Message encryption allows transfer of sensitive data from one point to another in a secure way. Encryption implies the transformation of plain text into cipher text which is not possible to read without the use of a "key". A key is also used to decrypt the cipher text into plain text.
Base Implementation
FioranoMQ versions 7.1 and upward support encryption. DES (Data Encryption Standards) is used as the default encryption algorithm. FioranoMQ intends to support more encryption algorithms in its future releases.
There are two types of encryption algorithms:
- secret key algorithms
- public key algorithms
In secret key algorithms, both the sender and the receiver need the same key for encryption and decryption. In public key algorithms, the public key is used for encryption that is published and the private key is used for decryption so that No secret information is exchanged. The private key is mathematically related to the public key. Theoretically, it is possible to compute the private key based on the public key. To avoid easy computation of the private key by unauthorized third parties, the computation is made as complex as possible. DES is based on a secret key cryptography.
An advantage of the secret key cryptography compared to public key cryptography is the faster speed of computation. Therefore, this method is recommended for bulk encryption and is commonly used over other methods. The encrypted text is compact.
The disadvantage of secret key cryptography is that the administration of keys can become complicated because of key sharing.
In setups where imparting key information happens in a secure way, secret key cryptography can be used. Public key cryptography is supposed to make secret key cryptography more secure and is used when such a need exists.
The message encryption function uses the library cryptix.jar provided by Cryptix for generating keys as well as for encryption. This file comes bundled with the FioranoMQ installation. It can be found in the FIORANO_HOME%/extlib/cryptix directory of the FioranoMQ installation.
Message Encryption Characteristics
FioranoMQ provides message encryption on 'per message' as well as on 'per destination' basis.
In 'per message' encryption, clients can enable or disable encryption for each message. 'Per message' encryption is done by a client before relaying data to the network. Decryption must be performed by the receiving client application prior to reading the message.
In 'per destination' encryption, all messages sent to a particular destination (topic or queue) are encrypted, thus providing a secure channel of delivery. A destination is marked as encrypted at the time of its creation. All messages published on this destination is delivered decrypted to subscribing applications. A client application, therefore, does not have to explicitly decrypt a received message.
Encryption involves only encrypting the payload of the message and not its JMS header. This allows usage of the same set of APIs associated with message headers as well as message selectors, irrespective of whether message encryption is enabled.