Message encryption

By using message encryption, a message sender can be sure that the content of the message has not been modified before reaching the recipient.

When an application places a message on a queue, IBM® MQ Advanced Message Security checks if the target queue has a IBM MQ Advanced Message Security policy for signing or encryption. If encryption is required, IBM MQ Advanced Message Security signs and encrypts the data.

In addition to the signing process, IBM MQ Advanced Message Security encrypts the message data with a symmetric key, using the encryption algorithm specified in the IBM MQ Advanced Message Security policy associated with the target queue. The message is then addressed to each potential recipient specified in that policy, using the users' public keys.

When an application retrieves the message from the queue, IBM MQ Advanced Message Security verifies the signature and decrypts the message data using the private key of the recipient user.