2.9.4.1.4.1 Message Integrity

Message integrity is achieved through the following sequence:

  1. The sending application signs the message in the following steps:

    1. Computes a hash from a set of message properties.

    2. Encrypts the hash with the private key associated with the sender's certificate to generate a signature.

    3. Attaches the signature and the certificate to the message.

  2. The queue manager hosting the destination queue verifies the message integrity as follows:

    1. Extracts the signature and certificate from the message.

    2.  Decrypts the signature with the public key in the certificate to get the sender-generated hash.

    3. Computes the hash from the same set of message properties.

    4. Verifies the signature by comparing the sender-generated hash with the service-computed hash.

The signature format is protocol-specific. See [MS-MQMQ] section 2.2.20.6 for the binary protocol and [RFC3275] for the Message Queuing (MSMQ): SOAP Reliable Messaging Protocol (SRMP).

For more details about the hash algorithms, the message properties used for hashing, and the algorithm to encrypt and decrypt the hash, see [MS-MQMQ] section 2.2.20.6.