2.2.2.2 Packet Signing

The Signature for the packet is computed after the packet has been fully constructed and before the SecurityData field is updated. The Signature MUST be computed using the Session Header, Packet-specific Section, and Extended Options. The computation for the Signature of the packet MUST NOT include the Security Header.

The Hash for the packet MUST be computed using the cryptographic algorithm specified by HashAlgId in [MS-WDSMSI] section 2.2.1.

The computed Hash for the packet MUST be signed by the Private RSA Key (defined in [MS-WDSMSI].

The resulting Signature for the packet MUST be treated as a binary data, and a network byte order transformation MUST NOT be performed.