Menu Search

Chapter 9. Message Encryption

In some cases it is desirable to ensure no-one but the intended recipient(s) of a message will be able to read its contents. Using SSL/TLS to encrypt traffic travelling between client and broker only ensures that those snooping the network cannot read messages, however once the message arrives at the broker it is decrypted and so anyone with access to the broker can read the message. For such confidential information it is necessary to implement a mechanism of end-to-end encryption such that the sender of the message encrypts the message before sending, and the recipient(s), upon receiving the message, decrypt it with some secret known only to them.

Neither JMS nor AMQP provide any defined mechanism for message encryption, however it is possible for any application to build a message encryption scheme on top of a JMS API. For convenience the Client provides a built in mechanism for encryption and decrypting messages. This mechanism is currently only implemented in the Client for AMQP 0-8/0-9/0-9-1/0-10. If you use a different client you will be unable to read encrypted messages.

9.1. Overview

For each encrypted message which the client sends, a new message-specific secret key is generated. This secret key is used encrypt the message contents using symmetric encryption (currently only AES-256 is supported, although other algorithms may be added at a later date). For each intended recipient of the message, the client encrypts the secret key using the public key associated with the recipient, and adds this as a message header. On receipt of an encrypted message, the client looks to see if it has a private key which can decrypt the secret key. If the client is unable to decrypt the message (for instance, because they were not one of the intended recipients) then the message will be presented to the application as a BytesMessage containing the encrypted data.

In order to send an encrypted message it is necessary to know the Certificates of the intended recipients. Certificates can be distributed either through out-of-band mechanisms, or the Apache Qpid Broker-J can be used to distribute them to clients.

In order to receive an encrypted message it is necessary to have a Certificate (which needs to be distributed to those who you wish to send messages to you) and to have the private key associated with the certificate so that you can decrypt messages sent to you.

This feature requires the Java Cryptography Extension (JCE) Unlimited Strength policy files are installed in the JVM.