userTokenSecurityPolicyUri);
 
                 return key;
             }
@@ -478,7 +483,7 @@ public void ValidateBeforeActivate(
                     var securityPolicy = SecurityPolicies.GetInfo(EndpointDescription.SecurityPolicyUri);
 
                     byte[] dataToSign = securityPolicy.GetClientSignatureData(
-                        context.ChannelContext.SecureChannelHash,
+                        context.ChannelContext.ChannelThumbprint,
                         m_serverNonce.Data,
                         m_serverCertificate.RawData,
                         context.ChannelContext.ServerChannelCertificate,
@@ -511,7 +516,7 @@ public void ValidateBeforeActivate(
                             byte[] serverCertificateChainData = [.. serverCertificateChainList];
 
                             dataToSign = securityPolicy.GetClientSignatureData(
-                                context.ChannelContext.SecureChannelHash,
+                                context.ChannelContext.ChannelThumbprint,
                                 m_serverNonce.Data,
                                 serverCertificateChainData,
                                 context.ChannelContext.ServerChannelCertificate,
@@ -599,7 +604,7 @@ public void ValidateSessionTransferToken(
 
             if (!info.ValidateSessionActivationToken(
                     sessionActivationToken,
-                    context.ChannelContext.SecureChannelHash,
+                    context.ChannelContext.ChannelThumbprint,
                     m_sessionActivationSecret))
             {
                 throw new ServiceResultException(StatusCodes.BadApplicationSignatureInvalid);
@@ -1081,7 +1086,7 @@ private UserIdentityToken ValidateUserIdentityToken(
                         m_serverNonce,
                         securityPolicyUri,
                         m_server.MessageContext,
-                        m_eccUserTokenNonce,
+                        m_userTokenNonce,
                         ClientCertificate,
                         m_clientIssuerCertificates);
                 }
@@ -1099,7 +1104,7 @@ private UserIdentityToken ValidateUserIdentityToken(
                     var securityPolicy = SecurityPolicies.GetInfo(securityPolicyUri);
 
                     byte[] dataToSign = securityPolicy.GetUserTokenSignatureData(
-                        context.ChannelContext.SecureChannelHash,
+                        context.ChannelContext.ChannelThumbprint,
                         m_serverNonce.Data,
                         m_serverCertificate.RawData,
                         context.ChannelContext.ServerChannelCertificate,
@@ -1342,10 +1347,10 @@ private void UpdateDiagnosticCounters(
         private readonly string m_sessionName;
         private X509Certificate2 m_serverCertificate;
         private Nonce m_serverNonce;
-        private byte[] m_secureChannelHash;
+        private byte[] m_channelThumbprint;
         private byte[] m_sessionActivationSecret;
-        private string m_eccUserTokenSecurityPolicyUri;
-        private Nonce m_eccUserTokenNonce;
+        private string m_userTokenSecurityPolicyUri;
+        private Nonce m_userTokenNonce;
         private readonly X509Certificate2Collection m_clientIssuerCertificates;
         private readonly int m_maxHistoryContinuationPoints;
         private readonly SessionSecurityDiagnosticsDataType m_securityDiagnostics;
diff --git a/Stack/Opc.Ua.Core/Schema/SecuredApplicationHelpers.cs b/Stack/Opc.Ua.Core/Schema/SecuredApplicationHelpers.cs
index 02cc3665cd..c6aa5a8837 100644
--- a/Stack/Opc.Ua.Core/Schema/SecuredApplicationHelpers.cs
+++ b/Stack/Opc.Ua.Core/Schema/SecuredApplicationHelpers.cs
@@ -379,6 +379,10 @@ public static byte CalculateSecurityLevel(
                 case SecurityPolicies.Aes256_Sha256_RsaPss:
                     result = 10;
                     break;
+                case SecurityPolicies.RSA_DH_AesGcm:
+                case SecurityPolicies.RSA_DH_ChaChaPoly:
+                    result = 12;
+                    break;
                 case SecurityPolicies.ECC_brainpoolP256r1_AesGcm:
                 case SecurityPolicies.ECC_brainpoolP256r1_ChaChaPoly:
                 case SecurityPolicies.ECC_nistP256_AesGcm:
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/CertificateIdentifier.cs b/Stack/Opc.Ua.Core/Security/Certificates/CertificateIdentifier.cs
index 422a75532d..931662a6a6 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/CertificateIdentifier.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/CertificateIdentifier.cs
@@ -778,7 +778,7 @@ public static IList<NodeId> MapSecurityPolicyToCertificateTypes(string securityP
                 case SecurityPolicies.Basic256Sha256:
                 case SecurityPolicies.Aes128_Sha256_RsaOaep:
                 case SecurityPolicies.Aes256_Sha256_RsaPss:
-                case SecurityPolicies.RSA_DH_AES_GCM:
+                case SecurityPolicies.RSA_DH_AesGcm:
                 case SecurityPolicies.RSA_DH_ChaChaPoly:
                     result.Add(ObjectTypeIds.RsaSha256ApplicationCertificateType);
                     break;
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs b/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs
index d1705aad70..6301776680 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs
@@ -11,8 +11,11 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */
 
 using System;
+using System.Globalization;
+using System.Numerics;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
+using System.Text;
 using Opc.Ua.Bindings;
 using Opc.Ua.Security.Certificates;
 #if CURVE25519
@@ -290,6 +293,12 @@ public static int GetSignatureLength(X509Certificate2 signingCertificate)
                     StatusCodes.BadSecurityChecksFailed,
                     "No public key for certificate.");
             }
+
+            if (signingCertificate.GetRSAPublicKey() != null)
+            {
+                return RsaUtils.GetSignatureLength(signingCertificate);
+            }
+
             using ECDsa publicKey =
                 GetPublicKey(signingCertificate)
                 ?? throw ServiceResultException.Create(
@@ -299,34 +308,6 @@ public static int GetSignatureLength(X509Certificate2 signingCertificate)
             return publicKey.KeySize / 4;
         }
 
-        /// <summary>
-        /// Returns the hash algorithm for the specified security policy.
-        /// </summary>
-        /// <exception cref="ArgumentNullException"><paramref name="securityPolicyUri"/> is <c>null</c>.</exception>
-        /// <exception cref="ServiceResultException"></exception>
-        public static HashAlgorithmName GetSignatureAlgorithmName(string securityPolicyUri)
-        {
-            if (securityPolicyUri == null)
-            {
-                throw new ArgumentNullException(nameof(securityPolicyUri));
-            }
-
-            switch (securityPolicyUri)
-            {
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                    return HashAlgorithmName.SHA256;
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    return HashAlgorithmName.SHA384;
-                default:
-                    throw ServiceResultException.Unexpected(
-                        "Unexpected security policy URI for ECC: {0}", securityPolicyUri);
-            }
-        }
-
         /// <summary>
         /// Computes an ECDSA signature.
         /// </summary>
@@ -340,7 +321,7 @@ public static byte[] Sign(
         }
 
         /// <summary>
-        /// Computes an ECDSA signature.
+        /// Computes an signature.
         /// </summary>
         /// <exception cref="ServiceResultException"></exception>
         public static byte[] Sign(
@@ -348,6 +329,35 @@ public static byte[] Sign(
             X509Certificate2 signingCertificate,
             AsymmetricSignatureAlgorithm algorithm)
         {
+            switch (algorithm)
+            {
+                case AsymmetricSignatureAlgorithm.None:
+                    return null;
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha1:
+                    return RsaUtils.Rsa_Sign(
+                        dataToSign,
+                        signingCertificate,
+                        HashAlgorithmName.SHA1,
+                        RSASignaturePadding.Pkcs1);
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha256:
+                    return RsaUtils.Rsa_Sign(
+                        dataToSign,
+                        signingCertificate,
+                        HashAlgorithmName.SHA256,
+                        RSASignaturePadding.Pkcs1);
+                case AsymmetricSignatureAlgorithm.RsaPssSha256:
+                    return RsaUtils.Rsa_Sign(
+                        dataToSign,
+                        signingCertificate,
+                        HashAlgorithmName.SHA256,
+                        RSASignaturePadding.Pss);
+                case AsymmetricSignatureAlgorithm.EcdsaSha256:
+                case AsymmetricSignatureAlgorithm.EcdsaSha384:
+                    break;
+                default:
+                    throw new ServiceResultException(StatusCodes.BadSecurityPolicyRejected);
+            }
+
             // get the algorithm used for the signature.
             HashAlgorithmName hashAlgorithm;
 
@@ -415,6 +425,38 @@ public static bool Verify(
             X509Certificate2 signingCertificate,
             AsymmetricSignatureAlgorithm algorithm)
         {
+            switch (algorithm)
+            {
+                case AsymmetricSignatureAlgorithm.None:
+                    return true;
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha1:
+                    return RsaUtils.Rsa_Verify(
+                        dataToVerify,
+                        signature,
+                        signingCertificate,
+                        HashAlgorithmName.SHA1,
+                        RSASignaturePadding.Pkcs1);
+                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha256:
+                    return RsaUtils.Rsa_Verify(
+                        dataToVerify,
+                        signature,
+                        signingCertificate,
+                        HashAlgorithmName.SHA256,
+                        RSASignaturePadding.Pkcs1);
+                case AsymmetricSignatureAlgorithm.RsaPssSha256:
+                    return RsaUtils.Rsa_Verify(
+                        dataToVerify,
+                        signature,
+                        signingCertificate,
+                        HashAlgorithmName.SHA256,
+                        RSASignaturePadding.Pss);
+                case AsymmetricSignatureAlgorithm.EcdsaSha256:
+                case AsymmetricSignatureAlgorithm.EcdsaSha384:
+                    break;
+                default:
+                    return false;
+            }
+
             // get the algorithm used for the signature.
             HashAlgorithmName hashAlgorithm;
 
@@ -660,12 +702,15 @@ private static ArraySegment<byte> EncryptWithChaCha20Poly1305(
                 tag,
                 extraData);
 
-#if xDEBUG
-            Console.WriteLine($"E.iv={TcpMessageType.KeyToString(iv)}");
-            Console.WriteLine($"E.extraData={TcpMessageType.KeyToString(extraData.ToArray())}");
-            Console.WriteLine($"E.tag={TcpMessageType.KeyToString(tag)}");
-            Console.WriteLine($"E.ciphertext={TcpMessageType.KeyToString(ciphertext)}");
-#endif
+            CryptoTrace.Start(ConsoleColor.DarkCyan, "EncryptWithChaCha20Poly1305");
+            CryptoTrace.WriteLine($"Data Offset/Count={data.Offset}/{data.Count}");
+            CryptoTrace.WriteLine($"TokenId/LastSequenceNumber={tokenId}/{lastSequenceNumber}");
+            CryptoTrace.WriteLine($"EncryptingKey={CryptoTrace.KeyToString(encryptingKey)}");
+            CryptoTrace.WriteLine($"IV={CryptoTrace.KeyToString(iv)}");
+            CryptoTrace.WriteLine($"EncryptedData={CryptoTrace.KeyToString(ciphertext)}");
+            CryptoTrace.WriteLine($"Tag={CryptoTrace.KeyToString(tag)}");
+            CryptoTrace.WriteLine($"ExtraData={CryptoTrace.KeyToString(extraData.ToArray())}");
+            CryptoTrace.Finish("EncryptWithChaCha20Poly1305");
 
             // Return layout: [associated data | ciphertext | tag]
             if (!signOnly)
@@ -727,13 +772,6 @@ private static ArraySegment<byte> DecryptWithChaCha20Poly1305(
 
             iv = ApplyAeadMask(tokenId, lastSequenceNumber, iv);
 
-#if xDEBUG
-            Console.WriteLine($"D.iv={TcpMessageType.KeyToString(iv)}");
-            Console.WriteLine($"D.extraData={TcpMessageType.KeyToString(extraData.ToArray())}");
-            Console.WriteLine($"D.tag={TcpMessageType.KeyToString(tag.ToArray())}");
-            Console.WriteLine($"D.ciphertext={TcpMessageType.KeyToString(encryptedData.ToArray())}");
-#endif
-
             chacha.Decrypt(
                 iv,
                 encryptedData,
@@ -741,6 +779,16 @@ private static ArraySegment<byte> DecryptWithChaCha20Poly1305(
                 signOnly ? [] : plaintext,
                 extraData);
 
+            CryptoTrace.Start(ConsoleColor.DarkCyan, "DecryptWithChaCha20Poly1305");
+            CryptoTrace.WriteLine($"Data Offset/Count={data.Offset}/{data.Count - kChaChaPolyTagLength}");
+            CryptoTrace.WriteLine($"TokenId/LastSequenceNumber={tokenId}/{lastSequenceNumber}");
+            CryptoTrace.WriteLine($"EncryptingKey={CryptoTrace.KeyToString(encryptingKey)}");
+            CryptoTrace.WriteLine($"IV={CryptoTrace.KeyToString(iv)}");
+            CryptoTrace.WriteLine($"EncryptedData={CryptoTrace.KeyToString(encryptedData)}");
+            CryptoTrace.WriteLine($"Tag={CryptoTrace.KeyToString(tag)}");
+            CryptoTrace.WriteLine($"ExtraData={CryptoTrace.KeyToString(extraData.ToArray())}");
+            CryptoTrace.Finish("DecryptWithChaCha20Poly1305");
+
             // Return layout: [associated data | plaintext]
             if (!signOnly)
             {
@@ -783,7 +831,6 @@ private static ArraySegment<byte> EncryptWithAesGcm(
 
             using var aesGcm = new AesGcm(encryptingKey, kAesGcmTagLength);
 
-            //Console.WriteLine($"Prior={TcpMessageType.KeyToString(iv)} tokenId={tokenId} lastSequenceNumber={lastSequenceNumber}");
             iv = ApplyAeadMask(tokenId, lastSequenceNumber, iv);
 
             aesGcm.Encrypt(
@@ -793,13 +840,15 @@ private static ArraySegment<byte> EncryptWithAesGcm(
                 tag,
                 extraData);
 
-#if DEBUG
-            Console.WriteLine($"E.encryptingKey={TcpMessageType.KeyToString(encryptingKey)}");
-            Console.WriteLine($"E.iv={TcpMessageType.KeyToString(iv)}");
-            Console.WriteLine($"E.extraData={TcpMessageType.KeyToString(extraData.ToArray())}");
-            Console.WriteLine($"E.tag={TcpMessageType.KeyToString(tag)}");
-            Console.WriteLine($"E.ciphertext={TcpMessageType.KeyToString(ciphertext)}");
-#endif
+            CryptoTrace.Start(ConsoleColor.DarkCyan, "EncryptWithAesGcm");
+            CryptoTrace.WriteLine($"Data Offset/Count={data.Offset}/{data.Count}");
+            CryptoTrace.WriteLine($"TokenId/LastSequenceNumber={tokenId}/{lastSequenceNumber}");
+            CryptoTrace.WriteLine($"EncryptingKey={CryptoTrace.KeyToString(encryptingKey)}");
+            CryptoTrace.WriteLine($"IV={CryptoTrace.KeyToString(iv)}");
+            CryptoTrace.WriteLine($"EncryptedData={CryptoTrace.KeyToString(ciphertext)}");
+            CryptoTrace.WriteLine($"Tag={CryptoTrace.KeyToString(tag)}");
+            CryptoTrace.WriteLine($"ExtraData={CryptoTrace.KeyToString(extraData.ToArray())}");
+            CryptoTrace.Finish("DecryptWithAesGcm");
 
             // Return layout: [associated data | ciphertext | tag]
             if (!signOnly)
@@ -859,16 +908,17 @@ private static ArraySegment<byte> DecryptWithAesGcm(
 
             using var aesGcm = new AesGcm(encryptingKey, kAesGcmTagLength);
 
-            //Console.WriteLine($"Prior={TcpMessageType.KeyToString(iv)} tokenId={tokenId} lastSequenceNumber={lastSequenceNumber}");
             iv = ApplyAeadMask(tokenId, lastSequenceNumber, iv);
 
-#if xDEBUG
-            Console.WriteLine($"D.encryptingKey={TcpMessageType.KeyToString(encryptingKey)}");
-            Console.WriteLine($"D.iv={TcpMessageType.KeyToString(iv)}");
-            Console.WriteLine($"D.extraData={TcpMessageType.KeyToString(extraData.ToArray())}");
-            Console.WriteLine($"D.tag={TcpMessageType.KeyToString(tag.ToArray())}");
-            Console.WriteLine($"D.ciphertext={TcpMessageType.KeyToString(encryptedData.ToArray())}");
-#endif
+            CryptoTrace.Start(ConsoleColor.DarkCyan, "DecryptWithAesGcm");
+            CryptoTrace.WriteLine($"Data Offset/Count={data.Offset}/{data.Count - kAesGcmTagLength}");
+            CryptoTrace.WriteLine($"TokenId/LastSequenceNumber={tokenId}/{lastSequenceNumber}");
+            CryptoTrace.WriteLine($"EncryptingKey={CryptoTrace.KeyToString(encryptingKey)}");
+            CryptoTrace.WriteLine($"IV={CryptoTrace.KeyToString(iv)}");
+            CryptoTrace.WriteLine($"EncryptedData={CryptoTrace.KeyToString(encryptedData)}");
+            CryptoTrace.WriteLine($"Tag={CryptoTrace.KeyToString(tag)}");
+            CryptoTrace.WriteLine($"ExtraData={CryptoTrace.KeyToString(extraData.ToArray())}");
+            CryptoTrace.Finish("DecryptWithAesGcm");
 
             aesGcm.Decrypt(
                 iv,
@@ -983,4 +1033,280 @@ public static ArraySegment<byte> SymmetricDecryptAndVerify(
             return new ArraySegment<byte>(data.Array, 0, data.Offset + data.Count);
         }
     }
+
+#if X
+    class FfdheDhWithRsaAuth
+    {
+        // ffdhe2048 prime from RFC 7919 (hex, without whitespace).  
+        // (RFC 7919 Appendix A.3 — use this canonical modulus in production.)
+        const string FFDHE2048_HEX = @"
+            FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1
+            D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9
+            7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561
+            2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935
+            984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735
+            30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB
+            B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19
+            0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61
+            9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73
+            3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA
+            886B4238 61285C97 FFFFFFFF FFFFFFFF";
+
+        // Generator for FFDHE groups is 2
+        static readonly BigInteger G = new BigInteger(2);
+
+        static void Main()
+        {
+            // Parse the RFC hex prime into a positive BigInteger
+            BigInteger p = ParseHexBigInteger(FFDHE2048_HEX);
+
+            // Recommended: use a short ephemeral exponent (e.g. 256-bit) for performance
+            // while still achieving ~128-bit security for typical scenarios.
+            // (RFC7919 and implementation guidance discuss exponent sizing; choose per your threat model.)
+            int privateBitLength = 256;
+
+            Console.WriteLine("Simulating DH exchange (ffdhe2048) with RSA signing...");
+
+            // Simulate Alice and Bob
+            var alice = CreateDhParticipant(p, privateBitLength);
+            var bob = CreateDhParticipant(p, privateBitLength);
+
+            // Each signs their public value with their own RSA key (DHE-RSA style authentication)
+            byte[] alicePub = ToBigEndian(alice.PublicValue);
+            byte[] bobPub = ToBigEndian(bob.PublicValue);
+
+            byte[] aliceSig, bobSig;
+            using (RSA rsaAlice = RSA.Create(2048))
+            using (RSA rsaBob = RSA.Create(2048))
+            {
+                // In real use the RSA keys are persistent (server cert) and public keys/certificates exchanged
+                aliceSig = rsaAlice.SignData(alicePub, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+                bobSig = rsaBob.SignData(bobPub, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+
+                // Each verifies the other's signature (in a real protocol they'd have the peer's cert/public key)
+                bool verifyAlice = rsaBob.VerifyData(bobPub, bobSig, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+                bool verifyBob = rsaAlice.VerifyData(alicePub, aliceSig, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+
+                Console.WriteLine($"Alice verifies Bob's signature: {verifyAlice}");
+                Console.WriteLine($"Bob verifies Alice's signature: {verifyBob}");
+            }
+
+            // Compute shared secrets
+            BigInteger aliceShared = BigInteger.ModPow(bob.PublicValue, alice.PrivateValue, p);
+            BigInteger bobShared = BigInteger.ModPow(alice.PublicValue, bob.PrivateValue, p);
+
+            if (aliceShared != bobShared)
+            {
+                Console.WriteLine("Shared secrets do not match! Aborting.");
+                return;
+            }
+
+            byte[] sharedBytes = ToBigEndian(aliceShared); // same as bobShared
+
+            // Derive 32-byte key with HKDF-SHA256 (RFC 5869)
+            byte[] salt = RandomNumberGenerator.GetBytes(32); // optional but recommended
+            byte[] info = Encoding.UTF8.GetBytes("ffdhe2048-dhe-rsa-derived-key");
+            byte[] aesKey = HkdfSha256(sharedBytes, salt, info, 32);
+        }
+
+        // Creates a participant with ephemeral private/public values
+        static (BigInteger PrivateValue, BigInteger PublicValue) CreateDhParticipant(BigInteger p, int privateBitLen)
+        {
+            BigInteger priv = GenerateRandomBigInteger(privateBitLen);
+            BigInteger pub = BigInteger.ModPow(G, priv, p);
+            return (priv, pub);
+        }
+
+        // Generate an unsigned positive BigInteger of bitLength bits (big-endian)
+        static BigInteger GenerateRandomBigInteger(int bitLength)
+        {
+            int byteCount = (bitLength + 7) / 8;
+            byte[] be = RandomNumberGenerator.GetBytes(byteCount);
+
+            // Ensure top bit set so the value has the requested bit length (avoid tiny exponents)
+            int topBitIndex = (bitLength - 1) % 8;
+            be[0] |= (byte)(1 << topBitIndex);
+
+            // Convert big-endian to little-endian + sign byte for BigInteger ctor
+            byte[] le = new byte[be.Length + 1]; // extra zero to force positive
+            for (int i = 0; i < be.Length; i++)
+                le[i] = be[be.Length - 1 - i];
+            le[le.Length - 1] = 0;
+            return new BigInteger(le);
+        }
+
+        // Convert BigInteger to big-endian unsigned byte[] (no leading zero)
+        static byte[] ToBigEndian(BigInteger value)
+        {
+            if (value.Sign < 0)
+                throw new ArgumentException("value must be non-negative");
+            byte[] le = value.ToByteArray(); // little-endian two's complement
+                                             // Trim any trailing zero that indicates sign if present
+            int last = le.Length - 1;
+            if (le[last] == 0)
+            {
+                Array.Resize(ref le, last);
+                last--;
+            }
+            byte[] be = new byte[le.Length];
+            for (int i = 0; i < le.Length; i++)
+                be[i] = le[le.Length - 1 - i];
+            return be;
+        }
+
+        // Parse hex into a positive BigInteger (handles odd-length and ensures positive)
+        static BigInteger ParseHexBigInteger(string hex)
+        {
+            hex = hex.Trim().Replace(" ", "").Replace("\n", "").Replace("\r", "");
+            // Ensure even length
+            if ((hex.Length & 1) == 1)
+                hex = "0" + hex;
+            // Use Convert.FromHexString (available in .NET 5+) or implement equivalent
+            byte[] be = Convert.FromHexString(hex);
+            // If highest bit of first byte is set, BigInteger.Parse with HexNumber can treat it as negative;
+            // we therefore construct positive BigInteger from big-endian bytes:
+            byte[] le = new byte[be.Length + 1];
+            for (int i = 0; i < be.Length; i++)
+                le[i] = be[be.Length - 1 - i];
+            le[le.Length - 1] = 0;
+            return new BigInteger(le);
+        }
+
+        // Simple HKDF-SHA256 implementation (RFC 5869)
+        static byte[] HkdfSha256(byte[] ikm, byte[] salt, byte[] info, int outLen)
+        {
+            // HKDF-Extract
+            byte[] prk;
+            using (var hmac = new HMACSHA256(salt ?? new byte[0]))
+            {
+                prk = hmac.ComputeHash(ikm);
+            }
+
+            // HKDF-Expand
+            int hashLen = 32;
+            int n = (outLen + hashLen - 1) / hashLen;
+            byte[] okm = new byte[outLen];
+            byte[] previous = Array.Empty<byte>();
+            using (var hmac = new HMACSHA256(prk))
+            {
+                int offset = 0;
+                for (byte i = 1; i <= n; i++)
+                {
+                    // T(i) = HMAC-PRK( T(i-1) | info | i )
+                    hmac.Initialize();
+                    hmac.TransformBlock(previous, 0, previous.Length, null, 0);
+                    if (info != null && info.Length > 0)
+                        hmac.TransformBlock(info, 0, info.Length, null, 0);
+                    byte[] counter = new byte[] { i };
+                    hmac.TransformFinalBlock(counter, 0, 1);
+                    previous = hmac.Hash!;
+                    int toCopy = Math.Min(hashLen, outLen - offset);
+                    Array.Copy(previous, 0, okm, offset, toCopy);
+                    offset += toCopy;
+                }
+            }
+            return okm;
+        }
+    }
+#endif
+
+    /// <summary>
+    /// A class to assist with tracing crypto operations.
+    /// </summary>
+    public static class CryptoTrace
+    {
+        /// <summary>
+        /// Starts a trace block.
+        /// </summary>
+        public static void Start(ConsoleColor color, string format, params object[] args)
+        {
+#if DEBUG
+            Console.ForegroundColor = color;
+            Console.Write("============ ");
+            Console.Write(format, args);
+            Console.WriteLine(" ============");
+#endif
+        }
+
+        /// <summary>
+        /// Finishes a trace block.
+        /// </summary>
+        public static void Finish(string format, params object[] args)
+        {
+#if DEBUG
+            Console.Write("============ ");
+            Console.Write(format, args);
+            Console.WriteLine(" Finished ============");
+            Console.ForegroundColor = ConsoleColor.White;
+#endif
+        }
+
+        /// <summary>
+        /// Writes a trace message.
+        /// </summary>
+        public static void Write(string format, params object[] args)
+        {
+#if DEBUG
+            Console.Write(format, args);
+#endif
+        }
+
+        /// <summary>
+        /// Writes a trace message.
+        /// </summary>
+        public static void WriteLine(string format, params object[] args)
+        {
+#if DEBUG
+            Console.WriteLine(format, args);
+#endif
+        }
+
+        /// <summary>
+        /// Returns a debug string for a key.
+        /// </summary>
+        public static string KeyToString(ArraySegment<byte> key)
+        {
+#if DEBUG
+            byte[] bytes = new byte[key.Count];
+            Buffer.BlockCopy(key.Array ?? [], key.Offset, bytes, 0, key.Count);
+            return KeyToString(bytes);
+#else
+            return String.Empty;
+#endif
+        }
+
+        /// <summary>
+        /// Returns a debug string for a key.
+        /// </summary>
+        public static string KeyToString(byte[] key)
+        {
+#if DEBUG
+            if (key == null || key.Length == 0)
+            {
+                return "Len=0:---";
+            }
+
+            byte checksum = 0;
+
+            foreach (var item in key)
+            {
+                checksum ^= item;
+            }
+
+            if (key.Length <= 16)
+            {
+                return "Len=" + key.Length.ToString(CultureInfo.InvariantCulture) +
+                    ":" +
+                    Utils.ToHexString(key) +
+                    "=>XOR=" +
+                    checksum.ToString(CultureInfo.InvariantCulture);
+            }
+
+            var text = Utils.ToHexString(key);
+            return $"Len={key.Length}:{text.Substring(0, 8)}...{text.Substring(text.Length - 8, 8)}=>XOR={checksum}";
+#else
+            return String.Empty;
+#endif
+        }
+    }
 }
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/EncryptedSecret.cs b/Stack/Opc.Ua.Core/Security/Certificates/EncryptedSecret.cs
index b7cc7f893d..21c86173f8 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/EncryptedSecret.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/EncryptedSecret.cs
@@ -14,6 +14,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 using System.IO;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
+using Opc.Ua.Bindings;
 #if CURVE25519
 using Org.BouncyCastle.Crypto.Modes;
 using Org.BouncyCastle.Crypto.Parameters;
@@ -114,6 +115,11 @@ private static void CreateKeysForEcc(
             out byte[] encryptingKey,
             out byte[] iv)
         {
+            CryptoTrace.Start(ConsoleColor.Blue, $"EncryptedSecret {((forDecryption) ? "DECRYPT" : "ENCRYPT")}");
+            CryptoTrace.WriteLine($"SecurityPolicy={securityPolicy.Name}");
+            CryptoTrace.WriteLine($"LocalNonce={CryptoTrace.KeyToString(localNonce?.Data)}");
+            CryptoTrace.WriteLine($"RemoteNonce={CryptoTrace.KeyToString(remoteNonce?.Data)}");
+
             int encryptingKeySize = securityPolicy.SymmetricEncryptionKeyLength;
             int blockSize = securityPolicy.InitializationVectorLength;
 
@@ -123,36 +129,25 @@ private static void CreateKeysForEcc(
             byte[] secret = localNonce.GenerateSecret(remoteNonce, null);
             byte[] keyLength = BitConverter.GetBytes((ushort)(encryptingKeySize + blockSize));
 
-            byte[] salt = (forDecryption) ?
-                Utils.Append(keyLength, s_secretLabel, remoteNonce.Data, localNonce.Data) :
-                Utils.Append(keyLength, s_secretLabel, localNonce.Data, remoteNonce.Data);
-
-            System.Console.WriteLine(
-                $"LOCAL={Utils.ToHexString(localNonce.Data).Substring(0, 8)} " +
-                $"REMOTE={Utils.ToHexString(remoteNonce.Data).Substring(0, 8)} " +
-                $"SALT={Utils.ToHexString(salt).Substring(0, 8)} ");
+            byte[] salt = Utils.Append(
+                keyLength,
+                s_secretLabel,
+                forDecryption ? remoteNonce.Data : localNonce.Data,
+                forDecryption ? localNonce.Data : remoteNonce.Data);
 
-            byte[] keyData;
-
-            if (forDecryption)
-            {
-                keyData = remoteNonce.DeriveKey(
-                    secret,
-                    salt,
-                    securityPolicy.KeyDerivationAlgorithm,
-                    encryptingKeySize + blockSize);
-            }
-            else
-            {
-                keyData = localNonce.DeriveKey(
-                    secret,
-                    salt,
-                    securityPolicy.KeyDerivationAlgorithm,
-                    encryptingKeySize + blockSize);
-            }
+            byte[] keyData = localNonce.DeriveKeyData(
+                secret,
+                salt,
+                securityPolicy.KeyDerivationAlgorithm,
+                encryptingKeySize + blockSize);
 
             Buffer.BlockCopy(keyData, 0, encryptingKey, 0, encryptingKey.Length);
             Buffer.BlockCopy(keyData, encryptingKeySize, iv, 0, iv.Length);
+
+            Console.ForegroundColor = ConsoleColor.Blue;
+            CryptoTrace.WriteLine($"EncryptingKey={CryptoTrace.KeyToString(encryptingKey)}");
+            CryptoTrace.WriteLine($"IV={CryptoTrace.KeyToString(iv)}");
+            CryptoTrace.Finish("EncryptedSecret");
         }
 
         /// <summary>
@@ -170,96 +165,117 @@ public byte[] Encrypt(byte[] secret, byte[] nonce)
 
             int signatureLength = CryptoUtils.GetSignatureLength(SenderCertificate);
 
-            using (var encoder = new BinaryEncoder(Context))
-            {
-                // write header.
-                encoder.WriteNodeId(null, DataTypeIds.EccEncryptedSecret);
-                encoder.WriteByte(null, (byte)ExtensionObjectEncoding.Binary);
+            using var encoder = new BinaryEncoder(Context);
 
-                lengthPosition = encoder.Position;
-                encoder.WriteUInt32(null, 0);
+            // write header.
+            encoder.WriteNodeId(null, DataTypeIds.EccEncryptedSecret);
+            encoder.WriteByte(null, (byte)ExtensionObjectEncoding.Binary);
 
-                encoder.WriteString(null, SecurityPolicy.Uri);
+            lengthPosition = encoder.Position;
+            encoder.WriteUInt32(null, 0);
 
-                byte[] senderCertificate = null;
+            encoder.WriteString(null, SecurityPolicy.Uri);
 
-                if (!DoNotEncodeSenderCertificate)
-                {
-                    senderCertificate = SenderCertificate.RawData;
+            byte[] senderCertificate = null;
 
-                    if (SenderIssuerCertificates != null && SenderIssuerCertificates.Count > 0)
-                    {
-                        int blobSize = senderCertificate.Length;
+            if (!DoNotEncodeSenderCertificate)
+            {
+                senderCertificate = SenderCertificate.RawData;
 
-                        foreach (X509Certificate2 issuer in SenderIssuerCertificates)
-                        {
-                            blobSize += issuer.RawData.Length;
-                        }
+                if (SenderIssuerCertificates != null && SenderIssuerCertificates.Count > 0)
+                {
+                    int blobSize = senderCertificate.Length;
 
-                        byte[] blob = new byte[blobSize];
-                        Buffer.BlockCopy(senderCertificate, 0, blob, 0, senderCertificate.Length);
+                    foreach (X509Certificate2 issuer in SenderIssuerCertificates)
+                    {
+                        blobSize += issuer.RawData.Length;
+                    }
 
-                        int pos = senderCertificate.Length;
+                    byte[] blob = new byte[blobSize];
+                    Buffer.BlockCopy(senderCertificate, 0, blob, 0, senderCertificate.Length);
 
-                        foreach (X509Certificate2 issuer in SenderIssuerCertificates)
-                        {
-                            byte[] data = issuer.RawData;
-                            Buffer.BlockCopy(data, 0, blob, pos, data.Length);
-                            pos += data.Length;
-                        }
+                    int pos = senderCertificate.Length;
 
-                        senderCertificate = blob;
+                    foreach (X509Certificate2 issuer in SenderIssuerCertificates)
+                    {
+                        byte[] data = issuer.RawData;
+                        Buffer.BlockCopy(data, 0, blob, pos, data.Length);
+                        pos += data.Length;
                     }
-                }
 
-                encoder.WriteByteString(null, senderCertificate);
-                encoder.WriteDateTime(null, DateTime.UtcNow);
-
-                byte[] senderNonce = SenderNonce.Data;
-                byte[] receiverNonce = ReceiverNonce.Data;
-
-                encoder.WriteUInt16(null, (ushort)(senderNonce.Length + receiverNonce.Length + 8));
-                encoder.WriteByteString(null, senderNonce);
-                encoder.WriteByteString(null, receiverNonce);
-
-                // create keys.
-                CreateKeysForEcc(
-                    SecurityPolicy,
-                    SenderNonce,
-                    ReceiverNonce,
-                    false,
-                    out encryptingKey,
-                    out iv);
-
-                // reserves space for padding and tag that is added by SymmetricEncryptAndSign.
-                var dataToEncrypt = new byte[4096];
-                using var stream = new MemoryStream(dataToEncrypt);
-                using var secretEncoder = new BinaryEncoder(stream, Context, false);
-
-                secretEncoder.WriteByteString(null, nonce);
-                secretEncoder.WriteByteString(null, secret);
-
-                var encryptedData = CryptoUtils.SymmetricEncryptAndSign(
-                    new ArraySegment<byte>(dataToEncrypt, 0, secretEncoder.Position),
-                    SecurityPolicy,
-                    encryptingKey,
-                    iv);
-
-                // append encrypted secret.
-                for (int ii = encryptedData.Offset; ii < encryptedData.Offset + encryptedData.Count; ii++)
-                {
-                    encoder.WriteByte(null, encryptedData.Array[ii]);
+                    senderCertificate = blob;
                 }
+            }
 
-                // save space for signature.
-                for (int ii = 0; ii < signatureLength; ii++)
-                {
-                    encoder.WriteByte(null, 0);
-                }
+            encoder.WriteByteString(null, senderCertificate);
+            encoder.WriteDateTime(null, DateTime.UtcNow);
+
+            byte[] senderNonce = SenderNonce.Data;
+            byte[] receiverNonce = ReceiverNonce.Data;
+
+            encoder.WriteUInt16(null, (ushort)(senderNonce.Length + receiverNonce.Length + 8));
+            int senderNonceStart = encoder.Position;
+            encoder.WriteByteString(null, senderNonce);
+            int senderNonceEnd = encoder.Position;
+            encoder.WriteByteString(null, receiverNonce);
+            int receiverNonceEnd = encoder.Position;
+
+            // create keys.
+            CreateKeysForEcc(
+                SecurityPolicy,
+                SenderNonce,
+                ReceiverNonce,
+                false,
+                out encryptingKey,
+                out iv);
+
+            // reserves space for padding and tag that is added by SymmetricEncryptAndSign.
+            int startOfSecret = encoder.Position;
+            encoder.WriteByteString(null, nonce);
+            encoder.WriteByteString(null, secret);
 
-                message = encoder.CloseAndReturnBuffer();
+            int paddingCount = 0;
+            int tagLength = 0;
+
+            switch (SecurityPolicy.SymmetricEncryptionAlgorithm)
+            {
+                case SymmetricEncryptionAlgorithm.Aes128Cbc:
+                case SymmetricEncryptionAlgorithm.Aes256Cbc:
+                    paddingCount = GetPaddingCount(SecurityPolicy.InitializationVectorLength, encoder.Position - startOfSecret);
+                    tagLength = 0;
+                    break;
+                case SymmetricEncryptionAlgorithm.Aes128Gcm:
+                case SymmetricEncryptionAlgorithm.Aes256Gcm:
+                case SymmetricEncryptionAlgorithm.ChaCha20Poly1305:
+                    paddingCount = GetPaddingCount(encryptingKey.Length, encoder.Position - startOfSecret);
+                    tagLength = SecurityPolicy.SymmetricSignatureLength;
+                    break;
             }
 
+            for (int ii = 0; ii < paddingCount; ii++)
+            {
+                encoder.WriteByte(null, (byte)paddingCount);
+            }
+
+            encoder.WriteByte(null, (byte)paddingCount);
+            encoder.WriteByte(null, 0);
+
+            int endOfSecret = encoder.Position;
+
+            // save space for tag.
+            for (int ii = 0; ii < tagLength; ii++)
+            {
+                encoder.WriteByte(null, 0xAB);
+            }
+
+            // save space for signature.
+            for (int ii = 0; ii < signatureLength; ii++)
+            {
+                encoder.WriteByte(null, 0xDE);
+            }
+
+            message = encoder.CloseAndReturnBuffer();
+
             int length = message.Length - lengthPosition - 4;
 
             message[lengthPosition++] = (byte)(length & 0xFF);
@@ -267,19 +283,41 @@ public byte[] Encrypt(byte[] secret, byte[] nonce)
             message[lengthPosition++] = (byte)((length & 0xFF0000) >> 16);
             message[lengthPosition++] = (byte)((length & 0xFF000000) >> 24);
 
+            _ = CryptoUtils.SymmetricEncryptAndSign(
+                new ArraySegment<byte>(message, startOfSecret, endOfSecret - startOfSecret),
+                SecurityPolicy,
+                encryptingKey,
+                iv);
+
             var dataToSign = new ArraySegment<byte>(message, 0, message.Length - signatureLength);
-            byte[] signature = CryptoUtils.Sign(dataToSign, SenderCertificate, SecurityPolicy.AsymmetricSignatureAlgorithm);
+
+            byte[] signature = CryptoUtils.Sign(
+                dataToSign,
+                SenderCertificate,
+                SecurityPolicy.AsymmetricSignatureAlgorithm);
 
             Buffer.BlockCopy(
                 signature,
                 0,
                 message,
-                message.Length - signatureLength,
+                endOfSecret + tagLength,
                 signatureLength);
 
             return message;
         }
 
+        private int GetPaddingCount(int blockSize, int dataLength)
+        {
+            int paddingCount = blockSize - ((dataLength + 2) % blockSize);
+
+            if (paddingCount == blockSize)
+            {
+                paddingCount = 0;
+            }
+
+            return paddingCount;
+        }
+
         /// <summary>
         /// Verifies the header for an ECC encrypted message and returns the encrypted data.
         /// </summary>
@@ -312,14 +350,11 @@ private ArraySegment<byte> VerifyHeaderForEcc(
                 throw new ServiceResultException(StatusCodes.BadDataEncodingUnsupported);
             }
 
-            uint length = decoder.ReadUInt32(null);
-
-            // get the start of data.
-            int startOfData = decoder.Position + dataToDecrypt.Offset;
+            int length = (int)decoder.ReadUInt32(null) + decoder.Position;
 
             SecurityPolicy = SecurityPolicies.GetInfo(decoder.ReadString(null));
 
-            if (SecurityPolicy.CertificateKeyFamily != CertificateKeyFamily.ECC)
+            if (SecurityPolicy.EphemeralKeyAlgorithm == CertificateKeyAlgorithm.None)
             {
                 throw new ServiceResultException(StatusCodes.BadSecurityPolicyRejected);
             }
@@ -360,7 +395,7 @@ private ArraySegment<byte> VerifyHeaderForEcc(
                 throw new ServiceResultException(StatusCodes.BadInvalidTimestamp);
             }
 
-            // extract the policy header.
+            // extract the key data length.
             ushort headerLength = decoder.ReadUInt16(null);
 
             if (headerLength == 0 || headerLength > length)
@@ -368,15 +403,18 @@ private ArraySegment<byte> VerifyHeaderForEcc(
                 throw new ServiceResultException(StatusCodes.BadDecodingError);
             }
 
-            // read the policy header.
+            // read the key data.
+            int senderNonceStart = decoder.Position;
             byte[] senderPublicKey = decoder.ReadByteString(null);
+            int senderNonceEnd = decoder.Position;
             byte[] receiverPublicKey = decoder.ReadByteString(null);
+            int receiverNonceEnd = decoder.Position;
 
             if (headerLength != senderPublicKey.Length + receiverPublicKey.Length + 8)
             {
                 throw new ServiceResultException(
                     StatusCodes.BadDecodingError,
-                    "Unexpected policy header length");
+                    "Unexpected key data length");
             }
 
             int startOfEncryption = decoder.Position;
@@ -399,17 +437,18 @@ private ArraySegment<byte> VerifyHeaderForEcc(
             }
 
             byte[] signature = new byte[signatureLength];
+
             Buffer.BlockCopy(
                 dataToDecrypt.Array,
-                startOfData + (int)length - signatureLength,
+                dataToDecrypt.Offset + dataToDecrypt.Count - signatureLength,
                 signature,
                 0,
                 signatureLength);
 
             var dataToSign = new ArraySegment<byte>(
                 dataToDecrypt.Array,
-                0,
-                startOfData + (int)length - signatureLength);
+                dataToDecrypt.Offset,
+                dataToDecrypt.Count - signatureLength);
 
             if (!CryptoUtils.Verify(dataToSign, signature, SenderCertificate, SecurityPolicy.AsymmetricSignatureAlgorithm))
             {
@@ -421,8 +460,8 @@ private ArraySegment<byte> VerifyHeaderForEcc(
             // extract the encrypted data.
             return new ArraySegment<byte>(
                 dataToDecrypt.Array,
-                startOfEncryption,
-                (int)length - (startOfEncryption - startOfData + signatureLength));
+                dataToDecrypt.Offset + startOfEncryption,
+                dataToDecrypt.Count - startOfEncryption - signatureLength);
         }
 
         /// <summary>
@@ -457,19 +496,16 @@ public byte[] Decrypt(
                 out byte[] encryptingKey,
                 out byte[] iv);
 
-            byte[] bytes = new byte[dataToDecrypt.Count];
-            Buffer.BlockCopy(dataToDecrypt.Array, dataToDecrypt.Offset, bytes, 0, dataToDecrypt.Count);
-
             ArraySegment<byte> plainText = CryptoUtils.SymmetricDecryptAndVerify(
-                new ArraySegment<byte>(bytes),
+                dataToDecrypt,
                 SecurityPolicy,
                 encryptingKey,
                 iv);
 
             using var decoder = new BinaryDecoder(
                 plainText.Array,
-                plainText.Offset,
-                plainText.Count,
+                plainText.Offset + dataToDecrypt.Offset,
+                plainText.Count - dataToDecrypt.Offset,
                 Context);
 
             byte[] actualNonce = decoder.ReadByteString(null);
@@ -489,7 +525,25 @@ public byte[] Decrypt(
                 }
             }
 
-            return decoder.ReadByteString(null);
+            var key = decoder.ReadByteString(null);
+            var paddingCount = decoder.ReadByte(null);
+
+            int error = 0;
+
+            for (int ii = 0; ii < paddingCount; ii++)
+            {
+                var padding = decoder.ReadByte(null);
+                error |= (padding & ~paddingCount);
+            }
+
+            var highByte = decoder.ReadByte(null);
+
+            if (error != 0 || highByte != 0)
+            {
+                throw new ServiceResultException(StatusCodes.BadDecodingError);
+            }
+
+            return key;
         }
     }
 }
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs b/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs
index adf8d85eec..5b2ce522ea 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs
@@ -11,8 +11,11 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */
 
 using System;
+using System.Collections.Generic;
+using System.Numerics;
 using System.Runtime.Serialization;
 using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
 #if CURVE25519
 using Org.BouncyCastle.Pkcs;
 using Org.BouncyCastle.X509;
@@ -31,18 +34,20 @@ namespace Opc.Ua
     /// <summary>
     /// Represents a cryptographic nonce used for secure communication.
     /// </summary>
-    [Serializable]
-    public class Nonce : IDisposable, ISerializable
+    public class Nonce : IDisposable
     {
+        private ECDiffieHellman m_ecdh;
+        private RSADiffieHellman m_rsadh;
+        private static readonly RandomNumberGenerator s_rng = RandomNumberGenerator.Create();
+        private static uint s_minNonceLength = 32;
+
         /// <summary>
         /// Constructor
         /// </summary>
         private Nonce()
         {
             m_ecdh = null;
-#if CURVE25519
-            m_bcKeyPair = null;
-#endif
+            m_rsadh = null;
         }
 
         /// <summary>
@@ -55,6 +60,7 @@ internal byte[] GenerateSecret(
             byte[] previousSecret)
         {
             byte[] ikm = null;
+            CryptoTrace.Start(ConsoleColor.Cyan, $"GenerateSecret");
 
 #if NET8_0_OR_GREATER
 #if xDEBUG
@@ -62,13 +68,22 @@ internal byte[] GenerateSecret(
 
             if (m_ecdh.TryExportECPrivateKeyPem(privateKey, out int charsWritten))
             {
-                Console.WriteLine($"Private Key PEM ({charsWritten} chars):");
+                CryptoTrace.WriteLine($"Private Key PEM ({charsWritten} chars):");
             }
 #endif
 
-            ikm = m_ecdh.DeriveRawSecretAgreement(remoteNonce.m_ecdh.PublicKey);
+            if (m_ecdh != null)
+            {
+                ikm = m_ecdh.DeriveRawSecretAgreement(remoteNonce.m_ecdh.PublicKey);
 
-            Console.WriteLine($"GenerateSecretRaw:ikm={Opc.Ua.Bindings.TcpMessageType.KeyToString(ikm)}");
+            }
+            else if (m_rsadh != null)
+            {
+                ikm = m_rsadh.DeriveRawSecretAgreement(remoteNonce.m_rsadh);
+            }
+
+            CryptoTrace.WriteLine($"IKM-Raw={CryptoTrace.KeyToString(ikm)}");
+            CryptoTrace.WriteLine($"Previous-IKM={CryptoTrace.KeyToString(previousSecret)}");
 
             if (previousSecret != null)
             {
@@ -78,8 +93,9 @@ internal byte[] GenerateSecret(
                 }
             }
 
-            Console.WriteLine($"GenerateSecret:ikm={Opc.Ua.Bindings.TcpMessageType.KeyToString(ikm)}");
-            Console.WriteLine($"GenerateSecret:previousSecret={Opc.Ua.Bindings.TcpMessageType.KeyToString(previousSecret)}");
+            CryptoTrace.WriteLine($"IKM-XOR={CryptoTrace.KeyToString(ikm)}");
+            CryptoTrace.Finish("GenerateSecret");
+
 #endif
             return ikm;
         }
@@ -92,65 +108,70 @@ internal byte[] GenerateSecret(
         /// <param name="algorithm">The hash algorithm to use in key derivation.</param>
         /// <param name="length">The length of the derived key.</param>
         /// <returns>The derived key.</returns>
-        public byte[] DeriveKey(
+        public byte[] DeriveKeyData(
             byte[] secret,
             byte[] salt,
             KeyDerivationAlgorithm algorithm,
             int length)
         {
-            if (m_ecdh != null)
+            CryptoTrace.Start(ConsoleColor.DarkCyan, $"DeriveKeyData");
+            CryptoTrace.WriteLine($"Secret={CryptoTrace.KeyToString(secret)}");
+            CryptoTrace.WriteLine($"Salt={CryptoTrace.KeyToString(salt)}");
+
+            using HMAC extract = algorithm switch
             {
-                HMAC hmac = algorithm switch
-                {
-                    KeyDerivationAlgorithm.HKDFSha256 => new HMACSHA256(salt),
-                    KeyDerivationAlgorithm.HKDFSha384 => new HMACSHA384(salt),
-                    _ => new HMACSHA256(salt)
-                };
+                KeyDerivationAlgorithm.HKDFSha256 => new HMACSHA256(salt),
+                KeyDerivationAlgorithm.HKDFSha384 => new HMACSHA384(salt),
+                _ => new HMACSHA256(salt)
+            };
 
-                //byte[] secret2 = m_ecdh.DeriveKeyFromHmac(
-                //    remoteNonce.m_ecdh.PublicKey,
-                //    algorithm,
-                //    salt,
-                //    null,
-                //    null);
+            byte[] prk = extract.ComputeHash(secret);
+            CryptoTrace.WriteLine($"PRK={CryptoTrace.KeyToString(prk)}");
 
-                //System.Console.WriteLine($"PRK2={Utils.ToHexString(secret2).Substring(0, 8)}");
+            using HMAC expand = algorithm switch
+            {
+                KeyDerivationAlgorithm.HKDFSha256 => new HMACSHA256(prk),
+                KeyDerivationAlgorithm.HKDFSha384 => new HMACSHA384(prk),
+                _ => new HMACSHA256(prk)
+            };
 
-                byte[] output = new byte[length];
+            byte[] output = new byte[length];
+            byte counter = 1;
 
-                byte counter = 1;
+            byte[] info = new byte[(expand.HashSize / 8) + salt.Length + 1];
+            Buffer.BlockCopy(salt, 0, info, 0, salt.Length);
+            info[salt.Length] = counter++;
 
-                byte[] info = new byte[(hmac.HashSize / 8) + salt.Length + 1];
-                Buffer.BlockCopy(salt, 0, info, 0, salt.Length);
-                info[salt.Length] = counter++;
+            // computer T(1)
+            byte[] hash = expand.ComputeHash(info, 0, salt.Length + 1);
+            CryptoTrace.WriteLine($"T(1)={CryptoTrace.KeyToString(hash)}");
 
-                byte[] hash = hmac.ComputeHash(info, 0, salt.Length + 1);
+            int pos = 0;
 
-                int pos = 0;
+            for (int ii = 0; ii < hash.Length && pos < length; ii++)
+            {
+                output[pos++] = hash[ii];
+            }
+
+            while (pos < length)
+            {
+                Buffer.BlockCopy(hash, 0, info, 0, hash.Length);
+                Buffer.BlockCopy(salt, 0, info, hash.Length, salt.Length);
+                info[^1] = counter++;
+
+                hash = expand.ComputeHash(info, 0, info.Length);
+                CryptoTrace.WriteLine($"T({counter - 1})={CryptoTrace.KeyToString(hash)}");
 
                 for (int ii = 0; ii < hash.Length && pos < length; ii++)
                 {
                     output[pos++] = hash[ii];
                 }
-
-                while (pos < length)
-                {
-                    Buffer.BlockCopy(hash, 0, info, 0, hash.Length);
-                    Buffer.BlockCopy(salt, 0, info, hash.Length, salt.Length);
-                    info[^1] = counter++;
-
-                    hash = hmac.ComputeHash(info, 0, info.Length);
-
-                    for (int ii = 0; ii < hash.Length && pos < length; ii++)
-                    {
-                        output[pos++] = hash[ii];
-                    }
-                }
-
-                return output;
             }
 
-            return Data;
+            CryptoTrace.WriteLine($"KeyData={CryptoTrace.KeyToString(output)}");
+            CryptoTrace.Finish("DeriveKeyData");
+
+            return output;
         }
 
         /// <summary>
@@ -172,8 +193,16 @@ public static Nonce CreateNonce(SecurityPolicyInfo securityPolicy)
                 throw new ArgumentNullException(nameof(securityPolicy));
             }
 
-            switch (securityPolicy.CertificateKeyAlgorithm)
+            switch (securityPolicy.EphemeralKeyAlgorithm)
             {
+                case CertificateKeyAlgorithm.RSADH:
+                    return securityPolicy.MinAsymmetricKeyLength switch
+                    {
+                        //2048 => CreateNonce(RSADiffieHellmanGroup.FFDHE2048),
+                        //3072 => CreateNonce(RSADiffieHellmanGroup.FFDHE3072),
+                        //4096 => CreateNonce(RSADiffieHellmanGroup.FFDHE4096),
+                        _ => CreateNonce(RSADiffieHellmanGroup.FFDHE4096)
+                    };
                 case CertificateKeyAlgorithm.NistP256:
                     return CreateNonce(ECCurve.NamedCurves.nistP256);
                 case CertificateKeyAlgorithm.NistP384:
@@ -187,6 +216,17 @@ public static Nonce CreateNonce(SecurityPolicyInfo securityPolicy)
             }
         }
 
+        /// <summary>
+        /// Creates a new Nonce object for the specified RSA DiffieHellman group.
+        /// </summary>
+        public static Nonce CreateNonce(RSADiffieHellmanGroup group)
+        {
+            var nonce = new Nonce();
+            nonce.m_rsadh = RSADiffieHellman.Create(group);
+            nonce.Data = nonce.m_rsadh.GetNonce();
+            return nonce;
+        }
+
         /// <summary>
         /// Creates a new Nonce object for the specified security policy URI and nonce data.
         /// </summary>
@@ -202,9 +242,15 @@ public static Nonce CreateNonce(SecurityPolicyInfo securityPolicy, byte[] nonceD
                 throw new ArgumentNullException(nameof(nonceData));
             }
 
-            var nonce = new Nonce { Data = nonceData };
+            if (securityPolicy.EphemeralKeyAlgorithm == CertificateKeyAlgorithm.RSADH)
+            {
+                var nonce = new Nonce();
+                nonce.m_rsadh = RSADiffieHellman.Create(nonceData);
+                nonce.Data = nonceData;
+                return nonce;
+            }
 
-            switch (securityPolicy.CertificateKeyAlgorithm)
+            switch (securityPolicy.EphemeralKeyAlgorithm)
             {
                 case CertificateKeyAlgorithm.NistP256:
                     return CreateNonce(ECCurve.NamedCurves.nistP256, nonceData);
@@ -219,7 +265,7 @@ public static Nonce CreateNonce(SecurityPolicyInfo securityPolicy, byte[] nonceD
                 case CertificateKeyAlgorithm.Curve448:
                     return CreateNonceForCurve448(nonceData);
                 default:
-                    return nonce;
+                    return new Nonce { Data = nonceData };
             }
         }
 
@@ -386,119 +432,291 @@ private static Nonce CreateNonce(ECCurve curve)
             return new Nonce { Data = senderNonce, m_ecdh = ecdh };
         }
 
-#if CURVE25519
         /// <summary>
-        /// Creates a new Nonce object to be used in Curve25519 cryptography.
+        /// Frees any unmanaged resources.
         /// </summary>
-        /// <returns>A new Nonce object.</returns>
-        private static Nonce CreateNonceForCurve25519()
+        public void Dispose()
         {
-            SecureRandom random = new SecureRandom();
-            IAsymmetricCipherKeyPairGenerator generator = new X25519KeyPairGenerator();
-            generator.Init(new X25519KeyGenerationParameters(random));
-
-            var keyPair = generator.GenerateKeyPair();
-
-            byte[] senderNonce = new byte[X25519PublicKeyParameters.KeySize];
-            ((X25519PublicKeyParameters)(keyPair.Public)).Encode(senderNonce, 0);
-
-            var nonce = new Nonce() { Data = senderNonce, m_bcKeyPair = keyPair };
-
-            return nonce;
+            Dispose(true);
+            GC.SuppressFinalize(this);
         }
 
         /// <summary>
-        /// Creates a Nonce object using the X448 elliptic curve algorithm.
+        /// An overrideable version of the Dispose.
         /// </summary>
-        /// <returns>A Nonce object containing the generated nonce data and key pair.</returns>
-        private static Nonce CreateNonceForCurve448()
+        protected virtual void Dispose(bool disposing)
         {
-            SecureRandom random = new SecureRandom();
-            IAsymmetricCipherKeyPairGenerator generator = new X448KeyPairGenerator();
-            generator.Init(new X448KeyGenerationParameters(random));
+            if (disposing)
+            {
+                if (m_ecdh != null)
+                {
+                    m_ecdh.Dispose();
+                    m_ecdh = null;
+                }
+            }
+        }
+    }
 
-            var keyPair = generator.GenerateKeyPair();
+    /// <summary>
+    /// The known RSA Diffie-Hellman groups.
+    /// </summary>
+    public enum RSADiffieHellmanGroup
+    {
+        /// <summary>
+        /// The 2048-bit finite field Diffie-Hellman ephemeral group defined in RFC 7919.
+        /// </summary>
+        FFDHE2048,
 
-            byte[] senderNonce = new byte[X448PublicKeyParameters.KeySize];
-            ((X448PublicKeyParameters)(keyPair.Public)).Encode(senderNonce, 0);
+        /// <summary>
+        /// The 3072-bit finite field Diffie-Hellman ephemeral group defined in RFC 7919.
+        /// </summary>
+        FFDHE3072,
 
-            var nonce = new Nonce() { Data = senderNonce, m_bcKeyPair = keyPair };
+        /// <summary>
+        /// The 4096-bit finite field Diffie-Hellman ephemeral group defined in RFC 7919.
+        /// </summary>
+        FFDHE4096
+    }
 
-            return nonce;
-        }
-#endif
+    /// <summary>
+    /// A RSA Diffie-Hellman key exchange implementation.
+    /// </summary>
+    public class RSADiffieHellman
+    {
+        private BigInteger m_privateKey;
+        private BigInteger m_publicKey;
+        private int m_nonceLength;
+
+        // ffdhe2048 prime from RFC 7919 (hex, without whitespace).  
+        // (RFC 7919 Appendix A.3 — use this canonical modulus in production.)
+        const string FFDHE2048_HEX = @"
+            FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1
+            D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9
+            7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561
+            2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935
+            984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735
+            30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB
+            B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19
+            0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61
+            9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73
+            3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA
+            886B4238 61285C97 FFFFFFFF FFFFFFFF";
+
+        static readonly Lazy<BigInteger> s_P2048 = new(() => RfcTextToBytes(FFDHE2048_HEX));
+
+        const int k_FFDHE2048_MinExponent = 224;
+        const int k_FFDHE2048_MaxExponent = 255;
+
+        const string FFDHE3072_HEX = @"
+            FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1
+            D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9
+            7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561
+            2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935
+            984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735
+            30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB
+            B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19
+            0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61
+            9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73
+            3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA
+            886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238
+            61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C
+            AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3
+            64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D
+            ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF
+            3C1B20EE 3FD59D7C 25E41D2B 66C62E37 FFFFFFFF FFFFFFFF";
+
+        static readonly Lazy<BigInteger> s_P3072 = new(() => RfcTextToBytes(FFDHE3072_HEX));
+
+        const int k_FFDHE3072_MinExponent = 275;
+        const int k_FFDHE3072_MaxExponent = 383;
+
+        const string FFDHE4096_HEX = @"
+            FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1
+            D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9
+            7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561
+            2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935
+            984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735
+            30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB
+            B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19
+            0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61
+            9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73
+            3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA
+            886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238
+            61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C
+            AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3
+            64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D
+            ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF
+            3C1B20EE 3FD59D7C 25E41D2B 669E1EF1 6E6F52C3 164DF4FB
+            7930E9E4 E58857B6 AC7D5F42 D69F6D18 7763CF1D 55034004
+            87F55BA5 7E31CC7A 7135C886 EFB4318A ED6A1E01 2D9E6832
+            A907600A 918130C4 6DC778F9 71AD0038 092999A3 33CB8B7A
+            1A1DB93D 7140003C 2A4ECEA9 F98D0ACC 0A8291CD CEC97DCF
+            8EC9B55A 7F88A46B 4DB5A851 F44182E1 C68A007E 5E655F6A";
+
+        static readonly Lazy<BigInteger> s_P4096 = new(() => RfcTextToBytes(FFDHE4096_HEX));
+
+        const int k_FFDHE4096_MinExponent = 325;
+        const int k_FFDHE4096_MaxExponent = 511;
+
+        private static readonly Lazy<RandomNumberGenerator> s_rng = new(() => RandomNumberGenerator.Create());
+
+        // Generator for FFDHE groups is 2
+        static readonly BigInteger s_G = new BigInteger(2);
 
         /// <summary>
-        /// Custom deserialization
+        /// Creates a new RSADiffieHellman instance for the specified group.
         /// </summary>
-        protected Nonce(SerializationInfo info, StreamingContext context)
+        public static RSADiffieHellman Create(RSADiffieHellmanGroup group)
         {
-            string curveName = info.GetString("CurveName");
+            int min = 0;
+            int max = 0;
+            BigInteger p;
 
-            if (curveName != null)
+            switch (group)
             {
-                var ecParams = new ECParameters
-                {
-                    Curve = ECCurve.CreateFromFriendlyName(curveName),
-                    Q = new ECPoint
-                    {
-                        X = (byte[])info.GetValue("QX", typeof(byte[])),
-                        Y = (byte[])info.GetValue("QY", typeof(byte[]))
-                    }
-                };
-                m_ecdh = ECDiffieHellman.Create(ecParams);
+                case RSADiffieHellmanGroup.FFDHE2048:
+                    p = s_P2048.Value;
+                    min = k_FFDHE2048_MinExponent;
+                    max = k_FFDHE2048_MaxExponent;
+                    break;
+                case RSADiffieHellmanGroup.FFDHE3072:
+                    p = s_P3072.Value;
+                    min = k_FFDHE3072_MinExponent;
+                    max = k_FFDHE3072_MaxExponent;
+                    break;
+                case RSADiffieHellmanGroup.FFDHE4096:
+                    p = s_P4096.Value;
+                    min = k_FFDHE4096_MinExponent;
+                    max = k_FFDHE4096_MaxExponent;
+                    break;
+                default:
+                    throw new NotSupportedException("Unsupported RSA DH finite group type.");
             }
-            Data = (byte[])info.GetValue("Data", typeof(byte[]));
-        }
 
-        private ECDiffieHellman m_ecdh;
-#if CURVE25519
-        private AsymmetricCipherKeyPair m_bcKeyPair;
-#endif
+            var dh = new RSADiffieHellman();
 
-        private static readonly RandomNumberGenerator s_rng = RandomNumberGenerator.Create();
-        private static uint s_minNonceLength = 32;
+            byte[] seed = new byte[1];
+            s_rng.Value.GetBytes(seed);
+            int keyLength = seed[0] % (max - min + 1) + min;
+
+            byte[] key = new byte[1 + (keyLength + 7)/ 8];
+            s_rng.Value.GetBytes(key);
+            key[key.Length - 1] = 0;
+
+            dh.m_privateKey = new BigInteger(key);
+            dh.m_publicKey = BigInteger.ModPow(s_G, dh.m_privateKey, p);
+            dh.m_nonceLength = max + 1;
+
+            return dh;
+        }
 
         /// <summary>
-        /// Frees any unmanaged resources.
+        /// Creates a new RSADiffieHellman instance from the nonce.
         /// </summary>
-        public void Dispose()
+        public static RSADiffieHellman Create(byte[] nonce)
         {
-            Dispose(true);
-            GC.SuppressFinalize(this);
+            var dh = new RSADiffieHellman();
+
+            var bytes = new byte[nonce.Length+1];
+
+            for (int ii = 0; ii < nonce.Length; ii++)
+            {
+                bytes[ii] = nonce[nonce.Length - ii - 1];
+            }
+
+            dh.m_publicKey = new BigInteger(bytes);
+            dh.m_nonceLength = nonce.Length;
+
+            return dh;
         }
 
         /// <summary>
-        /// An overrideable version of the Dispose.
+        /// Returns the nonce representing the public key.
         /// </summary>
-        protected virtual void Dispose(bool disposing)
+        public byte[] GetNonce()
         {
-            if (disposing && m_ecdh != null)
+            var nonce = new byte[m_nonceLength];
+            var publicKey = m_publicKey.ToByteArray();
+
+            for (int ii = 0; ii < publicKey.Length && ii < nonce.Length; ii++)
             {
-                m_ecdh.Dispose();
-                m_ecdh = null;
+                nonce[nonce.Length - 1 - ii] = publicKey[ii];
             }
+
+            return nonce;
         }
 
         /// <summary>
-        /// Custom serialization
+        /// Derives the raw secret agreement from the remote key.
         /// </summary>
-        public void GetObjectData(SerializationInfo info, StreamingContext context)
+        public byte[] DeriveRawSecretAgreement(RSADiffieHellman remoteKey)
         {
-            if (m_ecdh != null)
+            if (m_privateKey.IsZero)
+            {
+                throw new InvalidOperationException("Private key not available.");
+            }
+
+            BigInteger p;
+
+            switch (m_nonceLength)
+            {
+                case 256:
+                    p = s_P2048.Value;
+                    break;
+                case 384:
+                    p = s_P3072.Value;
+                    break;
+                case 512:
+                    p = s_P4096.Value;
+                    break;
+                default:
+                    throw new NotSupportedException("Unsupported RSA DH finite group type.");
+            }
+
+            var shared = BigInteger.ModPow(remoteKey.m_publicKey, m_privateKey, p);
+
+            var bytes = shared.ToByteArray();
+
+            if (bytes.Length < m_nonceLength)
             {
-                ECParameters ecParams = m_ecdh.ExportParameters(false);
-                info.AddValue("CurveName", ecParams.Curve.Oid.FriendlyName);
-                info.AddValue("QX", ecParams.Q.X);
-                info.AddValue("QY", ecParams.Q.Y);
+                var padded = new byte[m_nonceLength];
+                Array.Copy(bytes, 0, padded, 0, bytes.Length);
+                bytes = padded;
             }
-            else
+
+            // make sure bytes are in big-endian order.
+            Array.Reverse(bytes);
+
+            return bytes;
+        }
+
+        private static BigInteger RfcTextToBytes(string rfcText)
+        {
+            var bytes = new List<byte>();
+            var digit = new char[2];
+            int pos = 0;
+
+            bytes.Add(0);
+
+            for (int ii = 0; ii < rfcText.Length; ii++)
             {
-                info.AddValue("CurveName", null);
-                info.AddValue("QX", null);
-                info.AddValue("QY", null);
+                if (char.IsWhiteSpace(rfcText[ii]))
+                {
+                    continue;
+                }
+
+                digit[pos++] = rfcText[ii];
+
+                if (pos == 2)
+                {
+                    bytes.Add(Convert.ToByte(new string(digit), 16));
+                    pos = 0;
+                }
             }
-            info.AddValue("Data", Data);
+
+            bytes.Reverse();
+            var integer = new BigInteger(bytes.ToArray());
+            return integer;
         }
     }
 }
diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
index 0d2f62265a..e1b5bf3b70 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
@@ -69,7 +69,7 @@ public static class SecurityPolicies
         /// <summary>
         /// The URI for the RSA_DH_AES_GCM security policy.
         /// </summary>
-        public const string RSA_DH_AES_GCM = BaseUri + "RSA_DH_AES_GCM";
+        public const string RSA_DH_AesGcm = BaseUri + "RSA_DH_AesGcm";
 
         /// <summary>
         /// The URI for the RSA_DH_ChaChaPoly security policy.
@@ -185,7 +185,7 @@ private static bool IsPlatformSupportedName(string name)
                 name.Equals(nameof(Basic128Rsa15), StringComparison.Ordinal) ||
                 name.Equals(nameof(Basic256Sha256), StringComparison.Ordinal) ||
                 name.Equals(nameof(Aes128_Sha256_RsaOaep), StringComparison.Ordinal) ||
-                name.Equals(nameof(RSA_DH_AES_GCM), StringComparison.Ordinal) ||
+                name.Equals(nameof(RSA_DH_AesGcm), StringComparison.Ordinal) ||
                 name.Equals(nameof(RSA_DH_ChaChaPoly), StringComparison.Ordinal))
             {
                 return true;
@@ -593,16 +593,6 @@ public static SignatureData CreateSignatureData(
                     securityPolicyUri);
             }
 
-            System.Console.WriteLine(
-                $"CreateSignatureData\r\n" +
-                $"secureChannelSecret: {ToFragment(secureChannelSecret)}\r\n" +
-                $"remoteCertificate: {ToFragment(remoteCertificate)}\r\n" +
-                $"remoteChannelCertificate: {ToFragment(remoteChannelCertificate)}\r\n" +
-                $"localChannelCertificate: {ToFragment(localChannelCertificate)}\r\n" +
-                $"remoteNonce: {ToFragment(remoteNonce)}\r\n" +
-                $"localNonce: {ToFragment(localNonce)}"
-            );
-
             // create the data to sign.
             byte[] dataToSign = (info.SecureChannelEnhancements)
                 ? Utils.Append(
@@ -647,46 +637,22 @@ public static SignatureData CreateSignatureData(
             {
                 case AsymmetricSignatureAlgorithm.RsaPkcs15Sha1:
                     signatureData.Algorithm = SecurityAlgorithms.RsaSha1;
-                    signatureData.Signature = RsaUtils.Rsa_Sign(
-                        new ArraySegment<byte>(dataToSign),
-                        localCertificate,
-                        HashAlgorithmName.SHA1,
-                        RSASignaturePadding.Pkcs1);
                     break;
                 case AsymmetricSignatureAlgorithm.RsaPkcs15Sha256:
                     signatureData.Algorithm = SecurityAlgorithms.RsaSha256;
-                    signatureData.Signature = RsaUtils.Rsa_Sign(
-                        new ArraySegment<byte>(dataToSign),
-                        localCertificate,
-                        HashAlgorithmName.SHA256,
-                        RSASignaturePadding.Pkcs1);
                     break;
                 case AsymmetricSignatureAlgorithm.RsaPssSha256:
                     signatureData.Algorithm = SecurityAlgorithms.RsaPssSha256;
-                    signatureData.Signature = RsaUtils.Rsa_Sign(
-                        new ArraySegment<byte>(dataToSign),
-                        localCertificate,
-                        HashAlgorithmName.SHA256,
-                        RSASignaturePadding.Pss);
                     break;
                 case AsymmetricSignatureAlgorithm.EcdsaSha256:
-                    signatureData.Algorithm = null;
-                    signatureData.Signature = CryptoUtils.Sign(
-                        new ArraySegment<byte>(dataToSign),
-                        localCertificate,
-                        securityPolicy.AsymmetricSignatureAlgorithm);
-                    break;
                 case AsymmetricSignatureAlgorithm.EcdsaSha384:
                     signatureData.Algorithm = null;
-                    signatureData.Signature = CryptoUtils.Sign(
-                        new ArraySegment<byte>(dataToSign),
-                        localCertificate,
-                        securityPolicy.AsymmetricSignatureAlgorithm);
                     break;
                 case AsymmetricSignatureAlgorithm.None:
                     signatureData.Algorithm = null;
                     signatureData.Signature = null;
-                    break;
+                    return signatureData;
+                    ;
                 default:
                     throw ServiceResultException.Create(
                         StatusCodes.BadSecurityPolicyRejected,
@@ -694,6 +660,11 @@ public static SignatureData CreateSignatureData(
                         securityPolicy.Uri);
             }
 
+            signatureData.Signature = CryptoUtils.Sign(
+                new ArraySegment<byte>(dataToSign),
+                localCertificate,
+                securityPolicy.AsymmetricSignatureAlgorithm);
+
             return signatureData;
         }
 
@@ -731,16 +702,6 @@ public static bool VerifySignatureData(
                     securityPolicyUri);
             }
 
-            System.Console.WriteLine(
-                $"VerifySignatureData\r\n" +
-                $"secureChannelSecret: {ToFragment(secureChannelSecret)}\r\n" +
-                $"localCertificate: {ToFragment(localCertificate)}\r\n" +
-                $"localChannelCertificate: {ToFragment(localChannelCertificate)}\r\n" +
-                $"remoteChannelCertificate: {ToFragment(remoteChannelCertificate)}\r\n" +
-                $"localNonce: {ToFragment(localNonce)}\r\n" +
-                $"remoteNonce: {ToFragment(remoteNonce)}"
-            );
-
             // create the data to sign.
             byte[] dataToVerify = (info.SecureChannelEnhancements)
                 ? Utils.Append(
@@ -870,21 +831,6 @@ public static bool VerifySignatureData(
                 signature.Algorithm);
         }
 
-        static string ToFragment(byte[] input)
-        {
-            if (input != null)
-            {
-                if (input.Length < 8)
-                {
-                    return Utils.ToHexString(input);
-                }
-
-                return Utils.ToHexString(input).Substring(0, 16);
-            }
-
-            return "null";
-        }
-
         /// <summary>
         /// Creates a dictionary of uris to name excluding base uri
         /// </summary>
diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
index 5f67d33c6a..2abe255918 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
@@ -157,22 +157,42 @@ public SecurityPolicyInfo(string uri, string name = null)
             SymmetricEncryptionAlgorithm == SymmetricEncryptionAlgorithm.ChaCha20Poly1305;
 
         /// <summary>
-        /// Returns the derived key data length in bytes as a little endian UInt16.
+        /// Returns the derived server key data length.
         /// </summary>
-        public byte[] KeyDataLength =>
-             BitConverter.GetBytes(DerivedSignatureKeyLength + SymmetricEncryptionKeyLength + InitializationVectorLength);
+        public int ServerKeyDataLength =>
+             (DerivedSignatureKeyLength + SymmetricEncryptionKeyLength + InitializationVectorLength);
 
         /// <summary>
-        /// Returns the derived key data length for an EncryptedSecret in bytes as a little endian UInt16.
+        /// Returns the derived client key data length.
         /// </summary>
-        public byte[] KeyDataLengthForEncryptedSecret =>
-             BitConverter.GetBytes(SymmetricEncryptionKeyLength + InitializationVectorLength);
+        public int ClientKeyDataLength =>
+             (DerivedSignatureKeyLength + SymmetricEncryptionKeyLength + InitializationVectorLength + SessionActivationSecretLength);
+
+        /// <summary>
+        /// Returns the session activation secret length.
+        /// </summary>
+        public int SessionActivationSecretLength
+        {
+            get
+            {
+                //if (SecureChannelEnhancements)
+                //{
+                //    return KeyDerivationAlgorithm switch
+                //    {
+                //        KeyDerivationAlgorithm.HKDFSha256 => 32,
+                //        KeyDerivationAlgorithm.HKDFSha384 => 48,
+                //        _ => 32
+                //    };
+                //}
+                return 0;
+            }
+        }
 
         /// <summary>
         /// Returns the data to be signed by the server when creating a session.
         /// </summary>
         public byte[] GetUserTokenSignatureData(
-            byte[] secureChanneHash,
+            byte[] channelThumbprint,
             byte[] serverNonce,
             byte[] serverCertificate,
             byte[] serverChannelCertificate,
@@ -182,10 +202,20 @@ public byte[] GetUserTokenSignatureData(
         {
             byte[] data = null;
 
+            CryptoTrace.Start(ConsoleColor.Yellow, "UserTokenSignatureData");
+
             if (SecureChannelEnhancements)
             {
+                CryptoTrace.WriteLine($"ChannelThumbprint={CryptoTrace.KeyToString(channelThumbprint)}");
+                CryptoTrace.WriteLine($"ServerNonce={CryptoTrace.KeyToString(serverNonce)}");
+                CryptoTrace.WriteLine($"ServerCertificate={CryptoTrace.KeyToString(serverCertificate)}");
+                CryptoTrace.WriteLine($"ServerChannelCertificate={CryptoTrace.KeyToString(serverChannelCertificate)}");
+                CryptoTrace.WriteLine($"ClientCertificate={CryptoTrace.KeyToString(clientCertificate)}");
+                CryptoTrace.WriteLine($"ClientChannelCertificate={CryptoTrace.KeyToString(clientChannelCertificate)}");
+                CryptoTrace.WriteLine($"ClientNonce={CryptoTrace.KeyToString(clientNonce)}");
+
                 data = Utils.Append(
-                    secureChanneHash,
+                    channelThumbprint,
                     serverNonce,
                     serverCertificate,
                     serverChannelCertificate,
@@ -195,12 +225,15 @@ public byte[] GetUserTokenSignatureData(
             }
             else
             {
+                CryptoTrace.WriteLine($"ServerCertificate={CryptoTrace.KeyToString(serverCertificate)}");
+                CryptoTrace.WriteLine($"ServerNonce={CryptoTrace.KeyToString(serverNonce)}");
+
                 data = Utils.Append(
                     serverCertificate,
                     serverNonce);
             }
 
-            System.Console.WriteLine($"UserTokenSignatureData={Opc.Ua.Bindings.TcpMessageType.KeyToString(data)}");
+            CryptoTrace.Finish("UserTokenSignatureData");
             return data;
         }
 
@@ -208,7 +241,7 @@ public byte[] GetUserTokenSignatureData(
         /// Returns the data to be signed by the server when creating a session.
         /// </summary>
         public byte[] GetServerSignatureData(
-            byte[] secureChanneHash,
+            byte[] channelThumbprint,
             byte[] clientNonce,
             byte[] serverChannelCertificate,
             byte[] clientCertificate,
@@ -217,30 +250,34 @@ public byte[] GetServerSignatureData(
         {
             byte[] data = null;
 
+            CryptoTrace.Start(ConsoleColor.Yellow, "ServerSignatureData");
+
             if (SecureChannelEnhancements)
             {
+                CryptoTrace.WriteLine($"ChannelThumbprint={CryptoTrace.KeyToString(channelThumbprint)}");
+                CryptoTrace.WriteLine($"ClientNonce={CryptoTrace.KeyToString(clientNonce)}");
+                CryptoTrace.WriteLine($"ServerChannelCertificate={CryptoTrace.KeyToString(serverChannelCertificate)}");
+                CryptoTrace.WriteLine($"ClientChannelCertificate={CryptoTrace.KeyToString(clientChannelCertificate)}");
+                CryptoTrace.WriteLine($"ServerNonce={CryptoTrace.KeyToString(serverNonce)}");
+
                 data = Utils.Append(
-                    secureChanneHash,
+                    channelThumbprint,
                     clientNonce,
                     serverChannelCertificate,
                     clientChannelCertificate,
                     serverNonce);
-
-                System.Console.WriteLine($"secureChanneHash={Opc.Ua.Bindings.TcpMessageType.KeyToString(secureChanneHash)}");
-                System.Console.WriteLine($"clientNonce={Opc.Ua.Bindings.TcpMessageType.KeyToString(clientNonce)}");
-                System.Console.WriteLine($"serverChannelCertificate={Opc.Ua.Bindings.TcpMessageType.KeyToString(serverChannelCertificate)}");
-                System.Console.WriteLine($"clientChannelCertificate={Opc.Ua.Bindings.TcpMessageType.KeyToString(clientChannelCertificate)}");
-                System.Console.WriteLine($"serverNonce={Opc.Ua.Bindings.TcpMessageType.KeyToString(serverNonce)}");
-
             }
             else
             {
+                CryptoTrace.WriteLine($"ClientCertificate={CryptoTrace.KeyToString(clientCertificate)}");
+                CryptoTrace.WriteLine($"ClientNonce={CryptoTrace.KeyToString(clientNonce)}");
+
                 data = Utils.Append(
                     clientCertificate,
                     clientNonce);
             }
 
-            System.Console.WriteLine($"ServerSignatureData={Opc.Ua.Bindings.TcpMessageType.KeyToString(data)}");
+            CryptoTrace.Finish("ServerSignatureData");
             return data;
         }
 
@@ -248,7 +285,7 @@ public byte[] GetServerSignatureData(
         /// Returns the data to be signed by the client when creating a session.
         /// </summary>
         public byte[] GetClientSignatureData(
-            byte[] secureChannelHash,
+            byte[] channelThumbprint,
             byte[] serverNonce,
             byte[] serverCertificate,
             byte[] serverChannelCertificate,
@@ -257,10 +294,19 @@ public byte[] GetClientSignatureData(
         {
             byte[] data = null;
 
+            CryptoTrace.Start(ConsoleColor.Yellow, "ClientSignatureData");
+
             if (SecureChannelEnhancements)
             {
+                CryptoTrace.WriteLine($"ChannelThumbprint={CryptoTrace.KeyToString(channelThumbprint)}");
+                CryptoTrace.WriteLine($"ServerNonce={CryptoTrace.KeyToString(serverNonce)}");
+                CryptoTrace.WriteLine($"ServerCertificate={CryptoTrace.KeyToString(serverCertificate)}");
+                CryptoTrace.WriteLine($"ServerChannelCertificate={CryptoTrace.KeyToString(serverChannelCertificate)}");
+                CryptoTrace.WriteLine($"ClientChannelCertificate={CryptoTrace.KeyToString(clientChannelCertificate)}");
+                CryptoTrace.WriteLine($"ClientNonce={CryptoTrace.KeyToString(clientNonce)}");
+
                 data = Utils.Append(
-                    secureChannelHash,
+                    channelThumbprint,
                     serverNonce,
                     serverCertificate,
                     serverChannelCertificate,
@@ -269,12 +315,15 @@ public byte[] GetClientSignatureData(
             }
             else
             {
+                CryptoTrace.WriteLine($"ServerCertificate={CryptoTrace.KeyToString(serverCertificate)}");
+                CryptoTrace.WriteLine($"ServerNonce={CryptoTrace.KeyToString(serverNonce)}");
+
                 data = Utils.Append(
                     serverCertificate,
                     serverNonce);
             }
 
-            System.Console.WriteLine($"ClientSignatureData={Opc.Ua.Bindings.TcpMessageType.KeyToString(data)}");
+            CryptoTrace.Finish("ClientSignatureData");
             return data;
         }
 
@@ -314,7 +363,7 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
         /// </summary>
         public bool ValidateSessionActivationToken(
             byte[] sessionActivationToken,
-            byte[] newSecureChannelHash,
+            byte[] newChannelThumbprint,
             byte[] oldSessionActivatationSecret)
         {
             if (SecureChannelEnhancements == false)
@@ -333,7 +382,7 @@ public bool ValidateSessionActivationToken(
                 return false;
             }
 
-            if (newSecureChannelHash == null || newSecureChannelHash.Length == 0)
+            if (newChannelThumbprint == null || newChannelThumbprint.Length == 0)
             {
                 return false;
             }
@@ -353,7 +402,7 @@ public bool ValidateSessionActivationToken(
 
             using (hmac)
             {
-                byte[] expectedToken = hmac.ComputeHash(newSecureChannelHash);
+                byte[] expectedToken = hmac.ComputeHash(newChannelThumbprint);
 
                 if (!Utils.IsEqual(expectedToken, sessionActivationToken))
                 {
@@ -367,8 +416,8 @@ public bool ValidateSessionActivationToken(
         /// <summary>
         /// Creats a session activation token.
         /// </summary>
-        public byte[] CreateSessionActivationToken(
-            byte[] newSecureChannelHash,
+        public byte[] CreateSessionTransferToken(
+            byte[] newChannelThumbprint,
             byte[] oldSessionActivatationSecret)
         {
             if (SecureChannelEnhancements == false)
@@ -382,7 +431,7 @@ public byte[] CreateSessionActivationToken(
                 return null;
             }
 
-            if (newSecureChannelHash == null || newSecureChannelHash.Length == 0)
+            if (newChannelThumbprint == null || newChannelThumbprint.Length == 0)
             {
                 return null;
             }
@@ -402,7 +451,7 @@ public byte[] CreateSessionActivationToken(
 
             using (hmac)
             {
-                return hmac.ComputeHash(newSecureChannelHash);
+                return hmac.ComputeHash(newChannelThumbprint);
             }
         }
 
@@ -668,7 +717,7 @@ public byte[] CreateSessionActivationToken(
         public readonly static SecurityPolicyInfo ECC_curve448_AesGcm = new(SecurityPolicies.ECC_curve448_AesGcm)
         {
             DerivedSignatureKeyLength = 0,
-            SymmetricEncryptionKeyLength = 128 / 8,
+            SymmetricEncryptionKeyLength = 256 / 8,
             InitializationVectorLength = 96 / 8,
             SymmetricSignatureLength = 128 / 8,
             MinAsymmetricKeyLength = 456,
@@ -746,7 +795,7 @@ public byte[] CreateSessionActivationToken(
         public readonly static SecurityPolicyInfo ECC_nistP256_AesGcm = new(SecurityPolicies.ECC_nistP256_AesGcm)
         {
             DerivedSignatureKeyLength = 0,
-            SymmetricEncryptionKeyLength = 256 / 8,
+            SymmetricEncryptionKeyLength = 128 / 8,
             InitializationVectorLength = 96 / 8,
             SymmetricSignatureLength = 128 / 8,
             MinAsymmetricKeyLength = 256,
@@ -928,7 +977,7 @@ public byte[] CreateSessionActivationToken(
         public readonly static SecurityPolicyInfo ECC_brainpoolP256r1_ChaChaPoly = new(SecurityPolicies.ECC_brainpoolP256r1_ChaChaPoly)
         {
             DerivedSignatureKeyLength = 0,
-            SymmetricEncryptionKeyLength = 256 / 8,
+            SymmetricEncryptionKeyLength = 128 / 8,
             InitializationVectorLength = 96 / 8,
             SymmetricSignatureLength = 128 / 8,
             MinAsymmetricKeyLength = 256,
@@ -956,7 +1005,7 @@ public byte[] CreateSessionActivationToken(
             DerivedSignatureKeyLength = 384 / 8,
             SymmetricEncryptionKeyLength = 256 / 8,
             InitializationVectorLength = 96 / 8,
-            SymmetricSignatureLength = 384 / 8,
+            SymmetricSignatureLength = 128 / 8,
             MinAsymmetricKeyLength = 384,
             MaxAsymmetricKeyLength = 384,
             SecureChannelNonceLength = 96,
@@ -1025,24 +1074,24 @@ public byte[] CreateSessionActivationToken(
             SecureChannelEnhancements = true,
             IsDeprecated = false
         };
-
+         
         /// <summary>
         /// The RSA_DH_AES_GCM is an high security policy that uses AES GCM for symmetric encryption.
         /// </summary>
-        public readonly static SecurityPolicyInfo RSA_DH_AES_GCM = new(SecurityPolicies.RSA_DH_AES_GCM)
+        public readonly static SecurityPolicyInfo RSA_DH_AesGcm = new(SecurityPolicies.RSA_DH_AesGcm)
         {
             DerivedSignatureKeyLength = 0,
-            SymmetricEncryptionKeyLength = 256 / 8,
-            InitializationVectorLength = 128 / 8,
+            SymmetricEncryptionKeyLength = 128 / 8,
+            InitializationVectorLength = 96 / 8,
             SymmetricSignatureLength = 128 / 8,
             MinAsymmetricKeyLength = 2048,
             MaxAsymmetricKeyLength = 4096,
-            SecureChannelNonceLength = 96,
+            SecureChannelNonceLength = 512,
             LegacySequenceNumbers = false,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPssSha256,
             CertificateKeyFamily = CertificateKeyFamily.RSA,
-            CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSADH,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
             EphemeralKeyAlgorithm = CertificateKeyAlgorithm.RSADH,
             KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
@@ -1063,12 +1112,12 @@ public byte[] CreateSessionActivationToken(
             SymmetricSignatureLength = 128 / 8,
             MinAsymmetricKeyLength = 2048,
             MaxAsymmetricKeyLength = 4096,
-            SecureChannelNonceLength = 64,
+            SecureChannelNonceLength = 512,
             LegacySequenceNumbers = false,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
             AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPssSha256,
             CertificateKeyFamily = CertificateKeyFamily.RSA,
-            CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSADH,
+            CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
             EphemeralKeyAlgorithm = CertificateKeyAlgorithm.RSADH,
             KeyDerivationAlgorithm = KeyDerivationAlgorithm.HKDFSha256,
diff --git a/Stack/Opc.Ua.Core/Stack/Client/ClientChannelManager.cs b/Stack/Opc.Ua.Core/Stack/Client/ClientChannelManager.cs
index 3d28cbe6a7..83cd1c52e3 100644
--- a/Stack/Opc.Ua.Core/Stack/Client/ClientChannelManager.cs
+++ b/Stack/Opc.Ua.Core/Stack/Client/ClientChannelManager.cs
@@ -362,7 +362,7 @@ private sealed class ClientChannel : ITransportChannel
             public IServiceMessageContext MessageContext => m_channel.MessageContext;
 
             /// <inheritdoc/>
-            public byte[] SecureChannelHash => m_channel?.SecureChannelHash ?? [];
+            public byte[] ChannelThumbprint => m_channel?.ChannelThumbprint ?? [];
 
             /// <inheritdoc/>
             public byte[] SessionActivationSecret => m_channel?.SessionActivationSecret ?? [];
diff --git a/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs b/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs
index 4d2770443d..739e011085 100644
--- a/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs
@@ -118,7 +118,7 @@ public IServiceMessageContext MessageContext
             => m_quotas?.MessageContext ?? throw BadNotConnected();
 
         /// <inheritdoc/>
-        public byte[] SecureChannelHash => [];
+        public byte[] ChannelThumbprint => [];
 
         /// <inheritdoc/>
         public byte[] SessionActivationSecret => [];
diff --git a/Stack/Opc.Ua.Core/Stack/Server/SecureChannelContext.cs b/Stack/Opc.Ua.Core/Stack/Server/SecureChannelContext.cs
index 547dd89f32..5136e3026a 100644
--- a/Stack/Opc.Ua.Core/Stack/Server/SecureChannelContext.cs
+++ b/Stack/Opc.Ua.Core/Stack/Server/SecureChannelContext.cs
@@ -26,7 +26,7 @@ public class SecureChannelContext
         /// <param name="secureChannelId">The secure channel identifier.</param>
         /// <param name="endpointDescription">The endpoint description.</param>
         /// <param name="messageEncoding">The message encoding.</param>
-        /// <param name="secureChannelHash">The unique hash for the secure channel calculated during channel creation.</param>
+        /// <param name="channelThumbprint">The unique hash for the secure channel calculated during channel creation.</param>
         /// <param name="sessionActivationSecret">A secret used to re-activate sessions on a new secure channel.</param>
         /// <param name="clientChannelCertificate">The client certificate used to establsih the secure channel.</param>
         /// <param name="serverChannelCertificate">The server certificate used to establsih the secure channel.</param>
@@ -36,7 +36,7 @@ public SecureChannelContext(
             RequestEncoding messageEncoding,
             byte[] clientChannelCertificate,
             byte[] serverChannelCertificate,
-            byte[] secureChannelHash = null,
+            byte[] channelThumbprint = null,
             byte[] sessionActivationSecret = null)
         {
             SecureChannelId = secureChannelId;
@@ -44,7 +44,7 @@ public SecureChannelContext(
             MessageEncoding = messageEncoding;
             ClientChannelCertificate = clientChannelCertificate;
             ServerChannelCertificate = serverChannelCertificate;
-            SecureChannelHash = secureChannelHash;
+            ChannelThumbprint = channelThumbprint;
             SessionActivationSecret = sessionActivationSecret;
         }
 
@@ -69,7 +69,7 @@ public SecureChannelContext(
         /// <summary>
         /// The unique hash for the secure channel calculated during channel creation.
         /// </summary>
-        public byte[] SecureChannelHash { get; }
+        public byte[] ChannelThumbprint { get; }
 
         /// <summary>
         /// A secret used to re-activate sessions on a new secure channel.
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/TcpListenerChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/TcpListenerChannel.cs
index 0ef7eacdca..c65f20b975 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/TcpListenerChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/TcpListenerChannel.cs
@@ -492,71 +492,6 @@ protected virtual void CompleteReverseHello(Exception e)
             // intentionally left empty
         }
 
-        /// <summary>
-        /// Sends a fault response secured with the asymmetric keys.
-        /// </summary>
-        protected void SendServiceFault(uint requestId, ServiceResult fault)
-        {
-            m_logger.LogDebug(
-                "ChannelId {Id}: Request {RequestId}: SendServiceFault={ServiceFault}",
-                ChannelId,
-                requestId,
-                fault.StatusCode);
-
-            BufferCollection chunksToSend = null;
-
-            try
-            {
-                // construct fault.
-                var response = new ServiceFault();
-
-                response.ResponseHeader.ServiceResult = fault.Code;
-
-                var stringTable = new StringTable();
-
-                response.ResponseHeader.ServiceDiagnostics = new DiagnosticInfo(
-                    fault,
-                    DiagnosticsMasks.NoInnerStatus,
-                    true,
-                    stringTable,
-                    m_logger);
-
-                response.ResponseHeader.StringTable = stringTable.ToArray();
-
-                // serialize fault.
-                byte[] buffer = BinaryEncoder.EncodeMessage(response, Quotas.MessageContext);
-
-                // secure message.
-                chunksToSend = WriteAsymmetricMessage(
-                    TcpMessageType.Open,
-                    requestId,
-                    ServerCertificate,
-                    ClientCertificate,
-                    new ArraySegment<byte>(buffer, 0, buffer.Length));
-
-                // write the message to the server.
-                BeginWriteMessage(chunksToSend, null);
-                chunksToSend = null;
-            }
-            catch (Exception e)
-            {
-                chunksToSend?.Release(BufferManager, "SendServiceFault");
-
-                m_logger.LogError(
-                    e,
-                    "ChannelId {Id}: Request {RequestId}: SendServiceFault={ServiceFault}: Unexpected error.",
-                    ChannelId,
-                    requestId,
-                    fault.StatusCode);
-
-                ForceChannelFault(
-                    ServiceResult.Create(
-                        e,
-                        StatusCodes.BadTcpInternalError,
-                        "Unexpected error sending a service fault."));
-            }
-        }
-
         /// <summary>
         /// Handles a reconnect request.
         /// </summary>
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs b/Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs
index 842bd793e4..27444905bb 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs
@@ -163,40 +163,6 @@ internal static string GetTypeAndSize(ArraySegment<byte> chunk)
 
             return sb.ToString();
         }
-
-        internal static string KeyToString(ArraySegment<byte> key)
-        {
-            byte[] bytes = new byte[key.Count];
-            Buffer.BlockCopy(key.Array ?? [], key.Offset, bytes, 0, key.Count);
-            return KeyToString(bytes);
-        }
-
-        internal static string KeyToString(byte[] key)
-        {
-            if (key == null || key.Length == 0)
-            {
-                return "0:---";
-            }
-
-            byte checksum = 0;
-
-            foreach (var item in key)
-            {
-                checksum ^= item;
-            }
-
-            if (key.Length <= 16)
-            {
-                return key.Length.ToString(CultureInfo.InvariantCulture) +
-                    ":" +
-                    Utils.ToHexString(key) +
-                    "=>" +
-                    checksum.ToString(CultureInfo.InvariantCulture);
-            }
-
-            var text = Utils.ToHexString(key);
-            return $"{key.Length}:{text.Substring(0, 8)}...{text.Substring(text.Length-8, 8)}=>{checksum}";
-        }
     }
 
     /// <summary>
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs
index 39479cba4e..4fe2b1d612 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs
@@ -287,7 +287,7 @@ protected override bool HandleIncomingMessage(
             {
                 SetResponseRequired(true);
 
-                m_logger.LogWarning("IN:{Id}", TcpMessageType.GetTypeAndSize(messageChunk));
+                //m_logger.LogWarning("IN:{Id}", TcpMessageType.GetTypeAndSize(messageChunk));
 
                 try
                 {
@@ -568,10 +568,12 @@ private bool ProcessOpenSecureChannelRequest(
                 // don't keep signature if secure channel enhancements are not used.
                 m_oscRequestSignature = (SecurityPolicy.SecureChannelEnhancements) ? signature : null;
 
-                Console.WriteLine($"OSC IN={TcpMessageType.KeyToString(messageBody)}");
-                Console.WriteLine($"oscRequestSignature={TcpMessageType.KeyToString(m_oscRequestSignature)}");
-                Console.WriteLine($"signatureHash={TcpMessageType.KeyToString(signature)}");
-                Console.WriteLine($"State={State}");
+                CryptoTrace.Start(ConsoleColor.Magenta, $"ProcessOpenSecureChannelRequest ({(State != TcpChannelState.Opening ? "RENEW" : "OPEN")})");
+                CryptoTrace.WriteLine($"ClientCertificate={clientCertificate?.Thumbprint}");
+                CryptoTrace.WriteLine($"ServerCertificate={ServerCertificate?.Thumbprint}");
+                CryptoTrace.WriteLine($"RequestSignature={CryptoTrace.KeyToString(signature)}");
+                CryptoTrace.WriteLine($"ChannelThumbprint={CryptoTrace.KeyToString(ChannelThumbprint)}");
+                CryptoTrace.Finish("ProcessOpenSecureChannelRequest");
 
                 // check for replay attacks.
                 if (!VerifySequenceNumber(sequenceNumber, "ProcessOpenSecureChannelRequest"))
@@ -823,11 +825,14 @@ or StatusCodes.BadCertificateIssuerRevocationUnknown
                 // report the audit event for open secure channel
                 ReportAuditOpenSecureChannelEvent?.Invoke(this, request, ClientCertificate, e);
 
-                SendServiceFault(
-                    requestId, ServiceResult.Create(
+                SendServiceFault(                    
+                    requestId,
+                    State == TcpChannelState.Open,
+                    ServiceResult.Create(
                         e,
                         StatusCodes.BadTcpInternalError,
                         "Unexpected error processing OpenSecureChannel request."));
+
                 CompleteReverseHello(e);
                 return false;
             }
@@ -863,6 +868,77 @@ protected override void CompleteReverseHello(Exception e)
             }
         }
 
+        /// <summary>
+        /// Sends a fault response secured with the asymmetric keys.
+        /// </summary>
+        protected void SendServiceFault(uint requestId, bool renew, ServiceResult fault)
+        {
+            m_logger.LogDebug(
+                "ChannelId {Id}: Request {RequestId}: SendServiceFault={ServiceFault}",
+                ChannelId,
+                requestId,
+                fault.StatusCode);
+
+            BufferCollection chunksToSend = null;
+
+            try
+            {
+                // construct fault.
+                var response = new ServiceFault();
+
+                response.ResponseHeader.ServiceResult = fault.Code;
+
+                var stringTable = new StringTable();
+
+                response.ResponseHeader.ServiceDiagnostics = new DiagnosticInfo(
+                    fault,
+                    DiagnosticsMasks.NoInnerStatus,
+                    true,
+                    stringTable,
+                    m_logger);
+
+                response.ResponseHeader.StringTable = stringTable.ToArray();
+
+                // serialize fault.
+                byte[] buffer = BinaryEncoder.EncodeMessage(response, Quotas.MessageContext);
+                byte[] signature = null;
+
+                CryptoTrace.WriteLine($"messageBody={CryptoTrace.KeyToString(buffer)}");
+
+                // secure message.
+                chunksToSend = WriteAsymmetricMessage(
+                    TcpMessageType.Open,
+                    requestId,
+                    ServerCertificate,
+                    null,
+                    ClientCertificate,
+                    new ArraySegment<byte>(buffer, 0, buffer.Length),
+                    !renew ? m_oscRequestSignature : null,
+                    out signature);
+
+                // write the message to the server.
+                BeginWriteMessage(chunksToSend, null);
+                chunksToSend = null;
+            }
+            catch (Exception e)
+            {
+                chunksToSend?.Release(BufferManager, "SendServiceFault");
+
+                m_logger.LogError(
+                    e,
+                    "ChannelId {Id}: Request {RequestId}: SendServiceFault={ServiceFault}: Unexpected error.",
+                    ChannelId,
+                    requestId,
+                    fault.StatusCode);
+
+                ForceChannelFault(
+                    ServiceResult.Create(
+                        e,
+                        StatusCodes.BadTcpInternalError,
+                        "Unexpected error sending a service fault."));
+            }
+        }
+
         /// <summary>
         /// Sends an OpenSecureChannel response.
         /// </summary>
@@ -895,17 +971,21 @@ private void SendOpenSecureChannelResponse(
                 ServerCertificateChain,
                 ClientCertificate,
                 new ArraySegment<byte>(buffer, 0, buffer.Length),
-                m_oscRequestSignature,
+                !renew ? m_oscRequestSignature : null,
                 out signature);
 
             if (!renew)
             {
-                ComputeSecureChannelHash(signature);
+                ChannelThumbprint = signature;
             }
 
-            Console.WriteLine($"OSC:m_oscRequestSignature={TcpMessageType.KeyToString(m_oscRequestSignature)}");
-            Console.WriteLine($"OSC:Signature={TcpMessageType.KeyToString(signature)}");
-            Console.WriteLine($"OSC:SecureChannelHash={TcpMessageType.KeyToString(SecureChannelHash)}");
+            CryptoTrace.Start(ConsoleColor.Magenta, $"SendOpenSecureChannelResponse ({(renew ? "RENEW" : "OPEN")})");
+            CryptoTrace.WriteLine($"ServerCertificate={ServerCertificate?.Thumbprint}");
+            CryptoTrace.WriteLine($"ClientCertificate={ClientCertificate?.Thumbprint}");
+            CryptoTrace.WriteLine($"RequestSignature={CryptoTrace.KeyToString(m_oscRequestSignature)}");
+            CryptoTrace.WriteLine($"ResponseSignature={CryptoTrace.KeyToString(signature)}");
+            CryptoTrace.WriteLine($"ChannelThumbprint={CryptoTrace.KeyToString(ChannelThumbprint)}");
+            CryptoTrace.Finish("SendOpenSecureChannelResponse");
 
             // write the message to the server.
             try
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs b/Stack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs
index 8434a2e327..0e8b723fac 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs
@@ -1015,7 +1015,7 @@ private async void OnRequestReceivedAsync(
                         RequestEncoding.Binary,
                         channel.ClientCertificate?.RawData,
                         channel.ServerCertificate?.RawData,
-                        channel.SecureChannelHash,
+                        channel.ChannelThumbprint,
                         channel.SessionActivationSecret);
 
                     IServiceResponse response = await m_callback.ProcessRequestAsync(
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs
index 4f38b0385e..a771031cc0 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Asymmetric.cs
@@ -186,6 +186,11 @@ protected byte[] CreateNonce(X509Certificate2 certificate)
             switch (SecurityPolicy.CertificateKeyFamily)
             {
                 case CertificateKeyFamily.RSA:
+                    if (SecurityPolicy.EphemeralKeyAlgorithm == CertificateKeyAlgorithm.RSADH)
+                    {
+                        m_localNonce = Nonce.CreateNonce(SecurityPolicy);
+                        return m_localNonce.Data;
+                    }
                     return Nonce.CreateRandomNonceData(SecurityPolicy.SecureChannelNonceLength);
                 case CertificateKeyFamily.ECC:
                     m_localNonce = Nonce.CreateNonce(SecurityPolicy);
@@ -215,6 +220,12 @@ protected bool ValidateNonce(X509Certificate2 certificate, byte[] nonce)
             switch (SecurityPolicy.CertificateKeyFamily)
             {
                 case CertificateKeyFamily.RSA:
+                    if (SecurityPolicy.EphemeralKeyAlgorithm == CertificateKeyAlgorithm.RSADH)
+                    {
+                        m_remoteNonce = Nonce.CreateNonce(SecurityPolicy, nonce);
+                        return true;
+                    }
+
                     // try to catch programming errors by rejecting nonces with all zeros.
                     for (int ii = 0; ii < nonce.Length; ii++)
                     {
@@ -237,6 +248,12 @@ protected bool ValidateNonce(X509Certificate2 certificate, byte[] nonce)
         /// </summary>
         protected int GetPlainTextBlockSize(X509Certificate2 receiverCertificate)
         {
+            if (SecurityPolicy.AsymmetricSignatureAlgorithm == AsymmetricSignatureAlgorithm.None ||
+                SecurityPolicy.EphemeralKeyAlgorithm != CertificateKeyAlgorithm.None)
+            {
+                return 1;
+            }
+
             switch (SecurityPolicy.AsymmetricEncryptionAlgorithm)
             {
                 case AsymmetricEncryptionAlgorithm.RsaOaepSha1:
@@ -261,6 +278,12 @@ protected int GetPlainTextBlockSize(X509Certificate2 receiverCertificate)
         /// </summary>
         protected int GetCipherTextBlockSize(X509Certificate2 receiverCertificate)
         {
+            if (SecurityPolicy.AsymmetricSignatureAlgorithm == AsymmetricSignatureAlgorithm.None ||
+                SecurityPolicy.EphemeralKeyAlgorithm != CertificateKeyAlgorithm.None)
+            {
+                return 1;
+            }
+
             switch (SecurityPolicy.AsymmetricEncryptionAlgorithm)
             {
                 case AsymmetricEncryptionAlgorithm.RsaOaepSha1:
@@ -631,7 +654,8 @@ protected BufferCollection WriteAsymmetricMessage(
 
                     if (SecurityMode != MessageSecurityMode.None)
                     {
-                        if (receiverCertificate.GetRSAPublicKey() != null)
+                        if (SecurityPolicy.EphemeralKeyAlgorithm == CertificateKeyAlgorithm.None &&
+                            receiverCertificate.GetRSAPublicKey() != null)
                         {
                             if (X509Utils.GetRSAPublicKeySize(receiverCertificate) <=
                                 TcpMessageLimits.KeySizeExtraPadding)
@@ -719,10 +743,6 @@ protected BufferCollection WriteAsymmetricMessage(
                         encoder.WriteRawBytes(signature, 0, signature.Length);
                     }
 
-                    Console.WriteLine($"OSC:dataToSign={TcpMessageType.KeyToString(dataToSign)}");
-                    Console.WriteLine($"OSC:signature={TcpMessageType.KeyToString(signature)}");
-                    Console.WriteLine($"OSC:Thumbprint={senderCertificate?.Thumbprint}");
-
                     int messageSize = encoder.Close();
 
                     // encrypt the data.
@@ -971,28 +991,6 @@ protected virtual bool SetEndpointUrl(string endpointUrl)
             return false;
         }
 
-        /// <summary>
-        /// Computes the SecureChannelHash.
-        /// </summary>
-        protected void ComputeSecureChannelHash(byte[] signature)
-        {
-            SecureChannelHash = null;
-            if (SecurityPolicy.SecureChannelEnhancements)
-            {
-                HashAlgorithm hash = SecurityPolicy.KeyDerivationAlgorithm switch
-                {
-                    KeyDerivationAlgorithm.HKDFSha384 => SHA384.Create(),
-                    _ => SHA256.Create()
-                };
-
-                SecureChannelHash = hash.ComputeHash(signature, 0, signature.Length);
-
-                Console.ForegroundColor = ConsoleColor.Magenta;
-                Console.WriteLine($"SecureChannelHash={TcpMessageType.KeyToString(SecureChannelHash)}");
-                Console.ForegroundColor = ConsoleColor.White;
-            }
-        }
-
         /// <summary>
         /// Processes an OpenSecureChannel request message.
         /// </summary>
@@ -1147,15 +1145,11 @@ protected ArraySegment<byte> ReadAsymmetricMessage(
                     plainText.Count - signatureSize);
             }
 
-
-            Console.WriteLine($"OSC:dataToVerify={TcpMessageType.KeyToString(dataToVerify)}");
-            Console.WriteLine($"OSC:signature={TcpMessageType.KeyToString(signature)}");
-            Console.WriteLine($"OSC:Thumbprint={senderCertificate?.Thumbprint}");
-
             // verify the signature.
             if (!Verify(dataToVerify, signature, senderCertificate))
             {
                 m_logger.LogWarning("Could not verify signature on message.");
+
                 throw ServiceResultException.Create(
                     StatusCodes.BadSecurityChecksFailed,
                     "Could not verify the signature on the message.");
@@ -1165,6 +1159,7 @@ protected ArraySegment<byte> ReadAsymmetricMessage(
             int paddingCount = 0;
 
             if (SecurityMode != MessageSecurityMode.None &&
+                SecurityPolicy.EphemeralKeyAlgorithm == CertificateKeyAlgorithm.None &&
                 receiverCertificate.GetRSAPublicKey() != null)
             {
                 int paddingEnd;
@@ -1237,36 +1232,7 @@ protected ArraySegment<byte> ReadAsymmetricMessage(
         /// </remarks>
         protected byte[] Sign(ArraySegment<byte> dataToSign, X509Certificate2 senderCertificate)
         {
-            var info = SecurityPolicies.GetInfo(SecurityPolicyUri);
-
-            switch (info.AsymmetricSignatureAlgorithm)
-            {
-                case AsymmetricSignatureAlgorithm.None:
-                    return null;
-                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha1:
-                    return Rsa_Sign(
-                        dataToSign,
-                        senderCertificate,
-                        HashAlgorithmName.SHA1,
-                        RSASignaturePadding.Pkcs1);
-                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha256:
-                    return Rsa_Sign(
-                        dataToSign,
-                        senderCertificate,
-                        HashAlgorithmName.SHA256,
-                        RSASignaturePadding.Pkcs1);
-                case AsymmetricSignatureAlgorithm.RsaPssSha256:
-                    return Rsa_Sign(
-                        dataToSign,
-                        senderCertificate,
-                        HashAlgorithmName.SHA256,
-                        RSASignaturePadding.Pss);
-                case AsymmetricSignatureAlgorithm.EcdsaSha256:
-                case AsymmetricSignatureAlgorithm.EcdsaSha384:
-                    return CryptoUtils.Sign(dataToSign, senderCertificate, info.AsymmetricSignatureAlgorithm);
-                default:
-                    throw new ServiceResultException(StatusCodes.BadSecurityPolicyRejected);
-            }
+            return CryptoUtils.Sign(dataToSign, senderCertificate, SecurityPolicyUri);
         }
 
         /// <summary>
@@ -1282,43 +1248,11 @@ protected bool Verify(
             byte[] signature,
             X509Certificate2 senderCertificate)
         {
-            var info = SecurityPolicies.GetInfo(SecurityPolicyUri);
-
-            switch (info.AsymmetricSignatureAlgorithm)
-            {
-                case AsymmetricSignatureAlgorithm.None:
-                    return true;
-                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha1:
-                    return Rsa_Verify(
-                        dataToVerify,
-                        signature,
-                        senderCertificate,
-                        HashAlgorithmName.SHA1,
-                        RSASignaturePadding.Pkcs1);
-                case AsymmetricSignatureAlgorithm.RsaPkcs15Sha256:
-                    return Rsa_Verify(
-                        dataToVerify,
-                        signature,
-                        senderCertificate,
-                        HashAlgorithmName.SHA256,
-                        RSASignaturePadding.Pkcs1);
-                case AsymmetricSignatureAlgorithm.RsaPssSha256:
-                    return Rsa_Verify(
-                        dataToVerify,
-                        signature,
-                        senderCertificate,
-                        HashAlgorithmName.SHA256,
-                        RSASignaturePadding.Pss);
-                case AsymmetricSignatureAlgorithm.EcdsaSha256:
-                case AsymmetricSignatureAlgorithm.EcdsaSha384:
-                    return CryptoUtils.Verify(
-                        dataToVerify,
-                        signature,
-                        senderCertificate,
-                        info.AsymmetricSignatureAlgorithm);
-                default:
-                    return false;
-            }
+            return CryptoUtils.Verify(
+                dataToVerify,
+                signature,
+                senderCertificate,
+                SecurityPolicyUri);
         }
 
         /// <summary>
@@ -1334,69 +1268,51 @@ protected ArraySegment<byte> Encrypt(
             ArraySegment<byte> headerToCopy,
             X509Certificate2 receiverCertificate)
         {
-            switch (SecurityPolicyUri)
+            if (SecurityPolicy.AsymmetricSignatureAlgorithm == AsymmetricSignatureAlgorithm.None ||
+                SecurityPolicy.EphemeralKeyAlgorithm != CertificateKeyAlgorithm.None)
             {
-                case SecurityPolicies.Basic256:
-                case SecurityPolicies.Aes128_Sha256_RsaOaep:
-                case SecurityPolicies.Basic256Sha256:
+                byte[] encryptedBuffer = BufferManager.TakeBuffer(SendBufferSize, "Encrypt");
+
+                Array.Copy(
+                    headerToCopy.Array,
+                    headerToCopy.Offset,
+                    encryptedBuffer,
+                    0,
+                    headerToCopy.Count);
+                Array.Copy(
+                    dataToEncrypt.Array,
+                    dataToEncrypt.Offset,
+                    encryptedBuffer,
+                    headerToCopy.Count,
+                    dataToEncrypt.Count);
+
+                return new ArraySegment<byte>(
+                    encryptedBuffer,
+                    0,
+                    dataToEncrypt.Count + headerToCopy.Count);
+            }
+
+            switch (SecurityPolicy.AsymmetricEncryptionAlgorithm)
+            {
+                case AsymmetricEncryptionAlgorithm.RsaOaepSha1:
                     return Rsa_Encrypt(
                         dataToEncrypt,
                         headerToCopy,
                         receiverCertificate,
                         RsaUtils.Padding.OaepSHA1);
-                case SecurityPolicies.Aes256_Sha256_RsaPss:
-                case SecurityPolicies.RSA_DH_AES_GCM:
-                case SecurityPolicies.RSA_DH_ChaChaPoly:
+                case AsymmetricEncryptionAlgorithm.RsaOaepSha256:
                     return Rsa_Encrypt(
                         dataToEncrypt,
                         headerToCopy,
                         receiverCertificate,
                         RsaUtils.Padding.OaepSHA256);
-                case SecurityPolicies.Basic128Rsa15:
+                default:
+                case AsymmetricEncryptionAlgorithm.RsaPkcs15Sha1:
                     return Rsa_Encrypt(
                         dataToEncrypt,
                         headerToCopy,
                         receiverCertificate,
                         RsaUtils.Padding.Pkcs1);
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_nistP256_AesGcm:
-                case SecurityPolicies.ECC_nistP256_ChaChaPoly:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_brainpoolP256r1_AesGcm:
-                case SecurityPolicies.ECC_brainpoolP256r1_ChaChaPoly:
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve25519_AesGcm:
-                case SecurityPolicies.ECC_curve25519_ChaChaPoly:
-                case SecurityPolicies.ECC_curve448:
-                case SecurityPolicies.ECC_curve448_AesGcm:
-                case SecurityPolicies.ECC_curve448_ChaChaPoly:
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_nistP384_AesGcm:
-                case SecurityPolicies.ECC_nistP384_ChaChaPoly:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                case SecurityPolicies.ECC_brainpoolP384r1_AesGcm:
-                case SecurityPolicies.ECC_brainpoolP384r1_ChaChaPoly:
-                    goto default;
-                default:
-                    byte[] encryptedBuffer = BufferManager.TakeBuffer(SendBufferSize, "Encrypt");
-
-                    Array.Copy(
-                        headerToCopy.Array,
-                        headerToCopy.Offset,
-                        encryptedBuffer,
-                        0,
-                        headerToCopy.Count);
-                    Array.Copy(
-                        dataToEncrypt.Array,
-                        dataToEncrypt.Offset,
-                        encryptedBuffer,
-                        headerToCopy.Count,
-                        dataToEncrypt.Count);
-
-                    return new ArraySegment<byte>(
-                        encryptedBuffer,
-                        0,
-                        dataToEncrypt.Count + headerToCopy.Count);
             }
         }
 
@@ -1412,6 +1328,30 @@ protected ArraySegment<byte> Decrypt(
             ArraySegment<byte> headerToCopy,
             X509Certificate2 receiverCertificate)
         {
+            if (SecurityPolicy.AsymmetricSignatureAlgorithm == AsymmetricSignatureAlgorithm.None ||
+                SecurityPolicy.EphemeralKeyAlgorithm != CertificateKeyAlgorithm.None)
+            {
+                byte[] decryptedBuffer = BufferManager.TakeBuffer(SendBufferSize, "Decrypt");
+
+                Array.Copy(
+                    headerToCopy.Array,
+                    headerToCopy.Offset,
+                    decryptedBuffer,
+                    0,
+                    headerToCopy.Count);
+                Array.Copy(
+                    dataToDecrypt.Array,
+                    dataToDecrypt.Offset,
+                    decryptedBuffer,
+                    headerToCopy.Count,
+                    dataToDecrypt.Count);
+
+                return new ArraySegment<byte>(
+                    decryptedBuffer,
+                    0,
+                    dataToDecrypt.Count + headerToCopy.Count);
+            }
+
             switch (SecurityPolicyUri)
             {
                 case SecurityPolicies.Basic256:
@@ -1422,8 +1362,9 @@ protected ArraySegment<byte> Decrypt(
                         headerToCopy,
                         receiverCertificate,
                         RsaUtils.Padding.OaepSHA1);
+                default:
                 case SecurityPolicies.Aes256_Sha256_RsaPss:
-                case SecurityPolicies.RSA_DH_AES_GCM:
+                case SecurityPolicies.RSA_DH_AesGcm:
                 case SecurityPolicies.RSA_DH_ChaChaPoly:
                     return Rsa_Decrypt(
                         dataToDecrypt,
@@ -1436,26 +1377,6 @@ protected ArraySegment<byte> Decrypt(
                         headerToCopy,
                         receiverCertificate,
                         RsaUtils.Padding.Pkcs1);
-                default:
-                    byte[] decryptedBuffer = BufferManager.TakeBuffer(SendBufferSize, "Decrypt");
-
-                    Array.Copy(
-                        headerToCopy.Array,
-                        headerToCopy.Offset,
-                        decryptedBuffer,
-                        0,
-                        headerToCopy.Count);
-                    Array.Copy(
-                        dataToDecrypt.Array,
-                        dataToDecrypt.Offset,
-                        decryptedBuffer,
-                        headerToCopy.Count,
-                        dataToDecrypt.Count);
-
-                    return new ArraySegment<byte>(
-                        decryptedBuffer,
-                        0,
-                        dataToDecrypt.Count + headerToCopy.Count);
             }
         }
 
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Rsa.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Rsa.cs
index d4915b7286..bfe0116e0f 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Rsa.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Rsa.cs
@@ -49,13 +49,6 @@ private static byte[] Rsa_Sign(
                 algorithm,
                 padding);
 
-#if xDEBUG
-            var data = new ReadOnlySpan<byte>(dataToSign.Array, dataToSign.Offset, dataToSign.Count).ToArray()
-            Console.WriteLine($"dataToSign={TcpMessageType.KeyToString(data)}");
-            Console.WriteLine($"algorithm={algorithm} padding={padding}");
-            Console.WriteLine($"signingCertificate={signingCertificate.Thumbprint}");
-            Console.WriteLine($"signature={TcpMessageType.KeyToString(signature)}");
-#endif
             return signature;
         }
 
@@ -77,13 +70,6 @@ private bool Rsa_Verify(
                     StatusCodes.BadSecurityChecksFailed,
                     "No public key for certificate.");
 
-#if xDEBUG
-            var data = new ReadOnlySpan<byte>(dataToVerify.Array, dataToVerify.Offset, dataToVerify.Count).ToArray()
-            Console.WriteLine($"dataToVerify={TcpMessageType.KeyToString(data)}");
-            Console.WriteLine($"algorithm={algorithm} padding={padding}");
-            Console.WriteLine($"signingCertificate={signingCertificate.Thumbprint}");
-            Console.WriteLine($"signature={TcpMessageType.KeyToString(signature)}");
-#endif
             // verify signature.
             if (!rsa.VerifyData(
                     dataToVerify.Array,
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
index 4c432ea313..475052c0b1 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
@@ -185,64 +185,30 @@ private void DeriveKeysWithPSHA(
                 token.ClientEncryptingKey = encryptingKey;
                 token.ClientInitializationVector = iv;
                 token.SessionActivationSecret = null;
-
-                if (SecurityPolicy.SecureChannelEnhancements)
-                {
-                    token.SessionActivationSecret = new byte[hmac.HashSize / 8];
-
-                    Buffer.BlockCopy(
-                        output,
-                        m_signatureKeySize + m_encryptionKeySize + EncryptionBlockSize,
-                        token.SessionActivationSecret,
-                        0,
-                        token.SessionActivationSecret.Length);
-                }
             }
         }
 
         private void DeriveKeysWithHKDF(
             ChannelToken token,
             byte[] salt,
-            bool isServer)
+            bool isServer,
+            int length)
         {
-            int length =
-                token.SecurityPolicy.DerivedSignatureKeyLength +
-                token.SecurityPolicy.SymmetricEncryptionKeyLength +
-                token.SecurityPolicy.InitializationVectorLength;
-
-            int secretLength = 0;
-
-            if (!isServer && SecurityPolicy.SecureChannelEnhancements)
-            {
-                secretLength = token.SecurityPolicy.KeyDerivationAlgorithm switch
-                {
-                    KeyDerivationAlgorithm.HKDFSha256 => 32,
-                    KeyDerivationAlgorithm.HKDFSha384 => 48,
-                    _ => 32
-                };
-            }
-
-            length += secretLength;
+            CryptoTrace.WriteLine($"DeriveKeys for {((isServer) ? "SERVER" : "CLIENT")}");
 
-            byte[] prk = m_localNonce.DeriveKey(
-                m_remoteNonce.Data,
+            byte[] keyData = m_localNonce.DeriveKeyData(
+                token.Secret,
                 salt,
                 token.SecurityPolicy.KeyDerivationAlgorithm,
                 length);
 
-#if xDEBUG
-            m_logger.LogWarning("LocalNonce={LocalNonce}", TcpMessageType.KeyToString(m_localNonce.Data));
-            m_logger.LogWarning("RemoteNonce={RemoteNonce}", TcpMessageType.KeyToString(m_remoteNonce.Data));
-            m_logger.LogWarning("PRK={PRK}", TcpMessageType.KeyToString(prk));
-#endif
-
             byte[] signingKey = new byte[m_signatureKeySize];
             byte[] encryptingKey = new byte[m_encryptionKeySize];
             byte[] iv = new byte[EncryptionBlockSize];
 
-            Buffer.BlockCopy(prk, 0, signingKey, 0, signingKey.Length);
-            Buffer.BlockCopy(prk, m_signatureKeySize, encryptingKey, 0, encryptingKey.Length);
-            Buffer.BlockCopy(prk, m_signatureKeySize + m_encryptionKeySize, iv, 0, iv.Length);
+            Buffer.BlockCopy(keyData, 0, signingKey, 0, signingKey.Length);
+            Buffer.BlockCopy(keyData, m_signatureKeySize, encryptingKey, 0, encryptingKey.Length);
+            Buffer.BlockCopy(keyData, m_signatureKeySize + m_encryptionKeySize, iv, 0, iv.Length);
 
             if (isServer)
             {
@@ -258,17 +224,17 @@ private void DeriveKeysWithHKDF(
                 token.ClientInitializationVector = iv;
                 token.SessionActivationSecret = null;
 
-                if (SecurityPolicy.SecureChannelEnhancements)
-                {
-                    token.SessionActivationSecret = new byte[secretLength];
-
-                    Buffer.BlockCopy(
-                        prk,
-                        m_signatureKeySize + m_encryptionKeySize + EncryptionBlockSize,
-                        token.SessionActivationSecret,
-                        0,
-                        token.SessionActivationSecret.Length);
-                }
+                //if (SecurityPolicy.SecureChannelEnhancements)
+                //{
+                //    token.SessionActivationSecret = new byte[token.SecurityPolicy.SessionActivationSecretLength];
+
+                //    Buffer.BlockCopy(
+                //        keyData,
+                //        m_signatureKeySize + m_encryptionKeySize + EncryptionBlockSize,
+                //        token.SessionActivationSecret,
+                //        0,
+                //        token.SessionActivationSecret.Length);
+                //}
             }
         }
 
@@ -294,33 +260,33 @@ protected void ComputeKeys(ChannelToken token)
                 {
                     token.Secret = m_localNonce.GenerateSecret(m_remoteNonce, token.PreviousSecret);
 
-                    byte[] length = token.SecurityPolicy.KeyDataLength;
+                    byte[] clientSalt = Utils.Append(
+                        BitConverter.GetBytes((ushort)token.SecurityPolicy.ClientKeyDataLength),
+                        s_hkdfClientLabel,
+                        clientSecret,
+                        serverSecret);
+
+                    DeriveKeysWithHKDF(token, clientSalt, false, token.SecurityPolicy.ClientKeyDataLength);
 
                     byte[] serverSalt = Utils.Append(
-                        length,
+                        BitConverter.GetBytes((ushort)token.SecurityPolicy.ServerKeyDataLength),
                         s_hkdfServerLabel,
                         serverSecret,
                         clientSecret);
 
-                    byte[] clientSalt = Utils.Append(
-                        length,
-                        s_hkdfClientLabel,
-                        clientSecret,
-                        serverSecret);
-
-                    DeriveKeysWithHKDF(token, serverSalt, true);
-                    DeriveKeysWithHKDF(token, clientSalt, false);
-
-#if xDEBUG
-                    m_logger.LogWarning("ServerSecret={ServerSecret}", TcpMessageType.KeyToString(serverSecret));
-                    m_logger.LogWarning("ClientSecret={ClientSecret}", TcpMessageType.KeyToString(clientSecret));
-                    m_logger.LogWarning("ServerSalt={ServerSalt}", TcpMessageType.KeyToString(serverSalt));
-                    m_logger.LogWarning("ClientSalt={ClientSalt}", TcpMessageType.KeyToString(clientSalt));
-                    m_logger.LogWarning("ServerEncryptingKey={ServerEncryptingKey}", TcpMessageType.KeyToString(token.ServerEncryptingKey));
-                    m_logger.LogWarning("ServerInitializationVector={ServerIV}", TcpMessageType.KeyToString(token.ServerInitializationVector));
-                    m_logger.LogWarning("ClientEncryptingKey={ClientEncryptingKey}", TcpMessageType.KeyToString(token.ClientEncryptingKey));
-                    m_logger.LogWarning("ClientInitializationVector={ClientIV}", TcpMessageType.KeyToString(token.ClientInitializationVector));
-#endif
+                    DeriveKeysWithHKDF(token, serverSalt, true, token.SecurityPolicy.ServerKeyDataLength);
+
+                    CryptoTrace.Start(ConsoleColor.Green, $"ComputeKeys (TokenId={token.TokenId})");
+                    CryptoTrace.WriteLine($"IKM={CryptoTrace.KeyToString(token.Secret)}");
+                    CryptoTrace.WriteLine($"ServerNonce={CryptoTrace.KeyToString(serverSecret)}");
+                    CryptoTrace.WriteLine($"ClientNonce={CryptoTrace.KeyToString(clientSecret)}");
+                    CryptoTrace.WriteLine($"ServerSalt={CryptoTrace.KeyToString(serverSalt)}");
+                    CryptoTrace.WriteLine($"ServerEncryptingKey={CryptoTrace.KeyToString(token.ServerEncryptingKey)}");
+                    CryptoTrace.WriteLine($"ServerInitializationVector={CryptoTrace.KeyToString(token.ServerInitializationVector)}");
+                    CryptoTrace.WriteLine($"ClientEncryptingKey={CryptoTrace.KeyToString(token.ClientEncryptingKey)}");
+                    CryptoTrace.WriteLine($"ClientInitializationVector={CryptoTrace.KeyToString(token.ClientInitializationVector)}");
+                    CryptoTrace.WriteLine($"SessionActivationSecret={CryptoTrace.KeyToString(token.SessionActivationSecret)}");
+                    CryptoTrace.Finish("ComputeKeys");
                     break;
                 }
 
@@ -415,7 +381,6 @@ protected BufferCollection WriteSymmetricMessage(
                     chunksToProcess.Add(new ArraySegment<byte>(buffer, 0, 0));
                 }
 
-                //Console.WriteLine($"WriteSymmetricMessage:{chunksToProcess[0].Offset}:{chunksToProcess[0].Count}");
                 var chunksToSend = new BufferCollection(chunksToProcess.Capacity);
 
                 int messageSize = 0;
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.cs
index f396c3ad8b..1509bac7dc 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.cs
@@ -239,7 +239,7 @@ protected virtual void Dispose(bool disposing)
         public string GlobalChannelId { get; private set; }
 
         /// <inheritdoc/>
-        internal byte[] SecureChannelHash { get; set; }
+        internal byte[] ChannelThumbprint { get; set; }
 
         /// <inheritdoc/>
         internal byte[] SessionActivationSecret { get; set; }
@@ -283,7 +283,7 @@ protected void ChannelStateChanged(TcpChannelState state, ServiceResult reason)
         /// </summary>
         protected uint GetNewSequenceNumber()
         {
-            bool isLegacy = !CryptoUtils.IsEccPolicy(SecurityPolicyUri);
+            bool isLegacy = SecurityPolicy.LegacySequenceNumbers;
 
             long newSeqNumber = Interlocked.Increment(ref m_sequenceNumber);
             bool maxValueOverflow = isLegacy
@@ -629,7 +629,7 @@ protected void BeginWriteMessage(BufferCollection buffers, object state)
 
             try
             {
-                m_logger.LogWarning("OUT:{Id}", TcpMessageType.GetTypeAndSize(buffers[0]));
+                // m_logger.LogWarning("OUT:{Id}", TcpMessageType.GetTypeAndSize(buffers[0]));
 
                 Interlocked.Increment(ref m_activeWriteRequests);
                 args.BufferList = buffers;
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs
index 90dc254468..0a2e253054 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs
@@ -575,6 +575,12 @@ private void SendOpenSecureChannelRequest(bool renew)
             // don't keep signature if secure channel enhancements are not used.
             m_oscRequestSignature = (SecurityPolicy.SecureChannelEnhancements) ? signature : null;
 
+            CryptoTrace.Start(ConsoleColor.Magenta, $"SendOpenSecureChannelRequest ({(renew ? "RENEW" : "OPEN")})");
+            CryptoTrace.WriteLine($"ClientCertificate={ClientCertificate?.Thumbprint}");
+            CryptoTrace.WriteLine($"ServerCertificate={ServerCertificate?.Thumbprint}");
+            CryptoTrace.WriteLine($"RequestSignature={CryptoTrace.KeyToString(signature)}");
+            CryptoTrace.Finish("SendOpenSecureChannelRequest");
+
             // save token.
             m_requestedToken = token;
 
@@ -629,7 +635,7 @@ private bool ProcessOpenSecureChannelResponse(
             try
             {
                 byte[] signature;
-
+                
                 messageBody = ReadAsymmetricMessage(
                     messageChunk,
                     ClientCertificate,
@@ -637,17 +643,23 @@ private bool ProcessOpenSecureChannelResponse(
                     out serverCertificate,
                     out requestId,
                     out sequenceNumber,
-                    m_oscRequestSignature,
+                    (State == TcpChannelState.Opening) ? m_oscRequestSignature : null,
                     out signature);
 
                 if (State == TcpChannelState.Opening)
                 {
-                    ComputeSecureChannelHash(signature);
+                    ChannelThumbprint = signature;
                 }
 
-                Console.WriteLine($"OSC:m_oscRequestSignature={TcpMessageType.KeyToString(m_oscRequestSignature)}");
-                Console.WriteLine($"OSC:signature={TcpMessageType.KeyToString(signature)}");
-                Console.WriteLine($"OSC:SecureChannelHash={TcpMessageType.KeyToString(SecureChannelHash)}");
+                CryptoTrace.Start(ConsoleColor.Magenta, $"ProcessOpenSecureChannelResponse ({(State != TcpChannelState.Opening ? "RENEW" : "OPEN")})");
+                CryptoTrace.WriteLine($"messageBody={CryptoTrace.KeyToString(messageBody)}");
+                CryptoTrace.WriteLine($"messageBody.Offset={messageBody.Offset}");
+                CryptoTrace.WriteLine($"ClientCertificate={ClientCertificate?.Thumbprint}");
+                CryptoTrace.WriteLine($"ServerCertificate={ServerCertificate?.Thumbprint}");
+                CryptoTrace.WriteLine($"RequestSignature={CryptoTrace.KeyToString(m_oscRequestSignature)}");
+                CryptoTrace.WriteLine($"ResponseSignature={CryptoTrace.KeyToString(signature)}");
+                CryptoTrace.WriteLine($"ChannelThumbprint={CryptoTrace.KeyToString(ChannelThumbprint)}");
+                CryptoTrace.Finish("ProcessOpenSecureChannelResponse");
             }
             catch (Exception e)
             {
@@ -813,7 +825,7 @@ protected override bool HandleIncomingMessage(
             uint messageType,
             ArraySegment<byte> messageChunk)
         {
-            m_logger.LogWarning("IN:{Size}", TcpMessageType.GetTypeAndSize(messageChunk));
+            //m_logger.LogWarning("IN:{Size}", TcpMessageType.GetTypeAndSize(messageChunk));
 
             // process a response.
             if (TcpMessageType.IsType(messageType, TcpMessageType.Message))
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs
index fa3ad84191..649eff2237 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs
@@ -104,7 +104,7 @@ public IServiceMessageContext MessageContext
             => m_quotas?.MessageContext ?? throw BadNotConnected();
 
         /// <inheritdoc/>
-        public byte[] SecureChannelHash => m_channel?.SecureChannelHash ?? [];
+        public byte[] ChannelThumbprint => m_channel?.ChannelThumbprint ?? [];
 
         /// <inheritdoc/>
         public byte[] SessionActivationSecret => m_channel?.SessionActivationSecret ?? [];
diff --git a/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs b/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs
index 772ae91045..e20c4b45bb 100644
--- a/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs
@@ -97,7 +97,7 @@ public interface ITransportChannel : IDisposable
         /// <summary>
         /// The unique identifier for the secure channel.
         /// </summary>
-        byte[] SecureChannelHash { get; }
+        byte[] ChannelThumbprint { get; }
 
         /// <summary>
         /// A secret used to re-activate sessions on a new secure channel.
diff --git a/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs b/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs
index 8f0029fb8f..219aa2fcb9 100644
--- a/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs
@@ -41,8 +41,8 @@ public IServiceMessageContext MessageContext
             => throw Unexpected(nameof(MessageContext));
 
         /// <inheritdoc/>
-        public byte[] SecureChannelHash
-            => throw Unexpected(nameof(SecureChannelHash));
+        public byte[] ChannelThumbprint
+            => throw Unexpected(nameof(ChannelThumbprint));
 
         /// <inheritdoc/>
         public byte[] SessionActivationSecret
diff --git a/Stack/Opc.Ua.Core/Stack/Types/UserNameIdentityToken.cs b/Stack/Opc.Ua.Core/Stack/Types/UserNameIdentityToken.cs
index 959660105d..cb5efd088b 100644
--- a/Stack/Opc.Ua.Core/Stack/Types/UserNameIdentityToken.cs
+++ b/Stack/Opc.Ua.Core/Stack/Types/UserNameIdentityToken.cs
@@ -58,7 +58,9 @@ public override void Encrypt(
             }
 
             // handle RSA encryption.
-            if (!CryptoUtils.IsEccPolicy(securityPolicyUri))
+            var securityPolicy = SecurityPolicies.GetInfo(securityPolicyUri);
+
+            if (securityPolicy.EphemeralKeyAlgorithm == CertificateKeyAlgorithm.None)
             {
                 byte[] dataToEncrypt = Utils.Append(DecryptedPassword, receiverNonce);
 
@@ -73,7 +75,8 @@ public override void Encrypt(
                 m_encryptionAlgorithm = encryptedData.Algorithm;
                 Array.Clear(dataToEncrypt, 0, dataToEncrypt.Length);
             }
-            // handle ECC encryption.
+
+            // handle ECC and RSADH encryption.
             else
             {
                 // check if the complete chain is included in the sender issuers.
@@ -98,7 +101,7 @@ public override void Encrypt(
                     receiverCertificate,
                     receiverEphemeralKey,
                     senderCertificate,
-                    Nonce.CreateNonce(SecurityPolicies.GetInfo(securityPolicyUri)),
+                    Nonce.CreateNonce(securityPolicy),
                     null,
                     doNotEncodeSenderCertificate);
 
@@ -138,7 +141,9 @@ public override void Decrypt(
             }
 
             // handle RSA encryption.
-            if (!CryptoUtils.IsEccPolicy(securityPolicyUri))
+            var securityPolicy = SecurityPolicies.GetInfo(securityPolicyUri);
+
+            if (securityPolicy.EphemeralKeyAlgorithm == CertificateKeyAlgorithm.None)
             {
                 var encryptedData = new EncryptedData
                 {
@@ -182,7 +187,8 @@ public override void Decrypt(
                 Array.Copy(decryptedPassword, DecryptedPassword, startOfNonce);
                 Array.Clear(decryptedPassword, 0, decryptedPassword.Length);
             }
-            // handle ECC encryption.
+
+            // handle ECC and RSADH encryption.
             else
             {
                 var secret = new EncryptedSecret(

From 1ca156c4a89cbf6513f7930b7347d69a0a661e9a Mon Sep 17 00:00:00 2001
From: Randy Armstrong <randy@sparhawksoftware.com>
Date: Thu, 11 Dec 2025 07:40:09 -0800
Subject: [PATCH 08/15] Finish implementation of SecureChannelEnhancements.

---
 .../ConsoleReferenceClient/RunTest.cs         |   4 +-
 .../Quickstarts.ReferenceServer.Config.xml    |  49 +++++--
 .../ReferenceServer/ReferenceServer.cs        |   2 +-
 Libraries/Opc.Ua.Client/Session/Session.cs    |  38 +-----
 .../Opc.Ua.Server/Server/StandardServer.cs    |  44 ------
 Libraries/Opc.Ua.Server/Session/ISession.cs   |   7 -
 .../Opc.Ua.Server/Session/ISessionManager.cs  |  11 --
 Libraries/Opc.Ua.Server/Session/Session.cs    |  43 ------
 .../Opc.Ua.Server/Session/SessionManager.cs   |  31 +----
 .../Security/Certificates/Nonce.cs            |  25 +++-
 .../Constants/AdditionalParameterNames.cs     |   5 -
 .../Security/Constants/SecurityPolicyInfo.cs  | 127 +-----------------
 .../Stack/Client/ClientChannelManager.cs      |   3 -
 .../Stack/Https/HttpsTransportChannel.cs      |   3 -
 .../Stack/Server/SecureChannelContext.cs      |  10 +-
 Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs   |   5 -
 .../Stack/Tcp/TcpTransportListener.cs         |   3 +-
 .../Stack/Tcp/UaSCBinaryChannel.Symmetric.cs  |  18 ---
 .../Stack/Tcp/UaSCBinaryChannel.cs            |   3 -
 .../Stack/Tcp/UaSCBinaryTransportChannel.cs   |   3 -
 .../Stack/Transport/ITransportChannel.cs      |   5 -
 .../Stack/Transport/NullChannel.cs            |   4 -
 UA Reference.sln                              |  19 +--
 23 files changed, 81 insertions(+), 381 deletions(-)

diff --git a/Applications/ConsoleReferenceClient/RunTest.cs b/Applications/ConsoleReferenceClient/RunTest.cs
index 482e122285..116b728d43 100644
--- a/Applications/ConsoleReferenceClient/RunTest.cs
+++ b/Applications/ConsoleReferenceClient/RunTest.cs
@@ -108,12 +108,12 @@ public async Task<bool> RunAsync(ManualResetEvent quitEvent, CancellationToken c
                     ServerUrl,
                     ct).ConfigureAwait(false);
 
-                // endpoints = endpoints.Where(x => x.SecurityPolicyUri == SecurityPolicies.ECC_nistP256_AesGcm).ToList();
+                //endpoints = endpoints.Where(x => x.SecurityPolicyUri == SecurityPolicies.RSA_DH_ChaChaPoly).ToList();
 
                 var endpointConfiguration = EndpointConfiguration.Create(m_configuration);
                 var sessionFactory = new DefaultSessionFactory(m_context);
                 var userNameidentity = new UserIdentity("sysadmin", new UTF8Encoding(false).GetBytes("demo"));
-                // var userNameidentity = new UserIdentity("usr", new UTF8Encoding(false).GetBytes("pwd"));
+                //var userNameidentity = new UserIdentity("usr", new UTF8Encoding(false).GetBytes("pwd"));
 
                 foreach (var ii in endpoints)
                 {
diff --git a/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml b/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
index 41fe629bca..5de749c282 100644
--- a/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
+++ b/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
@@ -138,6 +138,38 @@
       -->
       <ServerSecurityPolicy>
         <SecurityMode>Sign_2</SecurityMode>
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>
+      </ServerSecurityPolicy>
+      <ServerSecurityPolicy>
+        <SecurityMode>SignAndEncrypt_3</SecurityMode>
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>
+      </ServerSecurityPolicy>
+      <ServerSecurityPolicy>
+        <SecurityMode>Sign_2</SecurityMode>
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AesGcm</SecurityPolicyUri>
+      </ServerSecurityPolicy>
+      <ServerSecurityPolicy>
+        <SecurityMode>SignAndEncrypt_3</SecurityMode>
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AesGcm</SecurityPolicyUri>
+      </ServerSecurityPolicy>
+      <ServerSecurityPolicy>
+        <SecurityMode>Sign_2</SecurityMode>
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>
+      </ServerSecurityPolicy>
+      <ServerSecurityPolicy>
+        <SecurityMode>SignAndEncrypt_3</SecurityMode>
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>
+      </ServerSecurityPolicy>
+      <ServerSecurityPolicy>
+        <SecurityMode>Sign_2</SecurityMode>
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_AesGcm</SecurityPolicyUri>
+      </ServerSecurityPolicy>
+      <ServerSecurityPolicy>
+        <SecurityMode>SignAndEncrypt_3</SecurityMode>
+        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_AesGcm</SecurityPolicyUri>
+      </ServerSecurityPolicy>
+      <!--<ServerSecurityPolicy>
+        <SecurityMode>Sign_2</SecurityMode>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AesGcm</SecurityPolicyUri>-->
@@ -148,12 +180,11 @@
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_ChaChaPoly</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_AesGcm</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>-->
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_AesGcm</SecurityPolicyUri>
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_ChaChaPoly</SecurityPolicyUri>-->
-      </ServerSecurityPolicy>
-      <ServerSecurityPolicy>
-        
-        <SecurityMode>SignAndEncrypt_3</SecurityMode>
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_AesGcm</SecurityPolicyUri>-->
+      <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_ChaChaPoly</SecurityPolicyUri>
+      </ServerSecurityPolicy>-->
+      <!--<ServerSecurityPolicy>
+        <SecurityMode>SignAndEncrypt_3</SecurityMode>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AesGcm</SecurityPolicyUri>-->
@@ -164,9 +195,9 @@
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP256r1_ChaChaPoly</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_AesGcm</SecurityPolicyUri>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>-->
-        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_AesGcm</SecurityPolicyUri>
-        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_ChaChaPoly</SecurityPolicyUri>-->
-      </ServerSecurityPolicy>
+        <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_AesGcm</SecurityPolicyUri>-->
+      <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_ChaChaPoly</SecurityPolicyUri>
+      </ServerSecurityPolicy>-->
       <!--
       <ServerSecurityPolicy>
         <SecurityMode>Sign_2</SecurityMode>
diff --git a/Applications/Quickstarts.Servers/ReferenceServer/ReferenceServer.cs b/Applications/Quickstarts.Servers/ReferenceServer/ReferenceServer.cs
index 089b4c372a..7e16f2e296 100644
--- a/Applications/Quickstarts.Servers/ReferenceServer/ReferenceServer.cs
+++ b/Applications/Quickstarts.Servers/ReferenceServer/ReferenceServer.cs
@@ -309,7 +309,7 @@ private void SessionManager_ImpersonateUser(ISession session, ImpersonateEventAr
                 m_logger.LogInformation(
                     Utils.TraceMasks.Security,
                     "X509 Token Accepted: {Identity}",
-                    args.Identity?.DisplayName);
+                    args.Identity.DisplayName);
 
                 return;
             }
diff --git a/Libraries/Opc.Ua.Client/Session/Session.cs b/Libraries/Opc.Ua.Client/Session/Session.cs
index 484bb06507..d05d60d450 100644
--- a/Libraries/Opc.Ua.Client/Session/Session.cs
+++ b/Libraries/Opc.Ua.Client/Session/Session.cs
@@ -1309,7 +1309,7 @@ await m_configuration
                     m_preferredLocales = [.. preferredLocales];
                 }
 
-                var header = CreateRequestHeaderForSessionActivationToken(securityPolicy, null, tokenSecurityPolicyUri);
+                var header = CreateRequestHeaderForActivateSession(securityPolicy, tokenSecurityPolicyUri);
 
                 // activate session.
                 ActivateSessionResponse activateResponse = await ActivateSessionAsync(
@@ -1352,7 +1352,6 @@ await m_configuration
                     m_previousServerNonce = m_serverNonce;
                     m_serverNonce = serverNonce;
                     m_serverCertificate = serverCertificate;
-                    m_sessionActivationSecret = TransportChannel.SessionActivationSecret;
 
                     // update system context.
                     m_systemContext.PreferredLocales = m_preferredLocales;
@@ -1529,13 +1528,8 @@ public async Task UpdateSessionAsync(
             SignedSoftwareCertificateCollection clientSoftwareCertificates = new();
 
             // during debugging send the sesson transfer token on all activations.
-            RequestHeader? requestHeader = CreateRequestHeaderForSessionActivationToken(
+            RequestHeader? requestHeader = CreateRequestHeaderForActivateSession(
                 securityPolicy,
-#if DEBUG
-                m_sessionActivationSecret,
-#else
-                null,
-#endif
                 tokenSecurityPolicyUri);
 
             ActivateSessionResponse response = await ActivateSessionAsync(
@@ -2476,9 +2470,8 @@ public async Task ReconnectAsync(
 
                 m_logger.LogInformation("Session RE-ACTIVATING {SessionId}.", SessionId);
 
-                var header = CreateRequestHeaderForSessionActivationToken(
+                var header = CreateRequestHeaderForActivateSession(
                     securityPolicy,
-                    m_sessionActivationSecret,
                     tokenSecurityPolicyUri);
 
                 if (header == null)
@@ -4843,38 +4836,18 @@ private RequestHeader CreateRequestHeaderPerUserTokenPolicy(
             return requestHeader;
         }
 
-        private RequestHeader? CreateRequestHeaderForSessionActivationToken(
+        private RequestHeader? CreateRequestHeaderForActivateSession(
             SecurityPolicyInfo securityPolicy,
-            byte[]? sessionActivationSecret,
             string userTokenSecurityPolicyUri)
         {
             var requestHeader = new RequestHeader();
             var parameters = new AdditionalParametersType();
 
-            if (sessionActivationSecret != null)
-            {
-                var sessionTransferToken = securityPolicy.CreateSessionTransferToken(
-                    TransportChannel.ChannelThumbprint,
-                    sessionActivationSecret);
-
-                if (sessionTransferToken != null && sessionTransferToken.Length > 0)
-                {
-                    parameters.Parameters.Add(
-                        new KeyValuePair
-                        {
-                            Key = AdditionalParameterNames.SessionTransferToken,
-                            Value = sessionTransferToken
-                        });
-
-                    m_logger.LogWarning("Sending SessionTransferToken {Policy}.", CryptoTrace.KeyToString(sessionTransferToken));
-                }
-            }
-
             if (userTokenSecurityPolicyUri != null)
             {
                 var userTokenSecurityPolicy = SecurityPolicies.GetInfo(userTokenSecurityPolicyUri);
 
-                if (userTokenSecurityPolicy.CertificateKeyFamily == CertificateKeyFamily.ECC)
+                if (userTokenSecurityPolicy.EphemeralKeyAlgorithm != CertificateKeyAlgorithm.None)
                 {
                     parameters.Parameters.Add(
                         new KeyValuePair
@@ -5056,7 +5029,6 @@ protected virtual void ProcessResponseAdditionalHeader(
         private byte[]? m_serverNonce;
         private byte[]? m_clientNonce;
         private byte[]? m_previousServerNonce;
-        private byte[]? m_sessionActivationSecret;
         private X509Certificate2? m_serverCertificate;
         private uint m_publishCounter;
         private int m_tooManyPublishRequests;
diff --git a/Libraries/Opc.Ua.Server/Server/StandardServer.cs b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
index 3b31f171db..5c381b5ade 100644
--- a/Libraries/Opc.Ua.Server/Server/StandardServer.cs
+++ b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
@@ -747,9 +747,6 @@ public override async Task<ActivateSessionResponse> ActivateSessionAsync(
 
             try
             {
-                // validate the session transfer token if provided.
-                VerifySessionTransferToken(context, requestHeader);
-
                 // activate the session.
                 (bool identityChanged, serverNonce) = await ServerInternal.SessionManager.ActivateSessionAsync(
                         context,
@@ -835,47 +832,6 @@ public override async Task<ActivateSessionResponse> ActivateSessionAsync(
             }
         }
 
-        /// <summary>
-        /// Verifies the session transfer token.
-        /// </summary>
-        protected bool VerifySessionTransferToken(OperationContext context, RequestHeader requestHeader)
-        {
-            byte[] sessionTransferToken = null;
-
-            var parameters =
-                ExtensionObject.ToEncodeable(
-                    requestHeader.AdditionalHeader) as AdditionalParametersType;
-
-            if (parameters != null)
-            {
-                foreach (KeyValuePair ii in parameters.Parameters)
-                {
-                    if (ii.Key == AdditionalParameterNames.SessionTransferToken)
-                    {
-                        if (ii.Value.TypeInfo != TypeInfo.Scalars.ByteString || ii.Value.Value is not byte[])
-                        {
-                            m_logger.LogWarning(
-                                "SessionTransferToken has an invalid DataType. Ignored.");
-                        }
-
-                        if (ii.Value.Value is byte[] token)
-                        {
-                            m_logger.LogWarning("SessionTransferToken received: {PublicKey}.", CryptoTrace.KeyToString(token));
-                            sessionTransferToken = token;
-                            break;
-                        }
-                    }
-                }
-            }
-
-            ServerInternal.SessionManager.ValidateSessionTransferToken(
-                context,
-                requestHeader.AuthenticationToken,
-                sessionTransferToken);
-
-            return true;
-        }
-
         /// <summary>
         /// Returns whether the error is a security error.
         /// </summary>
diff --git a/Libraries/Opc.Ua.Server/Session/ISession.cs b/Libraries/Opc.Ua.Server/Session/ISession.cs
index a081fc545d..651488da23 100644
--- a/Libraries/Opc.Ua.Server/Session/ISession.cs
+++ b/Libraries/Opc.Ua.Server/Session/ISession.cs
@@ -113,13 +113,6 @@ public interface ISession : IDisposable
         /// </summary>
         SessionDiagnosticsDataType SessionDiagnostics { get; }
 
-        /// <summary>
-        /// Validates a session transfer token before activating the session.
-        /// </summary>
-        /// <param name="context"></param>
-        /// <param name="sessionActivationToken"></param>
-        void ValidateSessionTransferToken(OperationContext context, byte[] sessionActivationToken);
-
         /// <summary>
         /// Activates the session and binds it to the current secure channel.
         /// </summary>
diff --git a/Libraries/Opc.Ua.Server/Session/ISessionManager.cs b/Libraries/Opc.Ua.Server/Session/ISessionManager.cs
index 98f6bdf514..1eb759c751 100644
--- a/Libraries/Opc.Ua.Server/Session/ISessionManager.cs
+++ b/Libraries/Opc.Ua.Server/Session/ISessionManager.cs
@@ -141,17 +141,6 @@ ValueTask<CreateSessionResult> CreateSessionAsync(
         /// and that the sequence number is not out of order (update requests only).
         /// </remarks>
         OperationContext ValidateRequest(RequestHeader requestHeader, SecureChannelContext secureChannelContext, RequestType requestType);
-
-        /// <summary>
-        /// Validates the session transfer token prior to processing an ActivateSession request.
-        /// </summary>
-        /// <param name="context">The operation context in which the validation is performed.</param>
-        /// <param name="authenticationToken">The authentication token associated with the session.</param>
-        /// <param name="sessionActivationToken">The activation token used to verify the session transfer.</param>
-        void ValidateSessionTransferToken(
-            OperationContext context,
-            NodeId authenticationToken,
-            byte[] sessionActivationToken);
     }
 
     /// <summary>
diff --git a/Libraries/Opc.Ua.Server/Session/Session.cs b/Libraries/Opc.Ua.Server/Session/Session.cs
index 904495fcb5..5c06ae3dd2 100644
--- a/Libraries/Opc.Ua.Server/Session/Session.cs
+++ b/Libraries/Opc.Ua.Server/Session/Session.cs
@@ -96,7 +96,6 @@ public Session(
 
             SecureChannelId = context.ChannelContext.SecureChannelId;
             m_channelThumbprint = context.ChannelContext.ChannelThumbprint;
-            m_sessionActivationSecret = context.ChannelContext.SessionActivationSecret;
             MaxBrowseContinuationPoints = maxBrowseContinuationPoints;
             m_maxHistoryContinuationPoints = maxHistoryContinuationPoints;
             EndpointDescription = context.ChannelContext.EndpointDescription;
@@ -570,47 +569,6 @@ public void ValidateBeforeActivate(
 
         }
 
-        /// <inheritdoc/>
-        public void ValidateSessionTransferToken(
-            OperationContext context,
-            byte[] sessionActivationToken)
-        {
-            var newSecurityMode = context.ChannelContext.EndpointDescription.SecurityMode;
-            var oldSecurityMode = EndpointDescription.SecurityMode;
-
-            var newSecurityPolicyUri = context.ChannelContext.EndpointDescription.SecurityPolicyUri;
-            var oldSecurityPolicyUri = EndpointDescription.SecurityPolicyUri;
-
-            if (newSecurityMode != oldSecurityMode)
-            {
-                throw new ServiceResultException(StatusCodes.BadSecurityModeRejected);
-            }
-
-            if (newSecurityPolicyUri != oldSecurityPolicyUri)
-            {
-                throw new ServiceResultException(StatusCodes.BadSecurityPolicyRejected);
-            }
-
-            var info = SecurityPolicies.GetInfo(oldSecurityPolicyUri);
-
-            // check if session activation token is required.
-            if (sessionActivationToken == null)
-            {
-                if (newSecurityMode == MessageSecurityMode.Sign && info.SecureChannelEnhancements)
-                {
-                    throw new ServiceResultException(StatusCodes.BadApplicationSignatureInvalid);
-                }
-            }
-
-            if (!info.ValidateSessionActivationToken(
-                    sessionActivationToken,
-                    context.ChannelContext.ChannelThumbprint,
-                    m_sessionActivationSecret))
-            {
-                throw new ServiceResultException(StatusCodes.BadApplicationSignatureInvalid);
-            }
-        }
-
         /// <summary>
         /// Activates the session and binds it to the current secure channel.
         /// </summary>
@@ -1348,7 +1306,6 @@ private void UpdateDiagnosticCounters(
         private X509Certificate2 m_serverCertificate;
         private Nonce m_serverNonce;
         private byte[] m_channelThumbprint;
-        private byte[] m_sessionActivationSecret;
         private string m_userTokenSecurityPolicyUri;
         private Nonce m_userTokenNonce;
         private readonly X509Certificate2Collection m_clientIssuerCertificates;
diff --git a/Libraries/Opc.Ua.Server/Session/SessionManager.cs b/Libraries/Opc.Ua.Server/Session/SessionManager.cs
index ce8d198b81..9f8818d6be 100644
--- a/Libraries/Opc.Ua.Server/Session/SessionManager.cs
+++ b/Libraries/Opc.Ua.Server/Session/SessionManager.cs
@@ -219,8 +219,7 @@ public virtual async ValueTask<CreateSessionResult> CreateSessionAsync(
                 }
 
                 // create server nonce.
-                var serverNonceObject = Nonce.CreateNonce(
-                    context.ChannelContext.EndpointDescription.SecurityPolicyUri);
+                var serverNonceObject = Nonce.CreateNonce(0);
 
                 // assign client name.
                 if (string.IsNullOrEmpty(sessionName))
@@ -534,34 +533,6 @@ EventHandler<ValidateSessionLessRequestEventArgs> handler
             }
         }
 
-        /// <summary>
-        /// Validates the session transfer token prior to processing an ActivateSession request.
-        /// </summary>
-        public void ValidateSessionTransferToken(
-            OperationContext context,
-            NodeId authenticationToken,
-            byte[] sessionActivationToken)
-        {
-            ISession session = null;
-
-            if (!m_sessions.TryGetValue(authenticationToken, out session))
-            {
-                throw new ServiceResultException(StatusCodes.BadSessionIdInvalid);
-            }
-
-            if (session.SecureChannelId != context.ChannelContext.SecureChannelId)
-            {
-                session.ValidateSessionTransferToken(context, sessionActivationToken);
-            }
-#if DEBUG
-            // always check when debugging.
-            else if (sessionActivationToken != null)
-            {
-                session.ValidateSessionTransferToken(context, sessionActivationToken);
-            }
-#endif
-        }
-
         /// <summary>
         /// Creates a new instance of a session.
         /// </summary>
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs b/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs
index 5b2ce522ea..3ad7693825 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/Nonce.cs
@@ -174,6 +174,15 @@ public byte[] DeriveKeyData(
             return output;
         }
 
+        /// <summary>
+        /// Generates a Nonce for cryptographic functions of a given length.
+        /// </summary>
+        /// <returns>The requested Nonce as a</returns>
+        public static Nonce CreateNonce(int length)
+        {
+            return new Nonce { Data = CreateRandomNonceData(length) };
+        }
+
         /// <summary>
         /// Creates a nonce for the specified security policy URI and nonce length.
         /// </summary>
@@ -201,7 +210,7 @@ public static Nonce CreateNonce(SecurityPolicyInfo securityPolicy)
                         //2048 => CreateNonce(RSADiffieHellmanGroup.FFDHE2048),
                         //3072 => CreateNonce(RSADiffieHellmanGroup.FFDHE3072),
                         //4096 => CreateNonce(RSADiffieHellmanGroup.FFDHE4096),
-                        _ => CreateNonce(RSADiffieHellmanGroup.FFDHE4096)
+                        _ => CreateNonce(RSADiffieHellmanGroup.FFDHE3072)
                     };
                 case CertificateKeyAlgorithm.NistP256:
                     return CreateNonce(ECCurve.NamedCurves.nistP256);
@@ -275,6 +284,11 @@ public static Nonce CreateNonce(SecurityPolicyInfo securityPolicy, byte[] nonceD
         /// <returns>The requested Nonce as a</returns>
         public static byte[] CreateRandomNonceData(int length)
         {
+            if (length < s_minNonceLength)
+            {
+                length = (int)s_minNonceLength;
+            }
+
             byte[] randomBytes = new byte[length];
             s_rng.GetBytes(randomBytes);
             return randomBytes;
@@ -551,7 +565,8 @@ 7930E9E4 E58857B6 AC7D5F42 D69F6D18 7763CF1D 55034004
             87F55BA5 7E31CC7A 7135C886 EFB4318A ED6A1E01 2D9E6832
             A907600A 918130C4 6DC778F9 71AD0038 092999A3 33CB8B7A
             1A1DB93D 7140003C 2A4ECEA9 F98D0ACC 0A8291CD CEC97DCF
-            8EC9B55A 7F88A46B 4DB5A851 F44182E1 C68A007E 5E655F6A";
+            8EC9B55A 7F88A46B 4DB5A851 F44182E1 C68A007E 5E655F6A
+            FFFFFFFF FFFFFFFF";
 
         static readonly Lazy<BigInteger> s_P4096 = new(() => RfcTextToBytes(FFDHE4096_HEX));
 
@@ -683,6 +698,12 @@ public byte[] DeriveRawSecretAgreement(RSADiffieHellman remoteKey)
                 Array.Copy(bytes, 0, padded, 0, bytes.Length);
                 bytes = padded;
             }
+            else if (bytes.Length > m_nonceLength)
+            {
+                var trucated = new byte[m_nonceLength];
+                Array.Copy(bytes, 0, trucated, 0, m_nonceLength);
+                bytes = trucated;
+            }
 
             // make sure bytes are in big-endian order.
             Array.Reverse(bytes);
diff --git a/Stack/Opc.Ua.Core/Security/Constants/AdditionalParameterNames.cs b/Stack/Opc.Ua.Core/Security/Constants/AdditionalParameterNames.cs
index c939d8b92b..880b3d0d64 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/AdditionalParameterNames.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/AdditionalParameterNames.cs
@@ -25,10 +25,5 @@ public static class AdditionalParameterNames
         /// Padding bytes added to randomize the length of messages.
         /// </summary>
         public const string Padding = "Padding";
-
-        /// <summary>
-        /// A token used to authenticate a transfer of a session to a new secure channel.
-        /// </summary>
-        public const string SessionTransferToken = "SessionTransferToken";
     }
 }
diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
index 2abe255918..1d7af8a5cb 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicyInfo.cs
@@ -166,27 +166,7 @@ public SecurityPolicyInfo(string uri, string name = null)
         /// Returns the derived client key data length.
         /// </summary>
         public int ClientKeyDataLength =>
-             (DerivedSignatureKeyLength + SymmetricEncryptionKeyLength + InitializationVectorLength + SessionActivationSecretLength);
-
-        /// <summary>
-        /// Returns the session activation secret length.
-        /// </summary>
-        public int SessionActivationSecretLength
-        {
-            get
-            {
-                //if (SecureChannelEnhancements)
-                //{
-                //    return KeyDerivationAlgorithm switch
-                //    {
-                //        KeyDerivationAlgorithm.HKDFSha256 => 32,
-                //        KeyDerivationAlgorithm.HKDFSha384 => 48,
-                //        _ => 32
-                //    };
-                //}
-                return 0;
-            }
-        }
+             (DerivedSignatureKeyLength + SymmetricEncryptionKeyLength + InitializationVectorLength);
 
         /// <summary>
         /// Returns the data to be signed by the server when creating a session.
@@ -358,103 +338,6 @@ public HashAlgorithmName GetKeyDerivationHashAlgorithmName()
             };
         }
 
-        /// <summary>
-        /// Validates a session activation token.
-        /// </summary>
-        public bool ValidateSessionActivationToken(
-            byte[] sessionActivationToken,
-            byte[] newChannelThumbprint,
-            byte[] oldSessionActivatationSecret)
-        {
-            if (SecureChannelEnhancements == false)
-            {
-                // tokens are not used when secure channel enhancements are disabled.
-                return true;
-            }
-
-            if (sessionActivationToken == null || sessionActivationToken.Length == 0)
-            {
-                return false;
-            }
-
-            if (oldSessionActivatationSecret == null || oldSessionActivatationSecret.Length == 0)
-            {
-                return false;
-            }
-
-            if (newChannelThumbprint == null || newChannelThumbprint.Length == 0)
-            {
-                return false;
-            }
-
-            HMAC hmac;
-            
-            switch (KeyDerivationAlgorithm)
-            {
-                default:
-                case KeyDerivationAlgorithm.HKDFSha256:
-                    hmac = new HMACSHA256(oldSessionActivatationSecret);
-                    break;
-                case KeyDerivationAlgorithm.HKDFSha384:
-                    hmac = new HMACSHA384(oldSessionActivatationSecret);
-                    break;
-            }
-
-            using (hmac)
-            {
-                byte[] expectedToken = hmac.ComputeHash(newChannelThumbprint);
-
-                if (!Utils.IsEqual(expectedToken, sessionActivationToken))
-                {
-                    return false;
-                }
-            }
-
-            return true;
-        }
-
-        /// <summary>
-        /// Creats a session activation token.
-        /// </summary>
-        public byte[] CreateSessionTransferToken(
-            byte[] newChannelThumbprint,
-            byte[] oldSessionActivatationSecret)
-        {
-            if (SecureChannelEnhancements == false)
-            {
-                // tokens are not used when secure channel enhancements are disabled.
-                return null;
-            }
-
-            if (oldSessionActivatationSecret == null || oldSessionActivatationSecret.Length == 0)
-            {
-                return null;
-            }
-
-            if (newChannelThumbprint == null || newChannelThumbprint.Length == 0)
-            {
-                return null;
-            }
-
-            HMAC hmac;
-
-            switch (KeyDerivationAlgorithm)
-            {
-                default:
-                case KeyDerivationAlgorithm.HKDFSha256:
-                    hmac = new HMACSHA256(oldSessionActivatationSecret);
-                    break;
-                case KeyDerivationAlgorithm.HKDFSha384:
-                    hmac = new HMACSHA384(oldSessionActivatationSecret);
-                    break;
-            }
-
-            using (hmac)
-            {
-                return hmac.ComputeHash(newChannelThumbprint);
-            }
-        }
-
         /// <summary>
         /// The security policy that does not provide any security.
         /// </summary>
@@ -1086,10 +969,10 @@ public byte[] CreateSessionTransferToken(
             SymmetricSignatureLength = 128 / 8,
             MinAsymmetricKeyLength = 2048,
             MaxAsymmetricKeyLength = 4096,
-            SecureChannelNonceLength = 512,
+            SecureChannelNonceLength = 384,
             LegacySequenceNumbers = false,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
-            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPssSha256,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
             CertificateKeyFamily = CertificateKeyFamily.RSA,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
@@ -1112,10 +995,10 @@ public byte[] CreateSessionTransferToken(
             SymmetricSignatureLength = 128 / 8,
             MinAsymmetricKeyLength = 2048,
             MaxAsymmetricKeyLength = 4096,
-            SecureChannelNonceLength = 512,
+            SecureChannelNonceLength = 384,
             LegacySequenceNumbers = false,
             AsymmetricEncryptionAlgorithm = AsymmetricEncryptionAlgorithm.None,
-            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPssSha256,
+            AsymmetricSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
             CertificateKeyFamily = CertificateKeyFamily.RSA,
             CertificateKeyAlgorithm = CertificateKeyAlgorithm.RSA,
             CertificateSignatureAlgorithm = AsymmetricSignatureAlgorithm.RsaPkcs15Sha256,
diff --git a/Stack/Opc.Ua.Core/Stack/Client/ClientChannelManager.cs b/Stack/Opc.Ua.Core/Stack/Client/ClientChannelManager.cs
index 83cd1c52e3..970633210c 100644
--- a/Stack/Opc.Ua.Core/Stack/Client/ClientChannelManager.cs
+++ b/Stack/Opc.Ua.Core/Stack/Client/ClientChannelManager.cs
@@ -364,9 +364,6 @@ private sealed class ClientChannel : ITransportChannel
             /// <inheritdoc/>
             public byte[] ChannelThumbprint => m_channel?.ChannelThumbprint ?? [];
 
-            /// <inheritdoc/>
-            public byte[] SessionActivationSecret => m_channel?.SessionActivationSecret ?? [];
-
             /// <inheritdoc/>
             public byte[] ClientChannelCertificate => m_channel?.ClientChannelCertificate ?? [];
 
diff --git a/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs b/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs
index 739e011085..71524e08a4 100644
--- a/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs
@@ -120,9 +120,6 @@ public IServiceMessageContext MessageContext
         /// <inheritdoc/>
         public byte[] ChannelThumbprint => [];
 
-        /// <inheritdoc/>
-        public byte[] SessionActivationSecret => [];
-
         /// <inheritdoc/>
         public byte[] ClientChannelCertificate { get; private set; } = [];
 
diff --git a/Stack/Opc.Ua.Core/Stack/Server/SecureChannelContext.cs b/Stack/Opc.Ua.Core/Stack/Server/SecureChannelContext.cs
index 5136e3026a..a967577918 100644
--- a/Stack/Opc.Ua.Core/Stack/Server/SecureChannelContext.cs
+++ b/Stack/Opc.Ua.Core/Stack/Server/SecureChannelContext.cs
@@ -27,7 +27,6 @@ public class SecureChannelContext
         /// <param name="endpointDescription">The endpoint description.</param>
         /// <param name="messageEncoding">The message encoding.</param>
         /// <param name="channelThumbprint">The unique hash for the secure channel calculated during channel creation.</param>
-        /// <param name="sessionActivationSecret">A secret used to re-activate sessions on a new secure channel.</param>
         /// <param name="clientChannelCertificate">The client certificate used to establsih the secure channel.</param>
         /// <param name="serverChannelCertificate">The server certificate used to establsih the secure channel.</param>
         public SecureChannelContext(
@@ -36,8 +35,7 @@ public SecureChannelContext(
             RequestEncoding messageEncoding,
             byte[] clientChannelCertificate,
             byte[] serverChannelCertificate,
-            byte[] channelThumbprint = null,
-            byte[] sessionActivationSecret = null)
+            byte[] channelThumbprint = null)
         {
             SecureChannelId = secureChannelId;
             EndpointDescription = endpointDescription;
@@ -45,7 +43,6 @@ public SecureChannelContext(
             ClientChannelCertificate = clientChannelCertificate;
             ServerChannelCertificate = serverChannelCertificate;
             ChannelThumbprint = channelThumbprint;
-            SessionActivationSecret = sessionActivationSecret;
         }
 
         /// <summary>
@@ -71,11 +68,6 @@ public SecureChannelContext(
         /// </summary>
         public byte[] ChannelThumbprint { get; }
 
-        /// <summary>
-        /// A secret used to re-activate sessions on a new secure channel.
-        /// </summary>
-        public byte[] SessionActivationSecret { get; }
-
         /// <summary>
         /// The client certificate used to establsih the secure channel.
         /// </summary>
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs b/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs
index 39d21c6234..c2495741cd 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs
@@ -150,10 +150,5 @@ public void Dispose()
         /// The initialization vector by the server when encrypting a message.
         /// </summary>
         internal byte[] ServerInitializationVector { get; set; }
-
-        /// <summary>
-        /// The secret used to re-activate sessions on a new secure channel.
-        /// </summary>
-        internal byte[] SessionActivationSecret { get; set; }
     }
 }
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs b/Stack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs
index 0e8b723fac..49d7463478 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs
@@ -1015,8 +1015,7 @@ private async void OnRequestReceivedAsync(
                         RequestEncoding.Binary,
                         channel.ClientCertificate?.RawData,
                         channel.ServerCertificate?.RawData,
-                        channel.ChannelThumbprint,
-                        channel.SessionActivationSecret);
+                        channel.ChannelThumbprint);
 
                     IServiceResponse response = await m_callback.ProcessRequestAsync(
                         context,
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
index 475052c0b1..70f38eb1c8 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
@@ -184,7 +184,6 @@ private void DeriveKeysWithPSHA(
                 token.ClientSigningKey = signingKey;
                 token.ClientEncryptingKey = encryptingKey;
                 token.ClientInitializationVector = iv;
-                token.SessionActivationSecret = null;
             }
         }
 
@@ -215,26 +214,12 @@ private void DeriveKeysWithHKDF(
                 token.ServerSigningKey = signingKey;
                 token.ServerEncryptingKey = encryptingKey;
                 token.ServerInitializationVector = iv;
-                token.SessionActivationSecret = null;
             }
             else
             {
                 token.ClientSigningKey = signingKey;
                 token.ClientEncryptingKey = encryptingKey;
                 token.ClientInitializationVector = iv;
-                token.SessionActivationSecret = null;
-
-                //if (SecurityPolicy.SecureChannelEnhancements)
-                //{
-                //    token.SessionActivationSecret = new byte[token.SecurityPolicy.SessionActivationSecretLength];
-
-                //    Buffer.BlockCopy(
-                //        keyData,
-                //        m_signatureKeySize + m_encryptionKeySize + EncryptionBlockSize,
-                //        token.SessionActivationSecret,
-                //        0,
-                //        token.SessionActivationSecret.Length);
-                //}
             }
         }
 
@@ -285,7 +270,6 @@ protected void ComputeKeys(ChannelToken token)
                     CryptoTrace.WriteLine($"ServerInitializationVector={CryptoTrace.KeyToString(token.ServerInitializationVector)}");
                     CryptoTrace.WriteLine($"ClientEncryptingKey={CryptoTrace.KeyToString(token.ClientEncryptingKey)}");
                     CryptoTrace.WriteLine($"ClientInitializationVector={CryptoTrace.KeyToString(token.ClientInitializationVector)}");
-                    CryptoTrace.WriteLine($"SessionActivationSecret={CryptoTrace.KeyToString(token.SessionActivationSecret)}");
                     CryptoTrace.Finish("ComputeKeys");
                     break;
                 }
@@ -298,8 +282,6 @@ protected void ComputeKeys(ChannelToken token)
                     DeriveKeysWithPSHA(algorithmName, clientSecret, serverSecret, token, true);
                     break;
             }
-
-            SessionActivationSecret = token.SessionActivationSecret;
         }
 
         /// <summary>
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.cs
index 1509bac7dc..47f94b91d9 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.cs
@@ -241,9 +241,6 @@ protected virtual void Dispose(bool disposing)
         /// <inheritdoc/>
         internal byte[] ChannelThumbprint { get; set; }
 
-        /// <inheritdoc/>
-        internal byte[] SessionActivationSecret { get; set; }
-
         /// <inheritdoc/>
         public byte[] ClientChannelCertificate { get; protected set; }
 
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs
index 649eff2237..2150e73e0c 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs
@@ -106,9 +106,6 @@ public IServiceMessageContext MessageContext
         /// <inheritdoc/>
         public byte[] ChannelThumbprint => m_channel?.ChannelThumbprint ?? [];
 
-        /// <inheritdoc/>
-        public byte[] SessionActivationSecret => m_channel?.SessionActivationSecret ?? [];
-
         /// <inheritdoc/>
         public byte[] ClientChannelCertificate => m_channel?.ClientChannelCertificate ?? [];
 
diff --git a/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs b/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs
index e20c4b45bb..5ab25e80f4 100644
--- a/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs
@@ -99,11 +99,6 @@ public interface ITransportChannel : IDisposable
         /// </summary>
         byte[] ChannelThumbprint { get; }
 
-        /// <summary>
-        /// A secret used to re-activate sessions on a new secure channel.
-        /// </summary>
-        byte[] SessionActivationSecret { get; }
-
         /// <summary>
         /// The client certificate used to establsih the secure channel.
         /// </summary>
diff --git a/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs b/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs
index 219aa2fcb9..f4cff0fbf8 100644
--- a/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs
@@ -44,10 +44,6 @@ public IServiceMessageContext MessageContext
         public byte[] ChannelThumbprint
             => throw Unexpected(nameof(ChannelThumbprint));
 
-        /// <inheritdoc/>
-        public byte[] SessionActivationSecret
-            => throw Unexpected(nameof(SessionActivationSecret));
-
         /// <inheritdoc/>
         public byte[] ClientChannelCertificate
             => throw Unexpected(nameof(ClientChannelCertificate));
diff --git a/UA Reference.sln b/UA Reference.sln
index 9915517938..e38b766c72 100644
--- a/UA Reference.sln	
+++ b/UA Reference.sln	
@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 17
-VisualStudioVersion = 17.0.31903.59
+# Visual Studio Version 18
+VisualStudioVersion = 18.0.11222.15 d18.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Opc.Ua.Server", "Libraries\Opc.Ua.Server\Opc.Ua.Server.csproj", "{6C449A1E-244E-4515-9949-A7E22012537C}"
 EndProject
@@ -70,8 +70,6 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Stack", "Stack", "{2DC9F7F3
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Opc.Ua.Types", "Stack\Opc.Ua.Types\Opc.Ua.Types.csproj", "{1A3E53FF-C13F-78A9-22B0-2045136C1904}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecurityTestClient", "Applications\SecurityTestClient\SecurityTestClient.csproj", "{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}"
-EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -215,18 +213,6 @@ Global
 		{1A3E53FF-C13F-78A9-22B0-2045136C1904}.Release|x64.Build.0 = Release|Any CPU
 		{1A3E53FF-C13F-78A9-22B0-2045136C1904}.Release|x86.ActiveCfg = Release|Any CPU
 		{1A3E53FF-C13F-78A9-22B0-2045136C1904}.Release|x86.Build.0 = Release|Any CPU
-		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Debug|x64.Build.0 = Debug|Any CPU
-		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Debug|x86.Build.0 = Debug|Any CPU
-		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Release|Any CPU.Build.0 = Release|Any CPU
-		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Release|x64.ActiveCfg = Release|Any CPU
-		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Release|x64.Build.0 = Release|Any CPU
-		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Release|x86.ActiveCfg = Release|Any CPU
-		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -245,7 +231,6 @@ Global
 		{4B72937F-5A57-4CEA-B9FE-B4C45CF7B284} = {ACBF012E-08A7-4939-88CF-D6B610E35AC5}
 		{83CC0D9C-40CD-487A-BF45-C4A8C1B8BF69} = {07AA31A3-97A1-4A6F-9E88-97B5198997B7}
 		{1A3E53FF-C13F-78A9-22B0-2045136C1904} = {2DC9F7F3-6698-4875-88A3-50678170A810}
-		{D1C054DC-3D5C-E7EF-6C08-6C22E5FA89F8} = {07AA31A3-97A1-4A6F-9E88-97B5198997B7}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {33FA5BCB-C827-4D44-AECF-F51342DFE64A}

From 67f4b4b8ef264683f2a0f95c913e3f002ae238b1 Mon Sep 17 00:00:00 2001
From: Randy Armstrong <randy@sparhawksoftware.com>
Date: Thu, 11 Dec 2025 08:01:15 -0800
Subject: [PATCH 09/15] Rename EccUtils.cs to CryptoUtils.cs

---
 .../Security/Certificates/EccUtils.cs         | 1280 -----------------
 1 file changed, 1280 deletions(-)
 delete mode 100644 Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs

diff --git a/Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs b/Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs
deleted file mode 100644
index 1aacf695c8..0000000000
--- a/Stack/Opc.Ua.Core/Security/Certificates/EccUtils.cs
+++ /dev/null
@@ -1,1280 +0,0 @@
-/* ========================================================================
- * Copyright (c) 2005-2025 The OPC Foundation, Inc. All rights reserved.
- *
- * OPC Foundation MIT License 1.00
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use,
- * copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following
- * conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
- * OTHER DEALINGS IN THE SOFTWARE.
- *
- * The complete license agreement can be found here:
- * http://opcfoundation.org/License/MIT/1.00/
- * ======================================================================*/
-
-using System;
-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
-using Opc.Ua.Security.Certificates;
-#if CURVE25519
-using Org.BouncyCastle.Pkcs;
-using Org.BouncyCastle.X509;
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Crypto.Signers;
-using Org.BouncyCastle.Crypto.Agreement;
-using Org.BouncyCastle.Crypto.Generators;
-using Org.BouncyCastle.Crypto.Modes;
-using Org.BouncyCastle.Crypto.Digests;
-#endif
-
-namespace Opc.Ua
-{
-    /// <summary>
-    /// Defines functions to implement ECC cryptography.
-    /// </summary>
-    public static class EccUtils
-    {
-        /// <summary>
-        /// The name of the NIST P-256 curve.
-        /// </summary>
-        public const string NistP256 = nameof(NistP256);
-
-        /// <summary>
-        /// The name of the NIST P-384 curve.
-        /// </summary>
-        public const string NistP384 = nameof(NistP384);
-
-        /// <summary>
-        /// The name of the BrainpoolP256r1 curve.
-        /// </summary>
-        public const string BrainpoolP256r1 = nameof(BrainpoolP256r1);
-
-        /// <summary>
-        /// The name of the BrainpoolP384r1 curve.
-        /// </summary>
-        public const string BrainpoolP384r1 = nameof(BrainpoolP384r1);
-
-        internal const string NistP256KeyParameters = "06-08-2A-86-48-CE-3D-03-01-07";
-        internal const string NistP384KeyParameters = "06-05-2B-81-04-00-22";
-        internal const string BrainpoolP256r1KeyParameters = "06-09-2B-24-03-03-02-08-01-01-07";
-        internal const string BrainpoolP384r1KeyParameters = "06-09-2B-24-03-03-02-08-01-01-0B";
-
-        /// <summary>
-        /// Returns true if the certificate is an ECC certificate.
-        /// </summary>
-        public static bool IsEccPolicy(string securityPolicyUri)
-        {
-            if (securityPolicyUri != null)
-            {
-                switch (securityPolicyUri)
-                {
-                    case SecurityPolicies.ECC_nistP256:
-                    case SecurityPolicies.ECC_nistP384:
-                    case SecurityPolicies.ECC_brainpoolP256r1:
-                    case SecurityPolicies.ECC_brainpoolP384r1:
-                    case SecurityPolicies.ECC_curve25519:
-                    case SecurityPolicies.ECC_curve448:
-                        return true;
-                    default:
-                        return false;
-                }
-            }
-
-            return false;
-        }
-
-        /// <summary>
-        /// Returns the NodeId for the certificate type for the specified certificate.
-        /// </summary>
-        public static NodeId GetEccCertificateTypeId(X509Certificate2 certificate)
-        {
-            string keyAlgorithm = certificate.GetKeyAlgorithm();
-            if (keyAlgorithm != Oids.ECPublicKey)
-            {
-                return NodeId.Null;
-            }
-
-            PublicKey encodedPublicKey = certificate.PublicKey;
-            switch (BitConverter.ToString(encodedPublicKey.EncodedParameters.RawData))
-            {
-                // nistP256
-                case NistP256KeyParameters:
-                    return ObjectTypeIds.EccNistP256ApplicationCertificateType;
-                // nistP384
-                case NistP384KeyParameters:
-                    return ObjectTypeIds.EccNistP384ApplicationCertificateType;
-                // brainpoolP256r1
-                case BrainpoolP256r1KeyParameters:
-                    return ObjectTypeIds.EccBrainpoolP256r1ApplicationCertificateType;
-                // brainpoolP384r1
-                case BrainpoolP384r1KeyParameters:
-                    return ObjectTypeIds.EccBrainpoolP384r1ApplicationCertificateType;
-                default:
-                    return NodeId.Null;
-            }
-        }
-
-        /// <summary>
-        /// returns an ECCCurve if there is a matching supported curve for the provided
-        /// certificate type id. if no supported ECC curve is found null is returned.
-        /// </summary>
-        /// <param name="certificateType">the  application certificatate type node id</param>
-        /// <returns>the ECCCurve, null if certificatate type id has no matching supported ECC curve</returns>
-        public static ECCurve? GetCurveFromCertificateTypeId(NodeId certificateType)
-        {
-            ECCurve? curve = null;
-
-            if (certificateType == ObjectTypeIds.EccApplicationCertificateType ||
-                certificateType == ObjectTypeIds.EccNistP256ApplicationCertificateType)
-            {
-                curve = ECCurve.NamedCurves.nistP256;
-            }
-            else if (certificateType == ObjectTypeIds.EccNistP384ApplicationCertificateType)
-            {
-                curve = ECCurve.NamedCurves.nistP384;
-            }
-            else if (certificateType == ObjectTypeIds.EccBrainpoolP256r1ApplicationCertificateType)
-            {
-                curve = ECCurve.NamedCurves.brainpoolP256r1;
-            }
-            else if (certificateType == ObjectTypeIds.EccBrainpoolP384r1ApplicationCertificateType)
-            {
-                curve = ECCurve.NamedCurves.brainpoolP384r1;
-            }
-#if CURVE25519
-            else if (certificateType == ObjectTypeIds.EccCurve25519ApplicationCertificateType)
-            {
-                curve = default(ECCurve);
-            }
-            else if (certificateType == ObjectTypeIds.EccCurve448ApplicationCertificateType)
-            {
-                curve = default(ECCurve);
-            }
-#endif
-            return curve;
-        }
-
-        /// <summary>
-        /// Returns the signature algorithm for the specified certificate.
-        /// </summary>
-        public static string GetECDsaQualifier(X509Certificate2 certificate)
-        {
-            if (X509Utils.IsECDsaSignature(certificate))
-            {
-                const string signatureQualifier = "ECDsa";
-                PublicKey encodedPublicKey = certificate.PublicKey;
-
-                // New values can be determined by running the dotted-decimal OID value
-                // through BitConverter.ToString(CryptoConfig.EncodeOID(dottedDecimal));
-
-                switch (BitConverter.ToString(encodedPublicKey.EncodedParameters.RawData))
-                {
-                    case NistP256KeyParameters:
-                        return NistP256;
-                    case NistP384KeyParameters:
-                        return NistP384;
-                    case BrainpoolP256r1KeyParameters:
-                        return BrainpoolP256r1;
-                    case BrainpoolP384r1KeyParameters:
-                        return BrainpoolP384r1;
-                    default:
-                        return signatureQualifier;
-                }
-            }
-            return string.Empty;
-        }
-
-        /// <summary>
-        /// Returns the public key for the specified certificate.
-        /// </summary>
-        public static ECDsa GetPublicKey(X509Certificate2 certificate)
-        {
-            return GetPublicKey(certificate, out string[] _);
-        }
-
-        /// <summary>
-        /// Returns the public key for the specified certificate and outputs the security policy uris.
-        /// </summary>
-        /// <exception cref="InvalidOperationException"></exception>
-        /// <exception cref="NotImplementedException"></exception>
-        public static ECDsa GetPublicKey(
-            X509Certificate2 certificate,
-            out string[] securityPolicyUris)
-        {
-            securityPolicyUris = null;
-
-            if (certificate == null)
-            {
-                return null;
-            }
-
-            string keyAlgorithm = certificate.GetKeyAlgorithm();
-
-            if (keyAlgorithm != Oids.ECPublicKey)
-            {
-                return null;
-            }
-
-            const X509KeyUsageFlags kSufficientFlags =
-                X509KeyUsageFlags.KeyAgreement |
-                X509KeyUsageFlags.DigitalSignature |
-                X509KeyUsageFlags.NonRepudiation |
-                X509KeyUsageFlags.CrlSign |
-                X509KeyUsageFlags.KeyCertSign;
-
-            foreach (X509Extension extension in certificate.Extensions)
-            {
-                if (extension.Oid.Value == "2.5.29.15")
-                {
-                    var kuExt = (X509KeyUsageExtension)extension;
-
-                    if ((kuExt.KeyUsages & kSufficientFlags) == 0)
-                    {
-                        return null;
-                    }
-                }
-            }
-
-            PublicKey encodedPublicKey = certificate.PublicKey;
-            string keyParameters = BitConverter.ToString(
-                encodedPublicKey.EncodedParameters.RawData);
-            byte[] keyValue = encodedPublicKey.EncodedKeyValue.RawData;
-
-            var ecParameters = default(ECParameters);
-
-            if (keyValue[0] != 0x04)
-            {
-                throw new InvalidOperationException("Only uncompressed points are supported");
-            }
-
-            byte[] x = new byte[(keyValue.Length - 1) / 2];
-            byte[] y = new byte[x.Length];
-
-            Buffer.BlockCopy(keyValue, 1, x, 0, x.Length);
-            Buffer.BlockCopy(keyValue, 1 + x.Length, y, 0, y.Length);
-
-            ecParameters.Q.X = x;
-            ecParameters.Q.Y = y;
-
-            // New values can be determined by running the dotted-decimal OID value
-            // through BitConverter.ToString(CryptoConfig.EncodeOID(dottedDecimal));
-
-            switch (keyParameters)
-            {
-                case NistP256KeyParameters:
-                    ecParameters.Curve = ECCurve.NamedCurves.nistP256;
-                    securityPolicyUris = [SecurityPolicies.ECC_nistP256];
-                    break;
-                case NistP384KeyParameters:
-                    ecParameters.Curve = ECCurve.NamedCurves.nistP384;
-                    securityPolicyUris = [SecurityPolicies.ECC_nistP384, SecurityPolicies
-                        .ECC_nistP256];
-                    break;
-                case BrainpoolP256r1KeyParameters:
-                    ecParameters.Curve = ECCurve.NamedCurves.brainpoolP256r1;
-                    securityPolicyUris = [SecurityPolicies.ECC_brainpoolP256r1];
-                    break;
-                case BrainpoolP384r1KeyParameters:
-                    ecParameters.Curve = ECCurve.NamedCurves.brainpoolP384r1;
-                    securityPolicyUris = [SecurityPolicies.ECC_brainpoolP384r1, SecurityPolicies
-                        .ECC_brainpoolP256r1];
-                    break;
-                default:
-                    throw new NotImplementedException(keyParameters);
-            }
-
-            return ECDsa.Create(ecParameters);
-        }
-
-        /// <summary>
-        /// Returns the length of a ECDsa signature of a digest.
-        /// </summary>
-        /// <exception cref="ServiceResultException"></exception>
-        public static int GetSignatureLength(X509Certificate2 signingCertificate)
-        {
-            if (signingCertificate == null)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "No public key for certificate.");
-            }
-            using ECDsa publicKey =
-                GetPublicKey(signingCertificate)
-                ?? throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "No public key for certificate.");
-
-            return publicKey.KeySize / 4;
-        }
-
-        /// <summary>
-        /// Returns the hash algorithm for the specified security policy.
-        /// </summary>
-        /// <exception cref="ArgumentNullException"><paramref name="securityPolicyUri"/> is <c>null</c>.</exception>
-        /// <exception cref="ServiceResultException"></exception>
-        public static HashAlgorithmName GetSignatureAlgorithmName(string securityPolicyUri)
-        {
-            if (securityPolicyUri == null)
-            {
-                throw new ArgumentNullException(nameof(securityPolicyUri));
-            }
-
-            switch (securityPolicyUri)
-            {
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                    return HashAlgorithmName.SHA256;
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    return HashAlgorithmName.SHA384;
-                default:
-                    throw ServiceResultException.Unexpected(
-                        "Unexpected security policy URI for ECC: {0}", securityPolicyUri);
-            }
-        }
-
-        /// <summary>
-        /// Computes an ECDSA signature.
-        /// </summary>
-        public static byte[] Sign(
-            ArraySegment<byte> dataToSign,
-            X509Certificate2 signingCertificate,
-            string securityPolicyUri)
-        {
-            HashAlgorithmName algorithm = GetSignatureAlgorithmName(securityPolicyUri);
-            return Sign(dataToSign, signingCertificate, algorithm);
-        }
-
-        /// <summary>
-        /// Computes an ECDSA signature.
-        /// </summary>
-        /// <exception cref="ServiceResultException"></exception>
-        public static byte[] Sign(
-            ArraySegment<byte> dataToSign,
-            X509Certificate2 signingCertificate,
-            HashAlgorithmName algorithm)
-        {
-#if CURVE25519
-            var publicKey = signingCertificate.BcCertificate.GetPublicKey();
-
-            if (publicKey is Ed25519PublicKeyParameters)
-            {
-                var signer = new Ed25519Signer();
-
-                signer.Init(true, signingCertificate.BcPrivateKey);
-                signer.BlockUpdate(dataToSign.Array, dataToSign.Offset, dataToSign.Count);
-                byte[] signature = signer.GenerateSignature();
-#if DEBUG
-                var verifier = new Ed25519Signer();
-
-                verifier.Init(false, signingCertificate.BcCertificate.GetPublicKey());
-                verifier.BlockUpdate(dataToSign.Array, dataToSign.Offset, dataToSign.Count);
-
-                if (!verifier.VerifySignature(signature))
-                {
-                    throw new ServiceResultException(StatusCodes.BadSecurityChecksFailed, "Could not verify signature.");
-                }
-#endif
-                return signature;
-            }
-
-            if (publicKey is Ed448PublicKeyParameters)
-            {
-                var signer = new Ed448Signer(new byte[32]);
-
-                signer.Init(true, signingCertificate.BcPrivateKey);
-                signer.BlockUpdate(dataToSign.Array, dataToSign.Offset, dataToSign.Count);
-                byte[] signature = signer.GenerateSignature();
-#if DEBUG
-                var verifier = new Ed448Signer(new byte[32]);
-
-                verifier.Init(false, signingCertificate.BcCertificate.GetPublicKey());
-                verifier.BlockUpdate(dataToSign.Array, dataToSign.Offset, dataToSign.Count);
-
-                if (!verifier.VerifySignature(signature))
-                {
-                    throw new ServiceResultException(StatusCodes.BadSecurityChecksFailed, "Could not verify signature.");
-                }
-#endif
-                return signature;
-            }
-#endif
-            ECDsa senderPrivateKey =
-                signingCertificate.GetECDsaPrivateKey()
-                ?? throw new ServiceResultException(
-                    StatusCodes.BadCertificateInvalid,
-                    "Missing private key needed for create a signature.");
-
-            using (senderPrivateKey)
-            {
-                byte[] signature = senderPrivateKey.SignData(
-                    dataToSign.Array,
-                    dataToSign.Offset,
-                    dataToSign.Count,
-                    algorithm);
-
-#if DEBUGxxx
-                using (ECDsa ecdsa = EccUtils.GetPublicKey(new X509Certificate2(signingCertificate.RawData)))
-                {
-                    if (!ecdsa.VerifyData(dataToSign.Array, dataToSign.Offset, dataToSign.Count, signature, algorithm))
-                    {
-                        throw new ServiceResultException(
-                            StatusCodes.BadSecurityChecksFailed,
-                            "Could not verify signature.");
-                    }
-                }
-#endif
-
-                return signature;
-            }
-        }
-
-        /// <summary>
-        /// Verifies a ECDsa signature.
-        /// </summary>
-        public static bool Verify(
-            ArraySegment<byte> dataToVerify,
-            byte[] signature,
-            X509Certificate2 signingCertificate,
-            string securityPolicyUri)
-        {
-            return Verify(
-                dataToVerify,
-                signature,
-                signingCertificate,
-                GetSignatureAlgorithmName(securityPolicyUri));
-        }
-
-        /// <summary>
-        /// Verifies a ECDsa signature.
-        /// </summary>
-        public static bool Verify(
-            ArraySegment<byte> dataToVerify,
-            byte[] signature,
-            X509Certificate2 signingCertificate,
-            HashAlgorithmName algorithm)
-        {
-#if CURVE25519
-            var publicKey = signingCertificate.BcCertificate.GetPublicKey();
-
-            if (publicKey is Ed25519PublicKeyParameters)
-            {
-                var verifier = new Ed25519Signer();
-
-                verifier.Init(false, signingCertificate.BcCertificate.GetPublicKey());
-                verifier.BlockUpdate(dataToVerify.Array, dataToVerify.Offset, dataToVerify.Count);
-
-                if (!verifier.VerifySignature(signature))
-                {
-                    return false;
-                }
-
-                return true;
-            }
-
-            if (publicKey is Ed448PublicKeyParameters)
-            {
-                var verifier = new Ed448Signer(new byte[32]);
-
-                verifier.Init(false, signingCertificate.BcCertificate.GetPublicKey());
-                verifier.BlockUpdate(dataToVerify.Array, dataToVerify.Offset, dataToVerify.Count);
-
-                if (!verifier.VerifySignature(signature))
-                {
-                    return false;
-                }
-
-                return true;
-            }
-#endif
-            using ECDsa ecdsa = GetPublicKey(signingCertificate);
-            return ecdsa.VerifyData(
-                dataToVerify.Array,
-                dataToVerify.Offset,
-                dataToVerify.Count,
-                signature,
-                algorithm);
-        }
-    }
-
-    /// <summary>
-    /// Utility class for encrypting and decrypting secrets using Elliptic Curve Cryptography (ECC).
-    /// </summary>
-    public class EncryptedSecret
-    {
-        /// <summary>
-        /// Create secret
-        /// </summary>
-        public EncryptedSecret(
-            IServiceMessageContext context,
-            string securityPolicyUri,
-            X509Certificate2Collection senderIssuerCertificates,
-            X509Certificate2 receiverCertificate,
-            Nonce receiverNonce,
-            X509Certificate2 senderCertificate,
-            Nonce senderNonce,
-            CertificateValidator validator = null,
-            bool doNotEncodeSenderCertificate = false)
-        {
-            SenderCertificate = senderCertificate;
-            SenderIssuerCertificates = senderIssuerCertificates;
-            DoNotEncodeSenderCertificate = doNotEncodeSenderCertificate;
-            SenderNonce = senderNonce;
-            ReceiverNonce = receiverNonce;
-            ReceiverCertificate = receiverCertificate;
-            Validator = validator;
-            SecurityPolicyUri = securityPolicyUri;
-            Context = context;
-        }
-
-        /// <summary>
-        /// Gets or sets the X.509 certificate of the sender.
-        /// </summary>
-        public X509Certificate2 SenderCertificate { get; private set; }
-
-        /// <summary>
-        /// Gets or sets the collection of X.509 certificates of the sender's issuer.
-        /// </summary>
-        public X509Certificate2Collection SenderIssuerCertificates { get; private set; }
-
-        /// <summary>
-        /// Gets or sets a value indicating whether the sender's certificate should not be encoded.
-        /// </summary>
-        public bool DoNotEncodeSenderCertificate { get; }
-
-        /// <summary>
-        /// Gets or sets the nonce of the sender.
-        /// </summary>
-        public Nonce SenderNonce { get; private set; }
-
-        /// <summary>
-        /// Gets or sets the nonce of the receiver.
-        /// </summary>
-        public Nonce ReceiverNonce { get; }
-
-        /// <summary>
-        /// Gets or sets the X.509 certificate of the receiver.
-        /// </summary>
-        public X509Certificate2 ReceiverCertificate { get; }
-
-        /// <summary>
-        /// Gets or sets the certificate validator.
-        /// </summary>
-        public CertificateValidator Validator { get; }
-
-        /// <summary>
-        /// Gets or sets the security policy URI.
-        /// </summary>
-        public string SecurityPolicyUri { get; private set; }
-
-        /// <summary>
-        /// Service message context to use
-        /// </summary>
-        public IServiceMessageContext Context { get; }
-
-        /// <summary>
-        /// Encrypts a secret using the specified nonce, encrypting key, and initialization vector (IV).
-        /// </summary>
-        /// <param name="secret">The secret to encrypt.</param>
-        /// <param name="nonce">The nonce to use for encryption.</param>
-        /// <param name="encryptingKey">The key to use for encryption.</param>
-        /// <param name="iv">The initialization vector to use for encryption.</param>
-        /// <returns>The encrypted secret.</returns>
-        /// <exception cref="ServiceResultException"></exception>
-        private byte[] EncryptSecret(
-            byte[] secret,
-            byte[] nonce,
-            byte[] encryptingKey,
-            byte[] iv)
-        {
-#if CURVE25519
-            bool useAuthenticatedEncryption = false;
-            if (SenderCertificate.BcCertificate.GetPublicKey() is Ed25519PublicKeyParameters
-                || SenderCertificate.BcCertificate.GetPublicKey() is Ed448PublicKeyParameters)
-            {
-                useAuthenticatedEncryption = true;
-            }
-#endif
-            byte[] dataToEncrypt = null;
-
-            using (var encoder = new BinaryEncoder(Context))
-            {
-                encoder.WriteByteString(null, nonce);
-                encoder.WriteByteString(null, secret);
-
-                // add padding.
-                int paddingSize = iv.Length - ((encoder.Position + 2) % iv.Length);
-                paddingSize %= iv.Length;
-
-                if (secret.Length + paddingSize < iv.Length)
-                {
-                    paddingSize += iv.Length;
-                }
-
-                for (int ii = 0; ii < paddingSize; ii++)
-                {
-                    encoder.WriteByte(null, (byte)(paddingSize & 0xFF));
-                }
-
-                encoder.WriteUInt16(null, (ushort)paddingSize);
-
-                dataToEncrypt = encoder.CloseAndReturnBuffer();
-            }
-#if CURVE25519
-            if (useAuthenticatedEncryption)
-            {
-                return EncryptWithChaCha20Poly1305(encryptingKey, iv, dataToEncrypt);
-            }
-#endif
-            using (var aes = Aes.Create())
-            {
-                aes.Mode = CipherMode.CBC;
-                aes.Padding = PaddingMode.None;
-                aes.Key = encryptingKey;
-                aes.IV = iv;
-
-#pragma warning disable CA5401 // Symmetric encryption uses non-default initialization vector, which could be potentially repeatable
-                using ICryptoTransform encryptor = aes.CreateEncryptor();
-#pragma warning restore CA5401 // Symmetric encryption uses non-default initialization vector, which could be potentially repeatable
-                if (dataToEncrypt.Length % encryptor.InputBlockSize != 0)
-                {
-                    throw ServiceResultException.Create(
-                        StatusCodes.BadSecurityChecksFailed,
-                        "Input data is not an even number of encryption blocks.");
-                }
-
-                encryptor.TransformBlock(dataToEncrypt, 0, dataToEncrypt.Length, dataToEncrypt, 0);
-            }
-
-            return dataToEncrypt;
-        }
-
-#if CURVE25519
-        /// <summary>
-        /// Encrypts the given data using the ChaCha20Poly1305 algorithm with the provided key and initialization vector (IV).
-        /// </summary>
-        /// <param name="encryptingKey">The key used for encryption.</param>
-        /// <param name="iv">The initialization vector used for encryption.</param>
-        /// <param name="dataToEncrypt">The data to be encrypted.</param>
-        /// <returns>The encrypted data.</returns>
-        private static byte[] EncryptWithChaCha20Poly1305(byte[] encryptingKey, byte[] iv, byte[] dataToEncrypt)
-        {
-            Utils.Trace($"EncryptKey={Utils.ToHexString(encryptingKey)}");
-            Utils.Trace($"EncryptIV={Utils.ToHexString(iv)}");
-
-            int signatureLength = 16;
-
-            AeadParameters parameters = new AeadParameters(
-                new KeyParameter(encryptingKey),
-                signatureLength * 8,
-                iv,
-                null);
-
-            ChaCha20Poly1305 encryptor = new ChaCha20Poly1305();
-            encryptor.Init(true, parameters);
-
-            byte[] ciphertext = new byte[encryptor.GetOutputSize(dataToEncrypt.Length)];
-            int length = encryptor.ProcessBytes(dataToEncrypt, 0, dataToEncrypt.Length, ciphertext, 0);
-            length += encryptor.DoFinal(ciphertext, length);
-
-            if (ciphertext.Length != length)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    $"CipherText not the expected size. [{ciphertext.Length} != {length}]");
-            }
-
-            return ciphertext;
-        }
-
-        /// <summary>
-        /// Decrypts the given data using the ChaCha20Poly1305 algorithm with the provided key and initialization vector (IV).
-        /// </summary>
-        /// <param name="encryptingKey">The key used for encryption.</param>
-        /// <param name="iv">The initialization vector used for encryption.</param>
-        /// <param name="dataToDecrypt">The data to be decrypted.</param>
-        /// <param name="offset">The offset in the data to start decrypting from.</param>
-        /// <param name="count">The number of bytes to decrypt.</param>
-        /// <returns>An <see cref="ArraySegment{T}"/> containing the decrypted data.</returns>
-        /// <exception cref="ServiceResultException">Thrown if the plaintext is not the expected size or too short, or if the nonce is invalid.</exception>
-        private ArraySegment<byte> DecryptWithChaCha20Poly1305(
-            byte[] encryptingKey,
-            byte[] iv,
-            byte[] dataToDecrypt,
-            int offset,
-            int count)
-        {
-            Utils.Trace($"EncryptKey={Utils.ToHexString(encryptingKey)}");
-            Utils.Trace($"EncryptIV={Utils.ToHexString(iv)}");
-
-            int signatureLength = 16;
-
-            AeadParameters parameters = new AeadParameters(
-                new KeyParameter(encryptingKey),
-                signatureLength * 8,
-                iv,
-                null);
-
-            ChaCha20Poly1305 decryptor = new ChaCha20Poly1305();
-            decryptor.Init(false, parameters);
-
-            byte[] plaintext = new byte[decryptor.GetOutputSize(count)];
-            int length = decryptor.ProcessBytes(dataToDecrypt, offset, count, plaintext, 0);
-            length += decryptor.DoFinal(plaintext, length);
-
-            if (plaintext.Length != length || plaintext.Length < iv.Length)
-            {
-                throw ServiceResultException.Create(
-                    StatusCodes.BadSecurityChecksFailed,
-                    $"PlainText not the expected size or too short. [{count} != {length}]");
-            }
-
-            ushort paddingSize = plaintext[length - 1];
-            paddingSize <<= 8;
-            paddingSize += plaintext[length - 2];
-
-            int notvalid = (paddingSize < length) ? 0 : 1;
-            int start = length - paddingSize - 2;
-
-            for (int ii = 0; ii < length - 2 && ii < paddingSize; ii++)
-            {
-                if (start < 0 || start + ii >= plaintext.Length)
-                {
-                    notvalid |= 1;
-                    continue;
-                }
-
-                notvalid |= plaintext[start + ii] ^ (paddingSize & 0xFF);
-            }
-
-            if (notvalid != 0)
-            {
-                throw new ServiceResultException(StatusCodes.BadNonceInvalid);
-            }
-
-            return new ArraySegment<byte>(plaintext, 0, start);
-        }
-#endif
-
-        /// <summary>
-        /// Decrypts the specified data using the provided encrypting key and initialization vector (IV).
-        /// </summary>
-        /// <param name="dataToDecrypt">The data to decrypt.</param>
-        /// <param name="offset">The offset in the data to start decrypting from.</param>
-        /// <param name="count">The number of bytes to decrypt.</param>
-        /// <param name="encryptingKey">The key to use for decryption.</param>
-        /// <param name="iv">The initialization vector to use for decryption.</param>
-        /// <returns>The decrypted data.</returns>
-        /// <exception cref="ServiceResultException">Thrown if the input data is not an even number of encryption blocks or if the nonce is invalid.</exception>
-        private static ArraySegment<byte> DecryptSecret(
-            byte[] dataToDecrypt,
-            int offset,
-            int count,
-            byte[] encryptingKey,
-            byte[] iv)
-        {
-#if CURVE25519
-            bool useAuthenticatedEncryption = false;
-            if (SenderCertificate.BcCertificate.GetPublicKey() is Ed25519PublicKeyParameters
-                || SenderCertificate.BcCertificate.GetPublicKey() is Ed448PublicKeyParameters)
-            {
-                useAuthenticatedEncryption = true;
-            }
-            if (useAuthenticatedEncryption)
-            {
-                return DecryptWithChaCha20Poly1305(encryptingKey, iv, dataToDecrypt, offset, count);
-            }
-#endif
-            using (var aes = Aes.Create())
-            {
-                aes.Mode = CipherMode.CBC;
-                aes.Padding = PaddingMode.None;
-                aes.Key = encryptingKey;
-                aes.IV = iv;
-
-                using ICryptoTransform decryptor = aes.CreateDecryptor();
-                if (count % decryptor.InputBlockSize != 0)
-                {
-                    throw ServiceResultException.Create(
-                        StatusCodes.BadSecurityChecksFailed,
-                        "Input data is not an even number of encryption blocks.");
-                }
-
-                decryptor.TransformBlock(dataToDecrypt, offset, count, dataToDecrypt, offset);
-            }
-
-            ushort paddingSize = dataToDecrypt[offset + count - 1];
-            paddingSize <<= 8;
-            paddingSize += dataToDecrypt[offset + count - 2];
-
-            int notvalid = paddingSize < count ? 0 : 1;
-            int start = offset + count - paddingSize - 2;
-
-            for (int ii = 0; ii < count - 2 && ii < paddingSize; ii++)
-            {
-                if (start < 0 || start + ii >= dataToDecrypt.Length)
-                {
-                    notvalid |= 1;
-                    continue;
-                }
-
-                notvalid |= dataToDecrypt[start + ii] ^ (paddingSize & 0xFF);
-            }
-
-            if (notvalid != 0)
-            {
-                throw new ServiceResultException(StatusCodes.BadNonceInvalid);
-            }
-
-            return new ArraySegment<byte>(dataToDecrypt, offset, count - paddingSize);
-        }
-
-        private static readonly byte[] s_label = System.Text.Encoding.UTF8.GetBytes("opcua-secret");
-
-        /// <summary>
-        /// Creates the encrypting key and initialization vector (IV) for Elliptic Curve Cryptography (ECC) encryption or decryption.
-        /// </summary>
-        /// <param name="securityPolicyUri">The security policy URI.</param>
-        /// <param name="senderNonce">The sender nonce.</param>
-        /// <param name="receiverNonce">The receiver nonce.</param>
-        /// <param name="forDecryption">if set to <c>true</c>, creates the keys for decryption; otherwise, creates the keys for encryption.</param>
-        /// <param name="encryptingKey">The encrypting key.</param>
-        /// <param name="iv">The initialization vector (IV).</param>
-        private static void CreateKeysForEcc(
-            string securityPolicyUri,
-            Nonce senderNonce,
-            Nonce receiverNonce,
-            bool forDecryption,
-            out byte[] encryptingKey,
-            out byte[] iv)
-        {
-            int encryptingKeySize;
-            int blockSize;
-            HashAlgorithmName algorithmName;
-
-            switch (securityPolicyUri)
-            {
-                case SecurityPolicies.ECC_nistP256:
-                case SecurityPolicies.ECC_brainpoolP256r1:
-                    blockSize = 16;
-                    encryptingKeySize = 16;
-                    algorithmName = HashAlgorithmName.SHA256;
-                    break;
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    encryptingKeySize = 32;
-                    blockSize = 16;
-                    algorithmName = HashAlgorithmName.SHA384;
-                    break;
-                case SecurityPolicies.ECC_curve25519:
-                case SecurityPolicies.ECC_curve448:
-                    encryptingKeySize = 32;
-                    blockSize = 12;
-                    algorithmName = HashAlgorithmName.SHA256;
-                    break;
-                default:
-                    encryptingKeySize = 32;
-                    blockSize = 16;
-                    algorithmName = HashAlgorithmName.SHA256;
-                    break;
-            }
-
-            encryptingKey = new byte[encryptingKeySize];
-            iv = new byte[blockSize];
-
-            byte[] keyLength = BitConverter.GetBytes((ushort)(encryptingKeySize + blockSize));
-            byte[] salt = Utils.Append(keyLength, s_label, senderNonce.Data, receiverNonce.Data);
-
-            byte[] keyData;
-            if (forDecryption)
-            {
-                keyData = receiverNonce.DeriveKey(
-                    senderNonce,
-                    salt,
-                    algorithmName,
-                    encryptingKeySize + blockSize);
-            }
-            else
-            {
-                keyData = senderNonce.DeriveKey(
-                    receiverNonce,
-                    salt,
-                    algorithmName,
-                    encryptingKeySize + blockSize);
-            }
-
-            Buffer.BlockCopy(keyData, 0, encryptingKey, 0, encryptingKey.Length);
-            Buffer.BlockCopy(keyData, encryptingKeySize, iv, 0, iv.Length);
-        }
-
-        /// <summary>
-        /// Encrypts a secret using the specified nonce.
-        /// </summary>
-        /// <param name="secret">The secret to encrypt.</param>
-        /// <param name="nonce">The nonce to use for encryption.</param>
-        /// <returns>The encrypted secret.</returns>
-        public byte[] Encrypt(byte[] secret, byte[] nonce)
-        {
-            byte[] encryptingKey = null;
-            byte[] iv = null;
-            byte[] message = null;
-            int lengthPosition = 0;
-
-            int signatureLength = EccUtils.GetSignatureLength(SenderCertificate);
-
-            using (var encoder = new BinaryEncoder(Context))
-            {
-                // write header.
-                encoder.WriteNodeId(null, DataTypeIds.EccEncryptedSecret);
-                encoder.WriteByte(null, (byte)ExtensionObjectEncoding.Binary);
-
-                lengthPosition = encoder.Position;
-                encoder.WriteUInt32(null, 0);
-
-                encoder.WriteString(null, SecurityPolicyUri);
-
-                byte[] senderCertificate = null;
-
-                if (!DoNotEncodeSenderCertificate)
-                {
-                    senderCertificate = SenderCertificate.RawData;
-
-                    if (SenderIssuerCertificates != null && SenderIssuerCertificates.Count > 0)
-                    {
-                        int blobSize = senderCertificate.Length;
-
-                        foreach (X509Certificate2 issuer in SenderIssuerCertificates)
-                        {
-                            blobSize += issuer.RawData.Length;
-                        }
-
-                        byte[] blob = new byte[blobSize];
-                        Buffer.BlockCopy(senderCertificate, 0, blob, 0, senderCertificate.Length);
-
-                        int pos = senderCertificate.Length;
-
-                        foreach (X509Certificate2 issuer in SenderIssuerCertificates)
-                        {
-                            byte[] data = issuer.RawData;
-                            Buffer.BlockCopy(data, 0, blob, pos, data.Length);
-                            pos += data.Length;
-                        }
-
-                        senderCertificate = blob;
-                    }
-                }
-
-                encoder.WriteByteString(null, senderCertificate);
-                encoder.WriteDateTime(null, DateTime.UtcNow);
-
-                byte[] senderNonce = SenderNonce.Data;
-                byte[] receiverNonce = ReceiverNonce.Data;
-
-                encoder.WriteUInt16(null, (ushort)(senderNonce.Length + receiverNonce.Length + 8));
-                encoder.WriteByteString(null, senderNonce);
-                encoder.WriteByteString(null, receiverNonce);
-
-                // create keys.
-                if (EccUtils.IsEccPolicy(SecurityPolicyUri))
-                {
-                    CreateKeysForEcc(
-                        SecurityPolicyUri,
-                        SenderNonce,
-                        ReceiverNonce,
-                        false,
-                        out encryptingKey,
-                        out iv);
-                }
-
-                // encrypt  secret,
-                byte[] encryptedData = EncryptSecret(secret, nonce, encryptingKey, iv);
-
-                // append encrypted secret.
-                for (int ii = 0; ii < encryptedData.Length; ii++)
-                {
-                    encoder.WriteByte(null, encryptedData[ii]);
-                }
-
-                // save space for signature.
-                for (int ii = 0; ii < signatureLength; ii++)
-                {
-                    encoder.WriteByte(null, 0);
-                }
-
-                message = encoder.CloseAndReturnBuffer();
-            }
-
-            int length = message.Length - lengthPosition - 4;
-
-            message[lengthPosition++] = (byte)(length & 0xFF);
-            message[lengthPosition++] = (byte)((length & 0xFF00) >> 8);
-            message[lengthPosition++] = (byte)((length & 0xFF0000) >> 16);
-            message[lengthPosition++] = (byte)((length & 0xFF000000) >> 24);
-
-            // get the algorithm used for the signature.
-            HashAlgorithmName signatureAlgorithm;
-            switch (SecurityPolicyUri)
-            {
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    signatureAlgorithm = HashAlgorithmName.SHA384;
-                    break;
-                default:
-                    signatureAlgorithm = HashAlgorithmName.SHA256;
-                    break;
-            }
-
-            var dataToSign = new ArraySegment<byte>(message, 0, message.Length - signatureLength);
-            byte[] signature = EccUtils.Sign(dataToSign, SenderCertificate, signatureAlgorithm);
-            Buffer.BlockCopy(
-                signature,
-                0,
-                message,
-                message.Length - signatureLength,
-                signatureLength);
-            return message;
-        }
-
-        /// <summary>
-        /// Verifies the header for an ECC encrypted message and returns the encrypted data.
-        /// </summary>
-        /// <param name="dataToDecrypt">The data to decrypt.</param>
-        /// <param name="earliestTime">The earliest time allowed for the message signing time.</param>
-        /// <param name="telemetry">The telemetry context to use to create obvservability instruments</param>
-        /// <returns>The encrypted data.</returns>
-        /// <exception cref="ServiceResultException"></exception>
-        private ArraySegment<byte> VerifyHeaderForEcc(
-            ArraySegment<byte> dataToDecrypt,
-            DateTime earliestTime,
-            ITelemetryContext telemetry)
-        {
-            using var decoder = new BinaryDecoder(
-                dataToDecrypt.Array,
-                dataToDecrypt.Offset,
-                dataToDecrypt.Count,
-                Context);
-            NodeId typeId = decoder.ReadNodeId(null);
-
-            if (typeId != DataTypeIds.EccEncryptedSecret)
-            {
-                throw new ServiceResultException(StatusCodes.BadDataTypeIdUnknown);
-            }
-
-            var encoding = (ExtensionObjectEncoding)decoder.ReadByte(null);
-
-            if (encoding != ExtensionObjectEncoding.Binary)
-            {
-                throw new ServiceResultException(StatusCodes.BadDataEncodingUnsupported);
-            }
-
-            uint length = decoder.ReadUInt32(null);
-
-            // get the start of data.
-            int startOfData = decoder.Position + dataToDecrypt.Offset;
-
-            SecurityPolicyUri = decoder.ReadString(null);
-
-            if (!EccUtils.IsEccPolicy(SecurityPolicyUri))
-            {
-                throw new ServiceResultException(StatusCodes.BadSecurityPolicyRejected);
-            }
-
-            // get the algorithm used for the signature.
-            HashAlgorithmName signatureAlgorithm;
-
-            switch (SecurityPolicyUri)
-            {
-                case SecurityPolicies.ECC_nistP384:
-                case SecurityPolicies.ECC_brainpoolP384r1:
-                    signatureAlgorithm = HashAlgorithmName.SHA384;
-                    break;
-                default:
-                    signatureAlgorithm = HashAlgorithmName.SHA256;
-                    break;
-            }
-
-            // extract the send certificate and any chain.
-            byte[] senderCertificate = decoder.ReadByteString(null);
-
-            if (senderCertificate == null || senderCertificate.Length == 0)
-            {
-                if (SenderCertificate == null)
-                {
-                    throw new ServiceResultException(StatusCodes.BadCertificateInvalid);
-                }
-            }
-            else
-            {
-                X509Certificate2Collection senderCertificateChain = Utils.ParseCertificateChainBlob(
-                    senderCertificate,
-                    telemetry);
-
-                SenderCertificate = senderCertificateChain[0];
-                SenderIssuerCertificates = [];
-
-                for (int ii = 1; ii < senderCertificateChain.Count; ii++)
-                {
-                    SenderIssuerCertificates.Add(senderCertificateChain[ii]);
-                }
-
-                // validate the sender.
-                Validator?.ValidateAsync(senderCertificateChain, default).GetAwaiter().GetResult();
-            }
-
-            // extract the send certificate and any chain.
-            DateTime signingTime = decoder.ReadDateTime(null);
-
-            if (signingTime < earliestTime)
-            {
-                throw new ServiceResultException(StatusCodes.BadInvalidTimestamp);
-            }
-
-            // extract the policy header.
-            ushort headerLength = decoder.ReadUInt16(null);
-
-            if (headerLength == 0 || headerLength > length)
-            {
-                throw new ServiceResultException(StatusCodes.BadDecodingError);
-            }
-
-            // read the policy header.
-            byte[] senderPublicKey = decoder.ReadByteString(null);
-            byte[] receiverPublicKey = decoder.ReadByteString(null);
-
-            if (headerLength != senderPublicKey.Length + receiverPublicKey.Length + 8)
-            {
-                throw new ServiceResultException(
-                    StatusCodes.BadDecodingError,
-                    "Unexpected policy header length");
-            }
-
-            int startOfEncryption = decoder.Position;
-
-            SenderNonce = Nonce.CreateNonce(SecurityPolicyUri, senderPublicKey);
-
-            if (!Utils.IsEqual(receiverPublicKey, ReceiverNonce.Data))
-            {
-                throw new ServiceResultException(
-                    StatusCodes.BadDecodingError,
-                    "Unexpected receiver nonce.");
-            }
-
-            // check the signature.
-            int signatureLength = EccUtils.GetSignatureLength(SenderCertificate);
-
-            if (signatureLength >= length)
-            {
-                throw new ServiceResultException(StatusCodes.BadDecodingError);
-            }
-
-            byte[] signature = new byte[signatureLength];
-            Buffer.BlockCopy(
-                dataToDecrypt.Array,
-                startOfData + (int)length - signatureLength,
-                signature,
-                0,
-                signatureLength);
-
-            var dataToSign = new ArraySegment<byte>(
-                dataToDecrypt.Array,
-                0,
-                startOfData + (int)length - signatureLength);
-
-            if (!EccUtils.Verify(dataToSign, signature, SenderCertificate, signatureAlgorithm))
-            {
-                throw new ServiceResultException(
-                    StatusCodes.BadSecurityChecksFailed,
-                    "Could not verify signature.");
-            }
-
-            // extract the encrypted data.
-            return new ArraySegment<byte>(
-                dataToDecrypt.Array,
-                startOfEncryption,
-                (int)length - (startOfEncryption - startOfData + signatureLength));
-        }
-
-        /// <summary>
-        /// Decrypts the specified data using the ECC algorithm.
-        /// </summary>
-        /// <param name="earliestTime">The earliest time allowed for the message.</param>
-        /// <param name="expectedNonce">The expected nonce value.</param>
-        /// <param name="data">The data to decrypt.</param>
-        /// <param name="offset">The offset of the data to decrypt.</param>
-        /// <param name="count">The number of bytes to decrypt.</param>
-        /// <param name="telemetry">The telemetry context to use to create obvservability instruments</param>
-        /// <returns>The decrypted data.</returns>
-        /// <exception cref="ServiceResultException"></exception>
-        public byte[] Decrypt(
-            DateTime earliestTime,
-            byte[] expectedNonce,
-            byte[] data,
-            int offset,
-            int count,
-            ITelemetryContext telemetry)
-        {
-            ArraySegment<byte> dataToDecrypt = VerifyHeaderForEcc(
-                new ArraySegment<byte>(data, offset, count),
-                earliestTime,
-                telemetry);
-
-            CreateKeysForEcc(
-                SecurityPolicyUri,
-                SenderNonce,
-                ReceiverNonce,
-                true,
-                out byte[] encryptingKey,
-                out byte[] iv);
-
-            ArraySegment<byte> plainText = DecryptSecret(
-                dataToDecrypt.Array,
-                dataToDecrypt.Offset,
-                dataToDecrypt.Count,
-                encryptingKey,
-                iv);
-
-            using var decoder = new BinaryDecoder(
-                plainText.Array,
-                plainText.Offset,
-                plainText.Count,
-                Context);
-            byte[] actualNonce = decoder.ReadByteString(null);
-
-            if (expectedNonce != null && expectedNonce.Length > 0)
-            {
-                int notvalid = expectedNonce.Length == actualNonce.Length ? 0 : 1;
-
-                for (int ii = 0; ii < expectedNonce.Length && ii < actualNonce.Length; ii++)
-                {
-                    notvalid |= expectedNonce[ii] ^ actualNonce[ii];
-                }
-
-                if (notvalid != 0)
-                {
-                    throw new ServiceResultException(StatusCodes.BadNonceInvalid);
-                }
-            }
-
-            return decoder.ReadByteString(null);
-        }
-    }
-}

From 8528e7a40f5d5e3d486b2d07853fe4e2527f0242 Mon Sep 17 00:00:00 2001
From: Randy Armstrong <randy@sparhawksoftware.com>
Date: Wed, 17 Dec 2025 22:16:25 -0800
Subject: [PATCH 10/15] Address feedback from reviewers.

---
 .../ConsoleReferenceClient/Program.cs         | 42 +++++++++----------
 .../Quickstarts.ReferenceClient.Config.xml    | 20 ++++-----
 .../{RunTest.cs => RunConnectAll.cs}          |  6 +--
 .../Quickstarts.ReferenceServer.Config.xml    | 24 ++++++-----
 Libraries/Opc.Ua.Client/Session/Session.cs    |  1 -
 .../Security/Certificates/CryptoUtils.cs      |  2 +-
 Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs   | 23 ++++++++++
 .../Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs |  2 -
 .../Stack/Tcp/UaSCBinaryChannel.Symmetric.cs  |  7 +++-
 .../Stack/Tcp/UaSCBinaryClientChannel.cs      |  2 -
 10 files changed, 75 insertions(+), 54 deletions(-)
 rename Applications/ConsoleReferenceClient/{RunTest.cs => RunConnectAll.cs} (99%)

diff --git a/Applications/ConsoleReferenceClient/Program.cs b/Applications/ConsoleReferenceClient/Program.cs
index 346fe4b3c8..dea731bdc3 100644
--- a/Applications/ConsoleReferenceClient/Program.cs
+++ b/Applications/ConsoleReferenceClient/Program.cs
@@ -54,23 +54,6 @@ public static class Program
         /// <exception cref="ErrorExitException"></exception>
         public static async Task Main(string[] args)
         {
-            //foreach (var group in Enum.GetValues(typeof(RSADiffieHellmanGroup)))
-            //{
-            //    var alice = RSADiffieHellman.Create((RSADiffieHellmanGroup)group);
-            //    var bob = RSADiffieHellman.Create((RSADiffieHellmanGroup)group);
-
-            //    var aliceNonce = alice.GetNonce();
-            //    var bobNonce = bob.GetNonce();
-
-            //    var bobAtAlice = RSADiffieHellman.Create(bobNonce);
-            //    var aliceAtBob = RSADiffieHellman.Create(aliceNonce);
-
-            //    var secret1 = alice.DeriveRawSecretAgreement(bobAtAlice);
-            //    CryptoTrace.WriteLine(CryptoTrace.KeyToString(secret1));
-            //    var secret2 = bob.DeriveRawSecretAgreement(aliceAtBob);
-            //    CryptoTrace.WriteLine(CryptoTrace.KeyToString(secret2));
-            //}
-
             Console.WriteLine("OPC UA Console Reference Client");
 
             Console.WriteLine(
@@ -111,6 +94,7 @@ public static async Task Main(string[] args)
             bool leakChannels = false;
             bool forever = false;
             bool enableDurableSubscriptions = false;
+            bool connectAllEndpointDescriptions = true;
 
             var options = new Mono.Options.OptionSet
             {
@@ -281,6 +265,17 @@ public static async Task Main(string[] args)
                             enableDurableSubscriptions = true;
                         }
                     }
+                },
+                {
+                    "ca|connectall",
+                    "Connects using all published EndpointDescriptions.",
+                    ca =>
+                    {
+                        if (ca != null)
+                        {
+                            connectAllEndpointDescriptions = true;
+                        }
+                    }
                 }
             };
 
@@ -387,12 +382,15 @@ await application.DeleteApplicationInstanceCertificateAsync()
                 CancellationToken ct = quitCTS.Token;
                 ManualResetEvent quitEvent = ConsoleUtils.CtrlCHandler(quitCTS);
 
-                // insert security tester.
-                var tester = new SecurityTestClient.RunTest(config, telemetry);
-
-                if (await tester.RunAsync(quitEvent, ct).ConfigureAwait(false))
+                // handle connect all endpoints test.
+                if (connectAllEndpointDescriptions)
                 {
-                    return;
+                    var tester = new SecurityTestClient.RunConnectAll(config, telemetry);
+
+                    if (await tester.RunAsync(quitEvent, ct).ConfigureAwait(false))
+                    {
+                        return;
+                    }
                 }
 
                 var userIdentity = new UserIdentity();
diff --git a/Applications/ConsoleReferenceClient/Quickstarts.ReferenceClient.Config.xml b/Applications/ConsoleReferenceClient/Quickstarts.ReferenceClient.Config.xml
index 48028419bf..f067984d1d 100644
--- a/Applications/ConsoleReferenceClient/Quickstarts.ReferenceClient.Config.xml
+++ b/Applications/ConsoleReferenceClient/Quickstarts.ReferenceClient.Config.xml
@@ -13,35 +13,35 @@
     <ApplicationCertificates>
       <CertificateIdentifier>
         <StoreType>Directory</StoreType>
-        <StorePath>./pki/own</StorePath>
+        <StorePath>../../pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Client, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>RsaSha256</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>NistP256</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>./pki/own</StorePath>
+        <StorePath>../../pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Client, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>NistP256</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>NistP384</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>./pki/own</StorePath>
+        <StorePath>../../pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference client, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>NistP384</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>BrainpoolP256r1</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>./pki/own</StorePath>
+        <StorePath>../../pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Client, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>BrainpoolP256r1</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>BrainpoolP384r1</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>./pki/own</StorePath>
+        <StorePath>../../pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Client, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>BrainpoolP384r1</CertificateTypeString>
       </CertificateIdentifier>
@@ -49,17 +49,17 @@
     <!-- Where the issuer certificate are stored (certificate authorities) -->
     <TrustedIssuerCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>./pki/issuer</StorePath>
+      <StorePath>../../pki/issuer</StorePath>
     </TrustedIssuerCertificates>
     <!-- Where the trust list is stored -->
     <TrustedPeerCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>./pki/trusted</StorePath>
+      <StorePath>../../pki/trusted</StorePath>
     </TrustedPeerCertificates>
     <!-- The directory used to store invalid certificates for later review by the administrator. -->
     <RejectedCertificateStore>
       <StoreType>Directory</StoreType>
-      <StorePath>./pki/rejected</StorePath>
+      <StorePath>../../pki/rejected</StorePath>
     </RejectedCertificateStore>
     <MaxRejectedCertificates>5</MaxRejectedCertificates>
     <!-- WARNING: The following setting (to automatically accept untrusted certificates) should be used
@@ -75,12 +75,12 @@
     <!-- Where the User issers list is stored-->
     <UserIssuerCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>./pki/userIssuer</StorePath>
+      <StorePath>../../pki/userIssuer</StorePath>
     </UserIssuerCertificates>
     <!-- Where the User trust list is stored-->
     <TrustedUserCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>./pki/trustedUser</StorePath>
+      <StorePath>../../pki/trustedUser</StorePath>
     </TrustedUserCertificates>
   </SecurityConfiguration>
   <TransportConfigurations></TransportConfigurations>
diff --git a/Applications/ConsoleReferenceClient/RunTest.cs b/Applications/ConsoleReferenceClient/RunConnectAll.cs
similarity index 99%
rename from Applications/ConsoleReferenceClient/RunTest.cs
rename to Applications/ConsoleReferenceClient/RunConnectAll.cs
index 116b728d43..0d0c22281e 100644
--- a/Applications/ConsoleReferenceClient/RunTest.cs
+++ b/Applications/ConsoleReferenceClient/RunConnectAll.cs
@@ -15,7 +15,7 @@
 
 namespace SecurityTestClient
 {
-    internal sealed class RunTest
+    internal sealed class RunConnectAll
     {
         private readonly Lock m_lock = new();
         private SessionReconnectHandler m_reconnectHandler;
@@ -30,7 +30,7 @@ internal sealed class RunTest
         const int ReconnectPeriod = 1000;
         const int ReconnectPeriodExponentialBackoff = 15000;
 
-        public RunTest(ApplicationConfiguration configuration, ITelemetryContext context)
+        public RunConnectAll(ApplicationConfiguration configuration, ITelemetryContext context)
         {
             m_context = context;
             m_configuration = configuration;
@@ -118,7 +118,7 @@ public async Task<bool> RunAsync(ManualResetEvent quitEvent, CancellationToken c
                 foreach (var ii in endpoints)
                 {
                     var userCertificateFile = GetUserCertificateFile(ii.SecurityPolicyUri);
-                    var x509 = X509CertificateLoader.LoadCertificateFromFile(Path.Combine(".\\pki\\trustedUser\\certs", userCertificateFile));
+                    var x509 = X509CertificateLoader.LoadCertificateFromFile(Path.Combine("..\\..\\pki\\trustedUser\\certs", userCertificateFile));
                     var thumbprint = x509.Thumbprint;
 
                     var certificateIdentity = await LoadUserCertificateAsync(thumbprint, "password", ct).ConfigureAwait(false);
diff --git a/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml b/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
index 5de749c282..b612da440e 100644
--- a/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
+++ b/Applications/ConsoleReferenceServer/Quickstarts.ReferenceServer.Config.xml
@@ -14,35 +14,35 @@
     <ApplicationCertificates>
       <CertificateIdentifier>
         <StoreType>Directory</StoreType>
-        <StorePath>./pki/own</StorePath>
+        <StorePath>../../pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Server, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>RsaSha256</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>NistP256</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>./pki/own</StorePath>
+        <StorePath>../../pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Server, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>NistP256</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>NistP384</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>./pki/own</StorePath>
+        <StorePath>../../pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Server, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>NistP384</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>BrainpoolP256r1</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>./pki/own</StorePath>
+        <StorePath>../../pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Server, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>BrainpoolP256r1</CertificateTypeString>
       </CertificateIdentifier>
       <CertificateIdentifier>
         <!-- <TypeId>BrainpoolP384r1</TypeId> -->
         <StoreType>Directory</StoreType>
-        <StorePath>./pki/own</StorePath>
+        <StorePath>../../pki/own</StorePath>
         <SubjectName>CN=Quickstart Reference Server, C=US, S=Arizona, O=OPC Foundation, DC=localhost</SubjectName>
         <CertificateTypeString>BrainpoolP384r1</CertificateTypeString>
       </CertificateIdentifier>
@@ -51,17 +51,17 @@
     <!-- Where the issuer certificate are stored (certificate authorities) -->
     <TrustedIssuerCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>./pki/issuer</StorePath>
+      <StorePath>../../pki/issuer</StorePath>
     </TrustedIssuerCertificates>
     <!-- Where the trust list is stored -->
     <TrustedPeerCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>./pki/trusted</StorePath>
+      <StorePath>../../pki/trusted</StorePath>
     </TrustedPeerCertificates>
     <!-- The directory used to store invalid certificates for later review by the administrator. -->
     <RejectedCertificateStore>
       <StoreType>Directory</StoreType>
-      <StorePath>./pki/rejected</StorePath>
+      <StorePath>../../pki/rejected</StorePath>
     </RejectedCertificateStore>
     <MaxRejectedCertificates>5</MaxRejectedCertificates>
     <!-- WARNING: The following setting (to automatically accept untrusted certificates) should be used
@@ -77,12 +77,12 @@
     <!-- Where the User issuer certificates are stored -->
     <UserIssuerCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>./pki/issuerUser</StorePath>
+      <StorePath>../../pki/issuerUser</StorePath>
     </UserIssuerCertificates>
     <!-- Where the User trust list is stored-->
     <TrustedUserCertificates>
       <StoreType>Directory</StoreType>
-      <StorePath>./pki/trustedUser</StorePath>
+      <StorePath>../../pki/trustedUser</StorePath>
     </TrustedUserCertificates>
   </SecurityConfiguration>
   <TransportConfigurations></TransportConfigurations>
@@ -135,7 +135,6 @@
         <SecurityMode>SignAndEncrypt_3</SecurityMode>
         <SecurityPolicyUri></SecurityPolicyUri>
       </ServerSecurityPolicy>
-      -->
       <ServerSecurityPolicy>
         <SecurityMode>Sign_2</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>
@@ -144,6 +143,7 @@
         <SecurityMode>SignAndEncrypt_3</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>
       </ServerSecurityPolicy>
+      -->
       <ServerSecurityPolicy>
         <SecurityMode>Sign_2</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AesGcm</SecurityPolicyUri>
@@ -152,6 +152,7 @@
         <SecurityMode>SignAndEncrypt_3</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_nistP256_AesGcm</SecurityPolicyUri>
       </ServerSecurityPolicy>
+        <!--
       <ServerSecurityPolicy>
         <SecurityMode>Sign_2</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#ECC_brainpoolP384r1_ChaChaPoly</SecurityPolicyUri>
@@ -168,6 +169,7 @@
         <SecurityMode>SignAndEncrypt_3</SecurityMode>
         <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#RSA_DH_AesGcm</SecurityPolicyUri>
       </ServerSecurityPolicy>
+      -->
       <!--<ServerSecurityPolicy>
         <SecurityMode>Sign_2</SecurityMode>-->
         <!--<SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>-->
diff --git a/Libraries/Opc.Ua.Client/Session/Session.cs b/Libraries/Opc.Ua.Client/Session/Session.cs
index 6d7b91ce69..873635dcf3 100644
--- a/Libraries/Opc.Ua.Client/Session/Session.cs
+++ b/Libraries/Opc.Ua.Client/Session/Session.cs
@@ -1527,7 +1527,6 @@ public async Task UpdateSessionAsync(
             // send the software certificates assigned to the client.
             SignedSoftwareCertificateCollection clientSoftwareCertificates = new();
 
-            // during debugging send the sesson transfer token on all activations.
             RequestHeader? requestHeader = CreateRequestHeaderForActivateSession(
                 securityPolicy,
                 tokenSecurityPolicyUri);
diff --git a/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs b/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs
index 6301776680..cc6e55fa91 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/CryptoUtils.cs
@@ -562,6 +562,7 @@ public static ArraySegment<byte> SymmetricEncryptAndSign(
             byte[] encryptingKey,
             byte[] iv,
             byte[] signingKey = null,
+            HMAC hmac = null,
             bool signOnly = false,
             uint tokenId = 0,
             uint lastSequenceNumber = 0)
@@ -604,7 +605,6 @@ public static ArraySegment<byte> SymmetricEncryptAndSign(
 
             if (signingKey != null)
             {
-                using HMAC hmac = securityPolicy.CreateSignatureHmac(signingKey);
                 byte[] hash = hmac.ComputeHash(data.Array, 0, data.Offset + data.Count);
 
                 Buffer.BlockCopy(
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs b/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs
index b497d2ea71..c1af365da7 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/ChannelToken.cs
@@ -28,6 +28,7 @@
  * ======================================================================*/
 
 using System;
+using System.Security.Cryptography;
 
 namespace Opc.Ua.Bindings
 {
@@ -52,6 +53,18 @@ private void Dispose(bool disposing)
         {
             if (!m_disposed)
             {
+                if (ServerHmac != null)
+                {
+                    ServerHmac.Dispose();
+                    ServerHmac = null;
+                }
+
+                if (ClientHmac != null)
+                {
+                    ClientHmac.Dispose();
+                    ClientHmac = null;
+                }
+
                 m_disposed = true;
             }
         }
@@ -167,5 +180,15 @@ public void Dispose()
         /// The initialization vector by the server when encrypting a message.
         /// </summary>
         internal byte[] ServerInitializationVector { get; set; }
+
+        /// <summary>
+        /// A pre-allocated HMAC used to improve performance for SecurityPolicies that need it.
+        /// </summary>
+        internal HMAC ServerHmac { get; set; }
+
+        /// <summary>
+        /// A pre-allocated HMAC used to improve performance for SecurityPolicies that need it.
+        /// </summary>
+        internal HMAC ClientHmac { get; set; }
     }
 }
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs
index 6061fbad68..f306901e0c 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/TcpServerChannel.cs
@@ -304,8 +304,6 @@ protected override bool HandleIncomingMessage(
             {
                 SetResponseRequired(true);
 
-                //m_logger.LogWarning("IN:{Id}", TcpMessageType.GetTypeAndSize(messageChunk));
-
                 try
                 {
                     // process a response.
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
index 910ea33e91..3445be72a9 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryChannel.Symmetric.cs
@@ -45,12 +45,12 @@ public partial class UaSCUaBinaryChannel
         /// <summary>
         /// Returns the current security token.
         /// </summary>
-        protected ChannelToken PreviousToken { get; private set; }
+        protected internal ChannelToken PreviousToken { get; private set; }
 
         /// <summary>
         /// Returns the renewed but not yet activated token.
         /// </summary>
-        protected ChannelToken RenewedToken { get; private set; }
+        protected internal ChannelToken RenewedToken { get; private set; }
 
         /// <summary>
         /// Called when the token changes
@@ -195,12 +195,14 @@ private void DeriveKeysWithPSHA(
                 token.ServerSigningKey = signingKey;
                 token.ServerEncryptingKey = encryptingKey;
                 token.ServerInitializationVector = iv;
+                token.ServerHmac = SecurityPolicy.CreateSignatureHmac(signingKey);
             }
             else
             {
                 token.ClientSigningKey = signingKey;
                 token.ClientEncryptingKey = encryptingKey;
                 token.ClientInitializationVector = iv;
+                token.ClientHmac = SecurityPolicy.CreateSignatureHmac(signingKey);
             }
         }
 
@@ -521,6 +523,7 @@ private ArraySegment<byte> EncryptAndSign(
                 useClientKeys ? token.ClientEncryptingKey : token.ServerEncryptingKey,
                 useClientKeys ? token.ClientInitializationVector : token.ServerInitializationVector,
                 useClientKeys ? token.ClientSigningKey : token.ServerSigningKey,
+                useClientKeys ? token.ClientHmac : token.ServerHmac,
                 this.SecurityMode == MessageSecurityMode.Sign,
                 token.TokenId,
                 (uint)(m_localSequenceNumber - 1)); // already incremented to create this message. need the last one sent.
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs
index 1a75441c2d..fcbbcea5e7 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs
@@ -842,8 +842,6 @@ protected override bool HandleIncomingMessage(
             uint messageType,
             ArraySegment<byte> messageChunk)
         {
-            //m_logger.LogWarning("IN:{Size}", TcpMessageType.GetTypeAndSize(messageChunk));
-
             // process a response.
             if (TcpMessageType.IsType(messageType, TcpMessageType.Message))
             {

From 387ad76b77de3085b2745bdd53e025bda37195f6 Mon Sep 17 00:00:00 2001
From: Randy Armstrong <randy@sparhawksoftware.com>
Date: Wed, 17 Dec 2025 22:23:05 -0800
Subject: [PATCH 11/15] Fix CoPilot flagged spelling errors.

---
 Libraries/Opc.Ua.Server/Server/StandardServer.cs | 4 ++--
 Libraries/Opc.Ua.Server/Session/ISession.cs      | 2 +-
 Libraries/Opc.Ua.Server/Session/Session.cs       | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Libraries/Opc.Ua.Server/Server/StandardServer.cs b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
index 74b7455913..17b6d0c582 100644
--- a/Libraries/Opc.Ua.Server/Server/StandardServer.cs
+++ b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
@@ -659,7 +659,7 @@ protected virtual AdditionalParametersType CreateSessionProcessAdditionalParamet
                         if (securityPolicy.EphemeralKeyAlgorithm != CertificateKeyAlgorithm.None)
                         {
                             session.SetUserTokenSecurityPolicy(policyUri);
-                            EphemeralKeyType key = session.GetNewEphmeralKey();
+                            EphemeralKeyType key = session.GetNewEphemeralKey();
                             response.Parameters.Add(
                                 new KeyValuePair
                                 {
@@ -699,7 +699,7 @@ protected virtual AdditionalParametersType ActivateSessionProcessAdditionalParam
         {
             AdditionalParametersType response = null;
 
-            EphemeralKeyType key = session.GetNewEphmeralKey();
+            EphemeralKeyType key = session.GetNewEphemeralKey();
 
             if (key != null)
             {
diff --git a/Libraries/Opc.Ua.Server/Session/ISession.cs b/Libraries/Opc.Ua.Server/Session/ISession.cs
index 8b447b087a..3674cf4597 100644
--- a/Libraries/Opc.Ua.Server/Session/ISession.cs
+++ b/Libraries/Opc.Ua.Server/Session/ISession.cs
@@ -134,7 +134,7 @@ bool Activate(
         /// Create new ECC ephemeral key
         /// </summary>
         /// <returns>A new ephemeral key</returns>
-        EphemeralKeyType GetNewEphmeralKey();
+        EphemeralKeyType GetNewEphemeralKey();
 
         /// <summary>
         /// Checks if the secure channel is currently valid.
diff --git a/Libraries/Opc.Ua.Server/Session/Session.cs b/Libraries/Opc.Ua.Server/Session/Session.cs
index dc2ecd3880..e6501b3770 100644
--- a/Libraries/Opc.Ua.Server/Session/Session.cs
+++ b/Libraries/Opc.Ua.Server/Session/Session.cs
@@ -305,7 +305,7 @@ public virtual void SetUserTokenSecurityPolicy(string securityPolicyUri)
         /// Create new ECC ephemeral key
         /// </summary>
         /// <returns>A new ephemeral key</returns>
-        public virtual EphemeralKeyType GetNewEphmeralKey()
+        public virtual EphemeralKeyType GetNewEphemeralKey()
         {
             lock (m_lock)
             {

From 61530986566d9b082866398cd3532436f24387a0 Mon Sep 17 00:00:00 2001
From: Randy Armstrong <randy@sparhawksoftware.com>
Date: Wed, 17 Dec 2025 22:45:10 -0800
Subject: [PATCH 12/15] Rename EccUtils to CryptoUtils

---
 Libraries/Opc.Ua.Gds.Server.Common/CertificateGroup.cs | 2 +-
 Tests/Opc.Ua.Gds.Tests/PushTest.cs                     | 4 ++--
 Tests/Opc.Ua.Security.Certificates.Tests/CRLTests.cs   | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Libraries/Opc.Ua.Gds.Server.Common/CertificateGroup.cs b/Libraries/Opc.Ua.Gds.Server.Common/CertificateGroup.cs
index d23cd51d2c..a9969e985d 100644
--- a/Libraries/Opc.Ua.Gds.Server.Common/CertificateGroup.cs
+++ b/Libraries/Opc.Ua.Gds.Server.Common/CertificateGroup.cs
@@ -674,7 +674,7 @@ private static bool TryGetECCCurve(NodeId certificateType, out ECCurve curve)
                 return false;
             }
             curve =
-                EccUtils.GetCurveFromCertificateTypeId(certificateType)
+                CryptoUtils.GetCurveFromCertificateTypeId(certificateType)
                 ?? throw new ServiceResultException(
                     StatusCodes.BadNotSupported,
                     $"The certificate type {certificateType} is not supported.");
diff --git a/Tests/Opc.Ua.Gds.Tests/PushTest.cs b/Tests/Opc.Ua.Gds.Tests/PushTest.cs
index a4e3ee2807..deeef0b057 100644
--- a/Tests/Opc.Ua.Gds.Tests/PushTest.cs
+++ b/Tests/Opc.Ua.Gds.Tests/PushTest.cs
@@ -764,7 +764,7 @@ public async Task UpdateCertificateSelfSignedAsync(string keyFormat)
 
             X509Certificate2 newCert;
 
-            ECCurve? curve = EccUtils.GetCurveFromCertificateTypeId(m_certificateType);
+            ECCurve? curve = CryptoUtils.GetCurveFromCertificateTypeId(m_certificateType);
 
             if (curve != null)
             {
@@ -1286,7 +1286,7 @@ private async Task CreateCATestCertsAsync(string tempStorePath, ITelemetryContex
             var certificateStoreIdentifier = new CertificateStoreIdentifier(tempStorePath, false);
             Assert.IsTrue(EraseStore(certificateStoreIdentifier, telemetry));
             const string subjectName = "CN=CA Test Cert, O=OPC Foundation";
-            ECCurve? curve = EccUtils.GetCurveFromCertificateTypeId(m_certificateType);
+            ECCurve? curve = CryptoUtils.GetCurveFromCertificateTypeId(m_certificateType);
 
             if (curve != null)
             {
diff --git a/Tests/Opc.Ua.Security.Certificates.Tests/CRLTests.cs b/Tests/Opc.Ua.Security.Certificates.Tests/CRLTests.cs
index d04e798ce6..1f668787e2 100644
--- a/Tests/Opc.Ua.Security.Certificates.Tests/CRLTests.cs
+++ b/Tests/Opc.Ua.Security.Certificates.Tests/CRLTests.cs
@@ -111,7 +111,7 @@ public CRLTests(string certificateTypeString, NodeId certificateType)
         [OneTimeSetUp]
         protected void OneTimeSetUp()
         {
-            ECCurve? curve = EccUtils.GetCurveFromCertificateTypeId(m_certificateType);
+            ECCurve? curve = CryptoUtils.GetCurveFromCertificateTypeId(m_certificateType);
 
             if (curve != null)
             {

From e46ff9abd03cb5b1000e788b3559fc67161ef94e Mon Sep 17 00:00:00 2001
From: Suciu Mircea Adrian <Mircea-Adrian.Suciu@softing.com>
Date: Thu, 18 Dec 2025 09:36:37 +0200
Subject: [PATCH 13/15] Update version from 1.5.378-preview to 1.5.378

---
 version.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.json b/version.json
index 2384e1c39b..2dc9e72bb2 100644
--- a/version.json
+++ b/version.json
@@ -1,6 +1,6 @@
 {
   "$schema": "https://raw.githubusercontent.com/AArnott/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
-  "version": "1.5.378-preview",
+  "version": "1.5.378",
   "versionHeightOffset": 0,
   "nugetPackageVersion": {
     "semVer": 2

From dc0b110aa725d54c38b1f58583ea704cf512f4f8 Mon Sep 17 00:00:00 2001
From: Randy Armstrong <randy@sparhawksoftware.com>
Date: Wed, 17 Dec 2025 23:57:21 -0800
Subject: [PATCH 14/15] Fix unit tests.

---
 .../Stack/Https/HttpsTransportChannel.cs        |  3 +++
 .../Stack/Tcp/UaSCBinaryTransportChannel.cs     |  3 +++
 .../Stack/Transport/ITransportChannel.cs        |  5 +++++
 .../Opc.Ua.Core/Stack/Transport/NullChannel.cs  |  4 ++++
 .../Opc.Ua.Core.Tests/Types/Nonce/NonceTests.cs | 17 ++++++++++-------
 .../Pkcs10CertificationRequestTests.cs          |  4 +++-
 Tests/Opc.Ua.Server.Tests/ServerFixtureUtils.cs |  7 ++++++-
 7 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs b/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs
index fb7a5b7bb5..52a4b36b93 100644
--- a/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Https/HttpsTransportChannel.cs
@@ -134,6 +134,9 @@ public EndpointConfiguration EndpointConfiguration
         public IServiceMessageContext MessageContext
             => m_quotas?.MessageContext ?? throw BadNotConnected();
 
+        /// <inheritdoc/>
+        public ChannelToken CurrentToken => new();
+
         /// <inheritdoc/>
         public byte[] ChannelThumbprint => [];
 
diff --git a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs
index 3e26468f47..639cd07c76 100644
--- a/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs
@@ -120,6 +120,9 @@ public EndpointConfiguration EndpointConfiguration
         public IServiceMessageContext MessageContext
             => m_quotas?.MessageContext ?? throw BadNotConnected();
 
+        /// <inheritdoc/>
+        public ChannelToken CurrentToken => m_channel?.CurrentToken ?? new();
+
         /// <inheritdoc/>
         public byte[] ChannelThumbprint => m_channel?.ChannelThumbprint ?? [];
 
diff --git a/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs b/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs
index eee03aa083..7de67cf0f1 100644
--- a/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Transport/ITransportChannel.cs
@@ -51,6 +51,11 @@ public delegate void ChannelTokenActivatedEventHandler(
     /// </summary>
     public interface ISecureChannel
     {
+        /// <summary>
+        /// Gets the channel's current security token.
+        /// </summary>
+        ChannelToken? CurrentToken { get; }
+
         /// <summary>
         /// Register for token change events
         /// </summary>
diff --git a/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs b/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs
index 356c550ed6..b6787e56b5 100644
--- a/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs
+++ b/Stack/Opc.Ua.Core/Stack/Transport/NullChannel.cs
@@ -41,6 +41,10 @@ namespace Opc.Ua
     /// </summary>
     internal sealed class NullChannel : ITransportChannel, ISecureChannel
     {
+        /// <inheritdoc/>
+        public ChannelToken CurrentToken
+           => throw Unexpected(nameof(CurrentToken));
+
         /// <inheritdoc/>
         public TransportChannelFeatures SupportedFeatures
             => throw Unexpected(nameof(SupportedFeatures));
diff --git a/Tests/Opc.Ua.Core.Tests/Types/Nonce/NonceTests.cs b/Tests/Opc.Ua.Core.Tests/Types/Nonce/NonceTests.cs
index 9517ceb487..5a0ad14145 100644
--- a/Tests/Opc.Ua.Core.Tests/Types/Nonce/NonceTests.cs
+++ b/Tests/Opc.Ua.Core.Tests/Types/Nonce/NonceTests.cs
@@ -58,7 +58,8 @@ public void ValidateCreateNoncePolicyLength(string securityPolicyUri)
         {
             if (IsSupportedByPlatform(securityPolicyUri))
             {
-                uint nonceLength = Ua.Nonce.GetNonceLength(securityPolicyUri);
+                var info = Ua.SecurityPolicies.GetInfo(securityPolicyUri);
+                var nonceLength = info.SecureChannelNonceLength;
 
                 var nonce = Ua.Nonce.CreateNonce(securityPolicyUri);
 
@@ -84,10 +85,11 @@ public void ValidateCreateNoncePolicyNonceData(string securityPolicyUri)
         {
             if (IsSupportedByPlatform(securityPolicyUri))
             {
-                uint nonceLength = Ua.Nonce.GetNonceLength(securityPolicyUri);
+                var info = Ua.SecurityPolicies.GetInfo(securityPolicyUri);
+                var nonceLength = info.SecureChannelNonceLength;
                 var nonceByLen = Ua.Nonce.CreateNonce(securityPolicyUri);
 
-                var nonceByData = Ua.Nonce.CreateNonce(securityPolicyUri, nonceByLen.Data);
+                var nonceByData = Ua.Nonce.CreateNonce(info, nonceByLen.Data);
 
                 Assert.IsNotNull(nonceByData);
                 Assert.IsNotNull(nonceByData.Data);
@@ -113,11 +115,12 @@ public void ValidateCreateEccNoncePolicyInvalidNonceDataCorrectLength(
         {
             if (IsSupportedByPlatform(securityPolicyUri))
             {
-                uint nonceLength = Ua.Nonce.GetNonceLength(securityPolicyUri);
+                var info = Ua.SecurityPolicies.GetInfo(securityPolicyUri);
+                var nonceLength = info.SecureChannelNonceLength;
 
                 byte[] randomValue = Ua.Nonce.CreateRandomNonceData(nonceLength);
 
-                if (securityPolicyUri.Contains("ECC_", StringComparison.Ordinal))
+                if (info.CertificateKeyFamily == CertificateKeyFamily.ECC)
                 {
                     if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX) &&
                         (
@@ -128,11 +131,11 @@ public void ValidateCreateEccNoncePolicyInvalidNonceDataCorrectLength(
                             .Ignore("No exception is thrown on OSX with NIST curves");
                     }
                     NUnit.Framework.Assert.Throws<ArgumentException>(() =>
-                        Ua.Nonce.CreateNonce(securityPolicyUri, randomValue));
+                        Ua.Nonce.CreateNonce(info, randomValue));
                 }
                 else
                 {
-                    var rsaNonce = Ua.Nonce.CreateNonce(securityPolicyUri, randomValue);
+                    var rsaNonce = Ua.Nonce.CreateNonce(info, randomValue);
                     Assert.AreEqual(rsaNonce.Data, randomValue);
                 }
             }
diff --git a/Tests/Opc.Ua.Security.Certificates.Tests/Pkcs10CertificationRequestTests.cs b/Tests/Opc.Ua.Security.Certificates.Tests/Pkcs10CertificationRequestTests.cs
index 8109e9663f..19626f70b0 100644
--- a/Tests/Opc.Ua.Security.Certificates.Tests/Pkcs10CertificationRequestTests.cs
+++ b/Tests/Opc.Ua.Security.Certificates.Tests/Pkcs10CertificationRequestTests.cs
@@ -293,6 +293,8 @@ public void GetCertificationRequestInfoReturnsValidData()
             Assert.Greater(requestInfo.Length, 0);
         }
 
+        static readonly string[] kHosts = new[] { "localhost" };
+
         /// <summary>
         /// Test parsing multiple CSRs in sequence.
         /// </summary>
@@ -310,7 +312,7 @@ public void ParseMultipleCsrsInSequence()
                 using X509Certificate2 certificate = CertificateBuilder.Create(subject)
                     .SetNotBefore(DateTime.UtcNow.AddDays(-1))
                     .SetLifeTime(TimeSpan.FromDays(30))
-                    .AddExtension(new X509SubjectAltNameExtension(applicationUri, new[] { "localhost" }))
+                    .AddExtension(new X509SubjectAltNameExtension(applicationUri, kHosts))
                     .CreateForRSA();
 
                 byte[] csrData = CertificateFactory.CreateSigningRequest(certificate);
diff --git a/Tests/Opc.Ua.Server.Tests/ServerFixtureUtils.cs b/Tests/Opc.Ua.Server.Tests/ServerFixtureUtils.cs
index d453ac1244..ab28ead410 100644
--- a/Tests/Opc.Ua.Server.Tests/ServerFixtureUtils.cs
+++ b/Tests/Opc.Ua.Server.Tests/ServerFixtureUtils.cs
@@ -93,7 +93,12 @@ public static class ServerFixtureUtils
 
             // set security context
             var secureChannelContext
-                = new SecureChannelContext(sessionName, endpoint, RequestEncoding.Binary);
+                = new SecureChannelContext(
+                    sessionName, 
+                    endpoint, RequestEncoding.Binary,
+                    null,
+                    null,
+                    null);
             var requestHeader = new RequestHeader();
 
             // Create session

From e8befb73027a2d42322d6329c29b0c8e950685ef Mon Sep 17 00:00:00 2001
From: Randy Armstrong <randy@sparhawksoftware.com>
Date: Thu, 15 Jan 2026 19:12:01 -0800
Subject: [PATCH 15/15] Allow SignatureData.Algorithm to be NULL or Empty.

---
 .../ConsoleReferenceClient/generate_user_certificate.ps1  | 4 ++--
 .../Configuration/ConfigurationNodeManager.cs             | 1 +
 Libraries/Opc.Ua.Server/Server/StandardServer.cs          | 3 ---
 Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs  | 8 ++++----
 4 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/Applications/ConsoleReferenceClient/generate_user_certificate.ps1 b/Applications/ConsoleReferenceClient/generate_user_certificate.ps1
index 3174d24855..ee938f5431 100644
--- a/Applications/ConsoleReferenceClient/generate_user_certificate.ps1
+++ b/Applications/ConsoleReferenceClient/generate_user_certificate.ps1
@@ -1,6 +1,6 @@
 # 1. Ensure directories exist
-$certDir   = "./pki/trustedUser/certs"
-$privateDir = "./pki/trustedUser/private"
+$certDir   = "./bin/pki/trustedUser/certs"
+$privateDir = "./bin/pki/trustedUser/private"
 
 $curves = @(
     'nistP256',
diff --git a/Libraries/Opc.Ua.Server/Configuration/ConfigurationNodeManager.cs b/Libraries/Opc.Ua.Server/Configuration/ConfigurationNodeManager.cs
index 7f380579cf..d26458d4a0 100644
--- a/Libraries/Opc.Ua.Server/Configuration/ConfigurationNodeManager.cs
+++ b/Libraries/Opc.Ua.Server/Configuration/ConfigurationNodeManager.cs
@@ -391,6 +391,7 @@ public void HasApplicationSecureAdminAccess(ISystemContext context)
         }
 
         /// <inheritdoc/>
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Naming", "CA1725:Parameter names should match base declaration", Justification = "<Pending>")]
         public void HasApplicationSecureAdminAccess(
             ISystemContext context,
             CertificateStoreIdentifier _)
diff --git a/Libraries/Opc.Ua.Server/Server/StandardServer.cs b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
index 2757f8417c..0154890748 100644
--- a/Libraries/Opc.Ua.Server/Server/StandardServer.cs
+++ b/Libraries/Opc.Ua.Server/Server/StandardServer.cs
@@ -525,9 +525,6 @@ X509Certificate2Collection clientCertificateChain
                     // return the endpoints supported by the server.
                     serverEndpoints = GetEndpointDescriptions(endpointUrl, BaseAddresses, null);
 
-                    // return the software certificates assigned to the server.
-                    serverSoftwareCertificates = new();
-
                     // sign the nonce provided by the client.
                     serverSignature = null;
 
diff --git a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
index ae0972f558..aab7821d92 100644
--- a/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
+++ b/Stack/Opc.Ua.Core/Security/Constants/SecurityPolicies.cs
@@ -787,7 +787,7 @@ public static bool VerifySignatureData(
 
                 case AsymmetricSignatureAlgorithm.RsaPkcs15Sha256:
                 {
-                    if (signature.Algorithm == SecurityAlgorithms.RsaSha256)
+                    if (String.IsNullOrEmpty(signature.Algorithm) || signature.Algorithm == SecurityAlgorithms.RsaSha256)
                     {
                         return RsaUtils.Rsa_Verify(
                             new ArraySegment<byte>(dataToVerify),
@@ -801,7 +801,7 @@ public static bool VerifySignatureData(
 
                 case AsymmetricSignatureAlgorithm.RsaPssSha256:
                 {
-                    if (signature.Algorithm == SecurityAlgorithms.RsaPssSha256)
+                    if (String.IsNullOrEmpty(signature.Algorithm) || signature.Algorithm == SecurityAlgorithms.RsaPssSha256)
                     {
                         return RsaUtils.Rsa_Verify(
                             new ArraySegment<byte>(dataToVerify),
@@ -815,7 +815,7 @@ public static bool VerifySignatureData(
 
                 case AsymmetricSignatureAlgorithm.EcdsaSha256:
                 {
-                    if (signature.Algorithm == null || signature.Algorithm == securityPolicy.Uri)
+                    if (String.IsNullOrEmpty(signature.Algorithm) || signature.Algorithm == securityPolicy.Uri)
                     {
                         return CryptoUtils.Verify(
                             new ArraySegment<byte>(dataToVerify),
@@ -829,7 +829,7 @@ public static bool VerifySignatureData(
 
                 case AsymmetricSignatureAlgorithm.EcdsaSha384:
                 {
-                    if (signature.Algorithm == null || signature.Algorithm == securityPolicy.Uri)
+                    if (String.IsNullOrEmpty(signature.Algorithm) || signature.Algorithm == securityPolicy.Uri)
                     {
                         return CryptoUtils.Verify(
                             new ArraySegment<byte>(dataToVerify),