2.9.4.1.4.1 Message Integrity
Message integrity is achieved through the following sequence:
The sending application signs the message in the following steps:
Computes a hash from a set of message properties.
Encrypts the hash with the private key associated with the sender's certificate to generate a signature.
Attaches the signature and the certificate to the message.
The queue manager hosting the destination queue verifies the message integrity as follows:
Extracts the signature and certificate from the message.
 Decrypts the signature with the public key in the certificate to get the sender-generated hash.
Computes the hash from the same set of message properties.
Verifies the signature by comparing the sender-generated hash with the service-computed hash.
The signature format is protocol-specific. See [MS-MQMQ] section 2.2.20.6 for the binary protocol and [RFC3275] for the Message Queuing (MSMQ): SOAP Reliable Messaging Protocol (SRMP).
For more details about the hash algorithms, the message properties used for hashing, and the algorithm to encrypt and decrypt the hash, see [MS-MQMQ] section 2.2.20.6.