Application-Encrypted Messages

Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista

To encrypt a message body, the sending application must have an RC2 or RC4 symmetric key to encrypt the message body, as well as the public key of the receiving computer to encrypt the symmetric key. On the receiving side, the destination queue manager can decrypt the message only if the receiving computer is operating in domain mode.

MSMQ 3.0 does not support sending application-encrypted messages to HTTP/HTTPS direct format names, multicast addresses, or distribution lists.

The following illustration shows the process needed to encrypt a message body.

When your application is encrypting messages, the following message properties must be set accordingly:

• PROPID_M_BODY or MSMQMessage.Body

  This property contains encrypted message body while the message is sent.

• PROPID_M_CONNECTOR_TYPE or MSMQMessage.ConnectorTypeGuid

  In this case, this property tells Message Queuing on the sending computer that the destination symmetric key property was not set by Message Queuing.

• PROPID_M_DEST_SYMM_KEY or MSMQMessage.DestinationSymmetricKey

  This property contains the symmetric key needed to decrypt the message body.

• PROPID_M_ENCRYPTION_ALG or MSMQMessage.EncryptAlgorithm

  Message Queuing supports RC2 and RC4 encryption algorithms. The encryption algorithm must be specified when the symmetric key is created, used to encrypt the body of the message, then sent on to the receiving application.

• PROPID_M_PRIV_LEVEL or MSMQMessage.PrivLevel

  If your application is encrypting its messages with a 40-bit key, the privacy level property should be ignored. If your application is encrypting its messages with a 128-bit key, the privacy level property must be set to MQMSG_PRIV_LEVEL_BODY_ENHANCED.

More Information