Digital Signatures
Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista
Digital signatures are used to ensure message integrity. They are created by the Message Queuing runtime on the source computer, attached to the message when it is sent, and then used by the destination queue manager to verify that the message has not been modified.
Message Queuing provides the following types of digital signatures for messages that are not sent over HTTP/HTTPS or to a multicast address (non-SRMP messages):
MSMQ 1.0 signature
This signature uses a set of six message properties when creating the digital signature. (The properties used when creating this signature are listed below.)
MSMQ 2.0 signature
IThis enhanced signature uses a set of 15 message properties when creating the digital signature. These message properties include the six message properties used in the MSMQ 1.0 signature plus nine more. (The properties used when creating this signature are listed below.)
Multiple-destination digital signature
Introduced in MSMQ 3.0. This signature is only used for messages sent to distribution lists or multiple-element format names.
This signature uses one additional property not used to calculate MSMQ 2.0 signatures (the extension information property) and the same 15 message properties used to calculate MSMQ 2.0 signatures with one exception. Because messages signed with this signature are sent to multiple destination queues, the destination queue format name property is used instead of the destination queue property. This way, the same signature can be used for all copies of a message sent to multiple destinations. (The properties used when creating this signature are listed below.)
Applications can specify which type of digital signature Message Queuing will use for messages that are not sent over HTTP/HTTPS or to a multicast address (non-SRMP messages) by setting the authentication level property of the message (PROPID_M_AUTH_LEVEL or MSMQMessage.AuthLevel) or by adding and setting registry entries on the source and target computer. For information on the digital signature registry entries, see Digital Signature Registry Entries. For information on the digital signature used to sign SRMP messages, see XML Digital Signatures.
The digital signature is an encrypted hash value based on a set of message properties. The message properties for each digital signature type are listed below in the order that they are used when computing the hash.
Note
Message Queuing uses the first six properties for all digital signature types. The remaining properties are used only for certain types of digital signatures.
Correlation identifier property: PROPID_M_CORRELATIONID or MSMQMessage.CorrelationId
Application-specific property: PROPID_M_APPSPECIFIC or MSMQMessage.AppSpecific
Message body property: PROPID_M_BODY or MSMQMessage.Body
Message label property: PROPID_M_LABEL or MSMQMessage.Label
Response queue property: PROPID_M_RESP_QUEUE or MSMQMessage.ResponseQueueInfo
Administration queue property: PROPID_M_ADMIN_QUEUE or MSMQMessage.AdminQueueInfo
Extension information property (multiple-destination digital signatures only): PROPID_M_EXTENSION or MSMQMessage.Extension
Destination queue property (MSMQ 2.0 signatures only): PROPID_M_DEST_QUEUE or MSMQMessage.DestinationQueueInfo
Destination queue format name property (multiple-destination digital signatures only): PROPID_M_DEST_FORMAT_NAME or MSMQMessage.Destination.
Source computer identifier (MSMQ 2.0 and multiple-destination digital signatures only): PROPID_M_SRC_MACHINE_ID or MSMQMessage.SourceMachineGuid
Delivery mode property (MSMQ 2.0 and multiple-destination digital signatures only): PROPID_M_DELIVERY or MSMQMessage.Delivery
Message priority property (MSMQ 2.0 and multiple-destination digital signatures only): PROPID_M_PRIORITY or MSMQMessage.Priority
Message journaling property (MSMQ 2.0 and multiple-destination digital signatures only): PROPID_M_JOURNAL or MSMQMessage.Journal
Acknowledgment level property (MSMQ 2.0 and multiple-destination digital signatures only): PROPID_M_ACKNOWLEDGE or MSMQMessage.Ack
Message class property (MSMQ 2.0 and multiple-destination digital signatures only): PROPID_M_CLASS or MSMQMessage.Class
Body type property (MSMQ 2.0 and multiple-destination digital signatures only): PROPID_M_BODY_TYPE
Connector type property (MSMQ 2.0 and multiple-destination digital signatures only): PROPID_M_CONNECTOR_TYPE or MSMQMessage.ConnectorTypeGuid
XML Digital Signatures
When authentication is requested for an HTTP message (introduced in MSMQ 3.0) or a multicast message, which is also sent in SRMP (introduced in MSMQ 3.0), Message Queuing automatically signs it using an XML digital signature. For information on XML Digital Signatures, see XML Digital Signatures.