Application-Encrypted Messages


Updated: July 19, 2016

Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista

To encrypt a message body, the sending application must have an RC2 or RC4 symmetric key to encrypt the message body, as well as the public key of the receiving computer to encrypt the symmetric key. On the receiving side, the destination queue manager can decrypt the message only if the receiving computer is operating in domain mode.

System_CAPS_ICON_note.jpg Note

MSMQ 1.0 and 2.0 differences: MSMQ 1.0 does not provide the COM components needed to encrypt messages manually. When using the COM components provided by MSMQ 1.0, you must always allow Message Queuing to encrypt the message body for you. On the other hand, the MSMQ 2.0 COM components provide full encryption support. You can tell Message Queuing to encrypt the message body, or your application can encrypt the message body. MSMQ 3.0 includes equivalent COM objects for the cryptographic APIs, so that applications written in Visual Basic can send application-encrypted messages.

MSMQ 3.0 does not support sending application-encrypted messages to HTTP/HTTPS direct format names, multicast addresses, or distribution lists.

The following illustration shows the process needed to encrypt a message body.

<No Change>

When your application is encrypting messages, the following message properties must be set accordingly:

For information onSee
The security-related restrictions created by using direct format namesDirect Format Names
Sending Message Queuing-encrypted messagesMessage Queuing-Encrypted Messages
Reading private messages from the destination queueReading Private Messages