3.1.7.1.4 Signing the Packet

If Message.AuthenticationLevel is not None, the packet MUST be signed. The following steps MUST be performed to sign the packet:

• If Message.DestinationMultiQueueFormatName is set:

  • The protocol MUST compute a hash of the fields specified in [MS-MQMQ] section 2.5.3 for an MSMQ 3.0 digital signature, using the hash algorithm specified by the UserMessage.MessagePropertiesHeader.HashAlgorithm field.

  • The UserMessage.MultiQueueFormatHeader.Signature field MUST be set to the value of the hash encrypted using RSA and the sender private key.

• Otherwise:

  • The protocol MUST compute a hash of the fields specified in [MS-MQMQ] section 2.5 for the MSMQ digital signature type indicated by the value of the AuthenticationLevel ADM attribute of the Message ([MS-MQDMPR] section 3.1.1.12) ADM element, using the hash algorithm specified by the UserMessage.MessagePropertiesHeader.HashAlgorithm field.

  • The UserMessage.SecurityHeader.SecurityData.Signature field MUST be set to the value of the hash encrypted using RSA and the sender private key.