Digital Signatures

 

Updated: July 19, 2016

Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista

Digital signatures are used to ensure message integrity. They are created by the Message Queuing runtime on the source computer, attached to the message when it is sent, and then used by the destination queue manager to verify that the message has not been modified.

Message Queuing provides the following types of digital signatures for messages that are not sent over HTTP/HTTPS or to a multicast address (non-SRMP messages):

  • MSMQ 1.0 signature

    This signature uses a set of six message properties when creating the digital signature. (The properties used when creating this signature are listed below.)

  • MSMQ 2.0 signature

    IThis enhanced signature uses a set of 15 message properties when creating the digital signature. These message properties include the six message properties used in the MSMQ 1.0 signature plus nine more. (The properties used when creating this signature are listed below.)

  • Multiple-destination digital signature

    Introduced in MSMQ 3.0. This signature is only used for messages sent to distribution lists or multiple-element format names.

    This signature uses one additional property not used to calculate MSMQ 2.0 signatures (the extension information property) and the same 15 message properties used to calculate MSMQ 2.0 signatures with one exception. Because messages signed with this signature are sent to multiple destination queues, the destination queue format name property is used instead of the destination queue property. This way, the same signature can be used for all copies of a message sent to multiple destinations. (The properties used when creating this signature are listed below.)

Applications can specify which type of digital signature Message Queuing will use for messages that are not sent over HTTP/HTTPS or to a multicast address (non-SRMP messages) by setting the authentication level property of the message (PROPID_M_AUTH_LEVEL or MSMQMessage.AuthLevel) or by adding and setting registry entries on the source and target computer. For information on the digital signature registry entries, see Digital Signature Registry Entries. For information on the digital signature used to sign SRMP messages, see XML Digital Signatures.

The digital signature is an encrypted hash value based on a set of message properties. The message properties for each digital signature type are listed below in the order that they are used when computing the hash.

System_CAPS_ICON_note.jpg Note

Message Queuing uses the first six properties for all digital signature types. The remaining properties are used only for certain types of digital signatures.

When authentication is requested for an HTTP message (introduced in MSMQ 3.0) or a multicast message, which is also sent in SRMP (introduced in MSMQ 3.0), Message Queuing automatically signs it using an XML digital signature. For information on XML Digital Signatures, see XML Digital Signatures.

XML Digital Signatures

Community Additions

ADD
Show: