ISO Message Signing

The below is applicable for AMQP users only.

ASX has implemented ISO 20022 Business Application Header message signing to ensure that ISO 20022 Business Messages sent via the AMQP 1.0 channel can be validated by the receiver as being authentic and having integrity. This ensures the source of the message cannot be disputed and can be proven to have not been modified in transit. 

The method for ISO Message Signing is described in Annex A of the ISO 20022 Business Application Header Message Usage Guideline.  The document provides background reading and the steps in Appendix A that a developer will need to implement to ensure a valid signature is created.

ASX have provided additional detail in ISO 20022 Business Application Header Additional Information on how to implement message signing along with worked examples and code samples which are available via the CHESS Replacement FTP site (access to the FTP website is provided as part of the on boarding process).

ISO message signing was initially made optional in CDE, but from ITE1 and all higher environments ISO signing is mandatory. 

The security certificates used in ISO Message Signing are separate from those used for TLS.

Validating the certificate that was used to sign the message

In addition to verifying the signature of all messages sent by ASX, consuming applications must additionally validate the public certificate that ASX used to sign the message to ensure it's authenticity. 

The steps to achieve this are as follow;

  • Application must extract the public key certificate which is contained within every message sent by ASX, the certificate is located in the <ds:X509Certifcate> element of the BAH, refer here

  • The certificate must be verified that it's been issued by the expected ASX Certificate Authority. In ITE1 the ISO20022.PEM files containing the ASX intermediary and root certificates. In later stages of the project these will be available as a download directly from CSAM.

  • The Subject O (Organisation) field must contain the expected ASX organisation name (see below).

  • The Subject CN (Common Name) field must contain the expected value for the specific environment (see below).

Common Name
ITE1ASX Settlement Pty LimitedITE1 ASX ISO 20022 Signing
ITE2ASX Settlement Pty LimitedITE2 ASX ISO 20022 Signing
ITEMASX Settlement Pty LimitedTBD

Related Pages:

There are no related labels.

Browse Popular Pages:

No labels match these criteria.

This document provides general information only. ASX Limited (ABN 98 008 624 691) and its related bodies corporate (“ASX”) makes no representation or warranty with respect to the accuracy, reliability or completeness of the information. To the extent permitted by law, ASX and its employees, officers and contractors shall not be liable for any loss or damage arising in any way (including by way of negligence) from or in connection with any information provided or omitted or from anyone acting or refraining to act in reliance on this information.

© 2022 ASX Limited ABN 98 008 624 691