126.96.36.199.1 Signing the Message
The client MUST sign the message under the following conditions:
If the request message being sent contains a nonzero SessionId and a nonzero TreeId in the SMB2 header field, and the session identified by SessionId has Session.SigningRequired equal to TRUE and the tree connection identified by TreeId has TreeConnect.EncryptData equal to FALSE.
If Session.SigningRequired is FALSE, the client MAY<82> sign the request.
If the client implements the SMB 3.x dialect family, and if the request is for session set up, the client MUST use Session.SigningKey, and for all other requests the client MUST provide Channel.SigningKey by looking up the Channel in Session.ChannelList, where the connection matches the Channel.Connection. Otherwise, the client MUST use Session.SessionKey for signing the request. The client provides the key for signing, the length of the request, and the request itself, and calculates the signature as specified in section 188.8.131.52. If the client signs the request, it MUST set the SMB2_FLAGS_SIGNED bit in the Flags field of the SMB2 header.