2.2.2.9 NTLMSSP_MESSAGE_SIGNATURE
The NTLMSSP_MESSAGE_SIGNATURE structure (section 3.4.4), specifies the signature block used for application message integrity and confidentiality. This structure is then passed back to the application, which embeds it within the application protocol messages, along with the NTLM-encrypted or integrity-protected application message data.
This structure MUST take one of the two following forms, depending on whether the NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag is negotiated: