Skip To Content

Managing data for S-63 encrypted datasets

This topic describes how to best manage your S-63 encrypted datasets. The Maritime Chart Service supports both encrypted and unencrypted S-57 datasets within the same datasets folder. There is no technical restriction to set up separate map services.

Requesting USER_PERMIT.TXT from OEM

For the Maritime Chart Service to read S-63 encrypted datasets, the licensee of the Maritime Chart Service technology (data clients) must first request a user permit (USER_PERMIT.TXT) for each license of the Maritime Chart Service it plans to use for S-63 encrypted datasets.

To request a USER_PERMIT.TXT file, send an email to [email protected]. Once your USER_PERMIT.TXT files are received, you provide those permits to your data server, which processes the permit and provides the S-63 encrypted datasets.

Note:

You must specify on your data server that Esri is the OEM so it can apply the correct manufacturer key to the encryption process.

Setting up your map service to support S-63

To load S-63 encrypted datasets, the following S-63 certificates and permits as well as your CATALOG.031 file must be in certain folders.

  • IHO certificate (IHO.CRT)
  • User permit (USER_PERMIT.TXT)
  • Cell permit (PERMIT.TXT)
  • Exchange set catalog file (CATALOG.031)

IHO certificate (IHO.CRT)

The Schema Administrator (SA) Digital Certificate is always provided in a file named IHO.CRT by the data server. The IHO.CRT file is available from IHO at https://www.iho.int.

The IHO.CRT file must be placed in your controlfiles folder. Each license of Maritime Chart Service requires a unique USER_PERMIT.TXT file.

Note:

If you are running multiple map services with the Maritime Chart Service enabled and require S-63 encrypted datasets for each map service, you need to place the same IHO.CRT file under each controlfiles folder supporting that map service.

User permit (USER_PERMIT.TXT)

The USER_PERMIT.TXT file that you received from Esri must be placed in your controlfiles folder. Each license of Maritime Chart Service requires a unique USER_PERMIT.TXT file.

Note:

If you are running multiple map services with the Maritime Chart Service and require S-63 encrypted datasets for each map service, you need to place the same USER_PERMIT.TXT file under each controlfiles folder supporting that map service.

Cell permit (PERMIT.TXT)

The PERMIT.TXT file is provided to you by your data server when your S-63 encrypted datasets are delivered. Each delivery of encrypted data has a PERMIT.TXT file. PERMIT.TXT files must be placed in the same location as your S-63 encrypted datasets.

Delivery methods can vary between data servers, so the parent folder that contains the S-63 encrypted datasets that you are loading should be used to store the associated PERMIT.TXT file. The following images are examples of where the PERMIT.TXT file should be located based on S-63 Ed. 1.1.1 section 7.5.1.1 Folder Definitions.

PERMIT.TXT location for base load
PERMIT.TXT location for base load
PERMIT.TXT location for update load
PERMIT.TXT location for update load

Exchange set catalog file (CATALOG.031)

Typically, your S-63 encrypted datasets should be delivered in an exchange set format similar to S-63 Ed. 1.1.1 section 7.5.1.1 Folder Definitions. To decrypt your S-63 datasets, it is required that a CATALOG.031 file exist under the ENC_ROOT folder containing your data. The CATALOG.031 file contains the full path relative to the ENC_ROOT directory for all files contained within the exchange set, including ENC signature files.

Note:

Unlike loading unencrypted S-57 datasets, where you can load datasets with or without the existence of a CATALOG.031 file, loading S-63 encrypted datasets is only processed when a CATALOG.031 file exists. If no CATALOG.031 file is found and your data is encrypted, an 8211 open file error is written to your log file.

Loading S-63 encrypted datasets

Once you have ensured that your certificates and permits, as well as your CATALOG.031 file, are in the correct location, you can begin loading your S-63 encrypted datasets. The loading process is the same as loading S-57 datasets. The only difference is that S-63 encrypted datasets must have access to the IHO.CRT, USER_PERMIT.TXT, PERMIT.TXT, and CATALOG.031 files to properly decrypt the data.

Loading AIO S-63 encrypted datasets

Admiralty Information Overlay (AIO) datasets come encrypted with the same user_permit.txt that your ENC datasets were encrypted with and use the same IHO.CRT and PERMIT.TXT file. If your AIO datasets come with a separate PERMIT.TXT file, place that under the AIO folder in your datasets folder directory and the ENC PERMIT.TXT under the ENC folder. If you have a single PERMIT.TXT file for both, you can place the single PERMIT.TXT file under the dataset folder for both ENC and AIO.