Passing Private Messages

Passing private, encrypted messages between MSMQ and another message queue system is very similar to passing private messages between MSMQ applications. The only difference is a symmetric key that is exposed when sending a private message to the other message queue system.

The message properties used by private messages include:

Property	Description

PROPID_M_BODY	Contains encrypted message body.
PROPID_M_DEST_SYMM_KEY	Used to decrypt messages.
PROPID_M_DEST_SYMM_KEY_LEN	Specifies the length of the symmetric key.
PROPID_M_ENCRYPTION_ALG	Algorithm used to encrypt the message.
PROPID_QM_ENCRYPTION_PK	Must contain the public key of the destination queue (used when sending messages to an MSMQ queue.)

The implementation of the connector application plays a significant role when passing private messages to their destination.

Transparent connector applications pass the symmetric key, encryption algorithm, and the encrypted message body on to the Queue Manager of the destination queue. This is the same regardless of the direction the message is going. When using a transparent connector application, the public keys of all destination Queue Managers must be registered in Active Directory.

Non-transparent connector applications decrypt the message at the server and can pass on a clear-text message body or encrypt the message again (using the receiving systems encryption operations) and pass on a newly encrypted message body. When using a non-transparent connector application, all destination queues must use the public key of the connector application.

In addition to the type of connector application, there are two design considerations that should be taken into account:

When multiple servers are used (two or more servers are connected to the same foreign Connector Networks), only transparent connector applications can be used.
When sending messages from another message queue system to the MSMQ, the source application must get the public key of the destination queue before it can encrypt the message body. The source application must tell the connector application to call MQGetMachineProperties and pass back the public key found in PROPID_QM_ENCRYPTION_PK.
This means that there must be a level of trust between the connector application and the foreign Queue Manager. There is no way for the foreign Queue Manager to independently verify that the key it receives is the public key it requested.

Note For foreign message properties not supported by MSMQ, use PROPID_M_EXTENSION and PROPID_M_EXTENSION_LEN.

Caching the Symmetric Key

Non-transparent connector applications can cache the symmetric key to save time when decrypting private messages. If several messages arrive from the same source, there is no need to decrypt a symmetric key for each message.

To do this, the application must cache the identifier of the source computer and the decrypted and encrypted values of the symmetric key. The connector application can call PROPID_M_SRC_MACHINE_ID to retrieve the identifier of an MSMQ source machine.

When the next message arrives, the connector application can first check if a message has already arrived from that source machine. If the machine identifier is not found, the connector application will add it to the cached values.

If a previous message has arrived, the application can next test to see if the new encrypted key matches the cached encrypted key. If they match, the cached decrypted value can be used immediately. If they do not match, it will decrypt the new key (storing both the encrypted and decrypted values in the cache), using the new value to decrypt the message body.