Home
Security
Go beyond the norm in cybersecurity.
Security Features
Maintaining the control over production and the processes in the application has the highest priority in automation. Even measures to prevent security threats must not affect this.
Crypthographic functions
(CCL) - The Common Cryptography Library
The Common Cryptography Library (CCL) is a comprehensive cryptographic library that provides robust encryption and decryption functions using state-of-the-art algorithms.

Version Information
Release Notes, Update information, Certifications and Frequently Asked Questions.
Concepts
Your first step into modern and powerful process visualization.
Deployment
Topics, you need to know, before using WinCC OA.
Security
Go beyond the norm in cybersecurity.
- Security Features
  Maintaining the control over production and the processes in the application has the highest priority in automation. Even measures to prevent security threats must not affect this.
  - Authorization Concept
  - Certificates
  - Login
  - Login Framework
    The WinCC OA login framework provides a framework that is easy to extend. The WinCC OA login panels can be easily replaced by user-specific panels without having to re-implement the functionality.
  - Server Side Authentication
  - User-defined Login
  - Authentication via Kerberos, basics
    In a more and more networking world, a WinCC OA system could be exposed to different types of attacks. An unauthorized WinCC OA system could connect to the distribution manager or hackers could try to manipulate WinCC OA messages.
  - Basics on Encryption
  - Crypthographic functions
    - Use of CCL
      This chapter describes what the (CCL) - The Common Cryptography Library offers.
    - (CCL) - The Common Cryptography Library
      The Common Cryptography Library (CCL) is a comprehensive cryptographic library that provides robust encryption and decryption functions using state-of-the-art algorithms.
      - decrypt()
        Decrypts the specified ciphertext using the specified passphrase.
      - encrypt()
        Encrypts the given plaintext using the specified passphrase and configuration.
- Multiplexing Proxy
  The WinCC OA Multiplexing Proxy Manager is used to increase the security of your WinCC OA projects.
- Continuous Monitoring
  The Continuous Monitoring feature of WinCC OA provides an interface for external tools to read and validate log and error messages of Security Events that were generated by the WinCC OA.
- Security Events in WinCC OA
- Further References
Engineering
Powerful tools for easy or complex engineering tasks.
Data Management
Classify, structure and archive your data.
Business Logic / Control
Endless possibilities in data processing for your projects.
Data Visualization
User interfaces, Trends and Reports for every purpose and device.
Southbound Interfaces
The process connection to the actual machines/sensors.
Northbound Interfaces
Your portal to the cloud or supervising systems.
Web Connectivity / Network Interfaces
Data exchange, APIs and web technologies
User Management
All about authorization, authentication and login-customization.
Availability
How to get your system uptime to the maximum.
Reporting
Create state of the art project reports without limits.
Addons
Useful tools and enhancements for special demands.
Reference Tables
Detailed and extensive content for special project adaptation.
Videos & Tutorials
Explore the capabilities of WinCC OA with our carefully selected collection of video tutorials and guides.
WinCC OA Documentation
Basic information about terms and functions within the documentation.
Disclaimer
A brief clarification of liability exclusions or legal notices.

(CCL) - The Common Cryptography Library

The Common Cryptography Library (CCL) is a comprehensive cryptographic library that provides robust encryption and decryption functions using state-of-the-art algorithms.

It supports both symmetric (AES_256_CBC) and asymmetric (ENVELOPE_RSA_AES_256_CBC) cryptographic algorithms as well as HMAC-based mechanisms to ensure data integrity and authenticity. CCL protects critical or business-relevant information from third parties. CCL is also used for the encryption of the WinCC OA panels.

One of the main advantages of CCL is its independence from specific algorithms, which enables decryption without prior knowledge of the encryption algorithm used. In addition, CCL facilitates the deprecation of algorithms (due to security vulnerabilities or weak implementations) while retaining the ability to decrypt previously encrypted data. This feature allows you to focus on the business logic and not on the specifics of the cryptographic ciphers used.

In addition, CCL provides support for extensibility, versioning, error handling, single-layer execution and configuration, making it a versatile and reliable choice for cryptographic operations.

Note: CCL is not supported on the ITC platform.

Use of CCL

This chapter describes what the (CCL) - The Common Cryptography Library offers.

You can now use state-of-the-art crypto functions that use recommended configurations by default. (CCL) - The Common Cryptography Library offers both symmetric and asymmetric encryption with configurations that can be tailored to meet specific requirements. This allows you to focus more on implementing your business logic without having to worry about specific cryptographic algorithms, compatibility and vulnerabilities. Use the config entry useCommonCryptography for activating or deactivating (CCL) - The Common Cryptography Library.

Advantages

From CTRL's point of view, the recently introduced CTRL functions (see decrypt() and encrypt()) for encryption and decryption offer significant improvements. The encryption functions support configuration, while the decryption functions do not require any information about the cipher algorithm used for encryption. From the C++ perspective, completely new interfaces have been introduced that offer comprehensive error handling and configuration options.