The PROPID_M_HASH_ALG property identifies the hashing algorithm that Message Queuing uses when authenticating the message.
For MSMQ 1.0, 2.0, and 3.0, this property can be set to CALG_MD2, CALG_MD4, or CALG_MD5. For MSMQ 2.0 on Windows 2000 Service Pack 4 and MSMQ 3.0, this property can also be set to CALG_SHA1. The default value is CALG_MD5.
For MSMQ 4.0, this property can be set to CALG_SHA1 or CALG_SHA2. If weaker hash algorithms are enabled, this property can also be set to CALG_MD2, CALG_MD4, or CALG_MD5. The default value is CALG_SHA1.
For messages sent to HTTP/HTTPS or multicast addresses, it can be set only to CALG_MD5 or CALG_SHA1. The default value is CALG_SHA1.
To authenticate messages, the Message Queuing runtime on the source computer uses the hashing algorithm when creating a digital signature for a message. The target queue manager then uses the same hashing algorithm to authenticate the message when it is received.
To retrieve the hashing algorithm, specify PROPID_M_HASH_ALG in the MQMSGPROPS structure. Then call MQReceiveMessage or MQReceiveMessageByLookupId and examine the returned value. When retrieving this property, the type indicator can be set to VT_UI4 or VT_NULL. If you set the type indicator to VT_NULL, Message Queuing automatically changes the type indicator to VT_UI4 during the function call.
In MSMQ 4.0, support for algorithms such as MD2, MD4, MD5, and MAC have been disabled because these algorithms are considered less secure.
However, weaker algorithms can be enabled to support any Message Queuing applications that require them by adding the WeakHashAlgorithms registry key. If this registry key is not present, as is the case by default, then all weaker algorithms are disabled. If the registry key is present, then all weaker algorithms are enabled. To enable only certain weak algorithms, you must add the registry key and specify the values of those weaker algorithms that you want to continue to disable.
|WeakHashAlgorithms controls both incoming and outgoing messages. If it is not present, you cannot send messages that are signed with CALG_MD2, CALG_MD4, or CALG_MD5, and incoming messages that are signed with those algorithms will be rejected.|
|Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.|
To continue to disable certain weaker authentication algorithms:
Click Start, and in Start Search, type regedit, and then press ENTER.
Navigate to the following registry subkey:
On the Edit menu, point to New, and then click Key.
Type WeakHashAlgorithms as the name of the new registry key, and then press ENTER.
Right-click WeakHashAlgorithms, point to New, click DWORD (32-bit) Value, and then type any name for the new value.
Double-click the new DWORD (32-bit) Value, click Decimal, and then in Value data:, type the appropriate value for the algorithm you want to disable:
32769 for MD2
32770 for MD4
32771 for MD5
32773 for MAC
- 32769 for MD2
Click OK to close the Edit DWORD (32-bit) Value dialog box.
Create new DWORD (32-bit) values for additional algorithms that you want to also disable.
On the File menu, click Exit to close Registry Editor.
You can re-edit the registry to remove the respective value for an algorithm to support it.
If the Message Queuing application is run on Windows Vista and chooses a weaker authentication algorithm, Message Queuing will override the choice and use SHA1 instead, by default.
Equivalent COM Property
With COM components, the equivalent property for setting and retrieving the hashing algorithm is MSMQMessage.HashAlgorithm.
|For information on||See|
What Message Queuing does to authenticate messages
The following code fragments show how PROPID_M_HASH_ALG is included in arrays that can be used to initialize an MQMSGPROPS structure to specify and to retrieve the hashing algorithm.
To Specify the Hashing Algorithm
aMsgPropId[i] = PROPID_M_HASH_ALG; // Property ID aMsgPropVar[i].vt = VT_UI4; // Type indicator aMsgPropVar[i].ulVal = CALG_MD5; // Value i++;
To Retrieve the Hashing Algorithm
aMsgPropId[i] = PROPID_M_HASH_ALG; // Property ID aMsgPropVar[i].vt = VT_NULL; // Type indicator i++;