Variant structures may be qualified (narrowed) by specifying a value
   for the selector prior to the type. For example, a




 
RFC 2246              The TLS Protocol Version 1.0          January 1999


       orange VariantRecord

   is a narrowed type of a VariantRecord containing a variant_body of
   type V2.

4.7. Cryptographic attributes

   The four cryptographic operations digital signing, stream cipher
   encryption, block cipher encryption, and public key encryption are
   designated digitally-signed, stream-ciphered, block-ciphered, and
   public-key-encrypted, respectively. A field's cryptographic
   processing is specified by prepending an appropriate key word
   designation before the field's type specification. Cryptographic keys
   are implied by the current session state (see Section 6.1).

   In digital signing, one-way hash functions are used as input for a
   signing algorithm. A digitally-signed element is encoded as an opaque
   vector , where the length is specified by the signing
   algorithm and key.

   In RSA signing, a 36-byte structure of two hashes (one SHA and one
   MD5) is signed (encrypted with the private key). It is encoded with
   PKCS #1 block type 0 or type 1 as described in [PKCS1].

   In DSS, the 20 bytes of the SHA hash are run directly through the
   Digital Signing Algorithm with no additional hashing. This produces
   two values, r and s. The DSS signature is an opaque vector, as above,
   the contents of which are the DER encoding of:

       Dss-Sig-Value  ::=  SEQUENCE  {
            r       INTEGER,
            s       INTEGER
       }

   In stream cipher encryption, the plaintext is exclusive-ORed with an
   identical amount of output generated from a cryptographically-secure
   keyed pseudorandom number generator.

   In block cipher encryption, every block of plaintext encrypts to a
   block of ciphertext. All block cipher encryption is done in CBC
   (Cipher Block Chaining) mode, and all items which are block-ciphered
   will be an exact multiple of the cipher block length.

   In public key encryption, a public key algorithm is used to encrypt
   data in such a way that it can be decrypted only with the matching
   private key. A public-key-encrypted element is encoded as an opaque
   vector , where the length is specified by the signing
   algorithm and key.




 
RFC 2246              The TLS Protocol Version 1.0          January 1999


   An RSA encrypted value is encoded with PKCS #1 block type 2 as
   described in [PKCS1].

   In the following example:

       stream-ciphered struct {
           uint8 field1;
           uint8 field2;
           digitally-signed opaque hash[20];
       } UserType;

   The contents of hash are used as input for the signing algorithm,
   then the entire structure is encrypted with a stream cipher. The
   length of this structure, in bytes would be equal to 2 bytes for
   field1 and field2, plus two bytes for the length of the signature,
   plus the length of the output of the signing algorithm. This is known
   due to the fact that the algorithm and key used for the signing are
   known prior to encoding or decoding this structure.

4.8. Constants

   Typed constants can be defined for purposes of specification by
   declaring a symbol of the desired type and assigning values to it.
   Under-specified types (opaque, variable length vectors, and
   structures that contain opaque) cannot be assigned values. No fields
   of a multi-element structure or vector may be elided.

   For example,

       struct {
           uint8 f1;
           uint8 f2;
       } Example1;