Encryption is the process of encrypting and decrypting messages, ensuring they cannot be read or used by anyone not authorized to do so. MSMQ supports encryption through the use of public and private keys. The MSMQ public key implementation is based on the Microsoft® CryptoAPI, and uses the Microsoft Base Cryptographic Provider version 1.0.
As with authentication, encryption of MSMQ messages requires the use of a cryptographic service provider (CSP). Even though you can install a variety of CSPs for authentication, the Microsoft Base Cryptographic Provider version 1.0 must be installed on any MSMQ server, independent client, or dependent client computer that sends or receives encrypted messages. (When you install the Microsoft Base Cryptographic Provider version 1.0, non-MSMQ applications can continue to use other CSPs for encryption.) The Microsoft Base Cryptographic Provider is included and installed with Windows NT version 4.0 and Internet Explorer version 3.0.
Note Computers running Windows 95 must have IE 3.01 or later installed to send and receive encrypted MSMQ messages. This is an MSMQ Beta 2 limitation.
You can specify whether a queue accepts encrypted messages, unencrypted messages, or both. If the queue privacy level is None, the queue accepts only unencrypted messages. If the queue privacy level is Optional, the queue accepts both unencrypted and encrypted messages. If the queue privacy level is Body, the queue accepts only encrypted messages.
Messages are encrypted at the source computer and decrypted at the destination computer¾they appear in the destination queue as clear text. If a queue's privacy level is Optional, a user can verify whether a message sent to the queue was encrypted or unencrypted by checking the message's properties in MSMQ Explorer.
When you use encryption, MSMQ message throughput is reduced significantly, although typically not as significantly as when using authentication. Encryption performance losses are most significant when you send few encrypted MSMQ messages to many different computers. However, when you send multiple messages to the same destination, only the first message sent takes significantly longer to send.
For more information on cryptography, public key encryption, and the Microsoft CryptoAPI, see the Microsoft Crypto Application Programmer's Guide, available on the Microsoft Web site at http://www.microsoft.com/intdev/security/. For information on implementing encryption in an MSMQ-based application, see the MSMQ SDK documentation.