Application-Encrypted Messages

To encrypt a message body, the sending application must have an RC2 or RC4 symmetric key to encrypt the message body, as well as the public key of the receiving computer to encrypt the symmetric key. On the receiving side, the destination queue manager can decrypt the message only if the receiving computer is operating in domain mode.

MSMQ 1.0 and 2.0 differences: MSMQ 1.0 does not provide the COM components needed to encrypt messages manually. When using the COM components provided by MSMQ 1.0, you must always allow Message Queuing to encrypt the message body for you. On the other hand, the MSMQ 2.0 COM components provide full encryption support. You can tell Message Queuing to encrypt the message body, or your application can encrypt the message body. MSMQ 3.0 includes equivalent COM objects for the cryptographic APIs, so that applications written in Visual Basic can send application-encrypted messages.

MSMQ 3.0 does not support sending application-encrypted messages to HTTP/HTTPS direct format names, multicast addresses, or distribution lists.

The following illustration shows the process needed to encrypt a message body.

<No Change>

When your application is encrypting messages, the following message properties must be set accordingly:

More Information

For information on See

The security-related restrictions created by using direct format names

Direct Format Names

Sending Message Queuing-encrypted messages

Message Queuing-Encrypted Messages

Reading private messages from the destination queue

Reading Private Messages

© 2014 Microsoft