Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Encrypting

14 views
Skip to first unread message

Diane

unread,
Sep 9, 2008, 3:52:17 PM9/9/08
to
What kind of encryption can I put on a document being sent to a MSMQ that the
MSMQ can unencrypt?

I'd like to encrpt my document before I send it through the internet and
have the MSMQ unencrypt it upon receipt.

Is this possible? Is there any documentation on this subject?

Thanks (again) ;-)

John Breakwell (MSFT)

unread,
Sep 10, 2008, 10:47:02 AM9/10/08
to
Hi Diane,

No, that is not possible.

If you have an application that encrypts a document before putting it into
the message body then you will need a corresponding application at the other
end to unecrypt the document after reading it from the message body.

It is true that MSMQ can use encryption but MSMQ is just a network transport
so any encryption MSMQ uses is only to encrypt the network traffic on the
wire. MSMQ messages are always stored in clear text when they arrive at
their destination queue even if encryption is selected for the message.

To demonstrate the various layers of encryption, here's a hypothetical
example:

1 AppA on sending machine encrypts some data using a public certificate
2 AppA puts encrypted data into the body of a message
3 Destination queue is configured for "Privacy Level - Body" so AppA sets
the encrypted flag on the message
4 MSMQ uses an internal certificate to encrypte the message body
5 MSMQ connects to remote destination which demands the use of IPSEC.
6 The IPSEC service uses an internal certificate to encrypt the network
connection
7 MSMQ sends the message
8 IPSEC service on the destination machine unencrypts the IPSEC network
traffic using the internal IPSEC certificate
9 MSMQ service on the destination machine unencrypts the message body using
the internal MSMQ certificate
10 MSMQ message is delivered in clear text to the destination queue
11 Receiving app (AppB) reads the message from the queue
12 AppB reads the message body property and unencrypts the document using
the public certificate

Same sort of thing happens when you send messages to an MSMQ queue over
HTTPS.

Hope that helps.

Cheers
John Breakwell (MSFT)

"Diane" <Di...@discussions.microsoft.com> wrote in message
news:2E785A12-0730-4D01...@microsoft.com...

Diane

unread,
Sep 10, 2008, 4:26:09 PM9/10/08
to
My goal is to secure it while it travels.

I could use a MSMQ on each end if that would work.

Server 1, MSMQ-Outbound gets the xml document, encrypts it and sends it to
MSMQ-Inbound on Server 2 which decrypts the document at my other location.

Does that work?

I don't really care how they are stored because the locations are secure -
just the transport wire is not.

John Breakwell (MSFT)

unread,
Sep 11, 2008, 7:18:10 AM9/11/08
to
Hi Diane,

I've missed out an important item.
For MSMQ to encrypt on the wire, both sender and receiver have to be in the
same domain so that they both have access to the certificates stored in
Active Directory.

If sender and receiver are not in the same domain or are in workgroup mode
then using SSL to send Messages might be a good solution.
Application sends MSMQ messages over HTTPS to a webserver running the MSMQ
ISAPI extension.

If you use MSMQ at all then you need MSMQ at both ends.

Cheers
John Breakwell

"Diane" <Di...@discussions.microsoft.com> wrote in message

news:39390322-1515-45D1...@microsoft.com...

Diane

unread,
Sep 11, 2008, 9:11:01 AM9/11/08
to
Thank you. The servers are not on the same domain.

Do you where I may find more informatin about sending the documents this way?

I will be looking for information of how to send these documents using SSL
over HTTPS and what is ISAPI ...?

Regards,
Diane

Diane

unread,
Sep 11, 2008, 9:59:02 AM9/11/08
to
Now you've got me thinking ... I am currently using ftp to send the file ...
I wonder if I can use ftps to secure the transfer now instead?
0 new messages