Skip to main content

Exchange set encryption and data protection

Available with ArcGIS Maritime license.

The standardized approach to encryption and digital signatures in S-100 ensures that exchange sets produced by different agencies can be reliably authenticated by any compliant ECDIS system. The encryption framework for S-100 exchange sets operates on multiple levels, creating a hierarchy of trust between S-100 software manufacturers, hydrographic authorities, and users.

To work with the encryption and data protection components of the S-100 Exchange Set Editor tool, a producing agency and certificates must be defined. This information is defined in the AgencyDetails.xml file included with the ArcGIS Pro program files. Before working with the cryptographic features of the S-100 Exchange Set Editor tool, ensure that the AgencyDetails.xml file has been appropriately configured.

Note:

An exchange set may still be generated without these required elements; however, real-world use is limited without a signed certificate. An S-100 ECDIS requires the presence of a valid certificate to load an S-100 exchange set.

Use the S-100 Exchange Set Editor tool to create encrypted exchange sets. The key security components of exchange set creation, which are performed by the editor, are described below.

  • Authentication—The authentication of exchange set data is handled by the inclusion of a digital signature. This digital signature is created using a certificate issued by the International Hydrographic Organization (IHO), or an intermediate certificate that references the IHO root certificate. Your identifying details and certificate paths are managed by the AgencyDetails.xml file. This XML must be appropriately configured for signed exchange sets to be created with the editor.

  • Compression with encryption—The system supports compressed and encrypted data packages, indicated by the compressionFlag and dataProtection exchange catalog attributes. These attributes allow for the secure, performant exchange of data. A user permit (USERPERMIT.TXT file) must be present for data protection to function.

  • Data permits—The data permit system provides a mechanism for controlling access to encrypted exchange sets. The user permit is a component of this system and is used during exchange set production and consumption. When a user permit is loaded in the editor, encryption parameters are automatically configured.