content/releases/qpid-jms-amqp-0-x-6.3.1/jms-amqp-0-8-book/JMS-Client-Message-Encryption-Sending.html - qpid-site - Git at Google

 <!DOCTYPE html>
 <!--
  -
  - Licensed to the Apache Software Foundation (ASF) under one
  - or more contributor license agreements.  See the NOTICE file
  - distributed with this work for additional information
  - regarding copyright ownership.  The ASF licenses this file
  - to you under the Apache License, Version 2.0 (the
  - "License"); you may not use this file except in compliance
  - with the License.  You may obtain a copy of the License at
  -
  -   http://www.apache.org/licenses/LICENSE-2.0
  -
  - Unless required by applicable law or agreed to in writing,
  - software distributed under the License is distributed on an
  - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  - KIND, either express or implied.  See the License for the
  - specific language governing permissions and limitations
  - under the License.
  -
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
     <title>9.2.&#160;Sending an Encrypted Message - Apache Qpid&#8482;</title>
     <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
     <link rel="stylesheet" href="/site.css" type="text/css" async="async"/>
     <link rel="stylesheet" href="/deferred.css" type="text/css" defer="defer"/>
     <script type="text/javascript">var _deferredFunctions = [];</script>
     <script type="text/javascript" src="/deferred.js" defer="defer"></script>
     <!--[if lte IE 8]>
       <link rel="stylesheet" href="/ie.css" type="text/css"/>
       <script type="text/javascript" src="/html5shiv.js"></script>
     <![endif]-->

     <!-- Redirects for `go get` and godoc.org -->
     <meta name="go-import"
           content="qpid.apache.org git https://git-wip-us.apache.org/repos/asf/qpid-proton.git"/>
     <meta name="go-source"
           content="qpid.apache.org
 https://github.com/apache/qpid-proton/blob/go1/README.md
 https://github.com/apache/qpid-proton/tree/go1{/dir}
 https://github.com/apache/qpid-proton/blob/go1{/dir}/{file}#L{line}"/>
   </head>
   <body>
     <div id="-content">
       <div id="-top" class="panel">
         <a id="-menu-link"><img width="16" height="16" src="" alt="Menu"/></a>

         <a id="-search-link"><img width="22" height="16" src="" alt="Search"/></a>

         <ul id="-global-navigation">
           <li><a id="-logotype" href="/index.html">Apache Qpid<sup>&#8482;</sup></a></li>
           <li><a href="/documentation.html">Documentation</a></li>
           <li><a href="/download.html">Download</a></li>
           <li><a href="/discussion.html">Discussion</a></li>
         </ul>
       </div>

       <div id="-menu" class="panel" style="display: none;">
         <div class="flex">
           <section>
             <h3>Project</h3>

             <ul>
               <li><a href="/overview.html">Overview</a></li>
               <li><a href="/components/index.html">Components</a></li>
               <li><a href="/releases/index.html">Releases</a></li>
             </ul>
           </section>

           <section>
             <h3>Messaging APIs</h3>

             <ul>
               <li><a href="/proton/index.html">Qpid Proton</a></li>
               <li><a href="/components/jms/index.html">Qpid JMS</a></li>
               <li><a href="/components/messaging-api/index.html">Qpid Messaging API</a></li>
             </ul>
           </section>

           <section>
             <h3>Servers and tools</h3>

             <ul>
               <li><a href="/components/broker-j/index.html">Broker-J</a></li>
               <li><a href="/components/cpp-broker/index.html">C++ broker</a></li>
               <li><a href="/components/dispatch-router/index.html">Dispatch router</a></li>
             </ul>
           </section>

           <section>
             <h3>Resources</h3>

             <ul>
               <li><a href="/dashboard.html">Dashboard</a></li>
               <li><a href="https://cwiki.apache.org/confluence/display/qpid/Index">Wiki</a></li>
               <li><a href="/resources.html">More resources</a></li>
             </ul>
           </section>
         </div>
       </div>

       <div id="-search" class="panel" style="display: none;">
         <form action="http://www.google.com/search" method="get">
           <input type="hidden" name="sitesearch" value="qpid.apache.org"/>
           <input type="text" name="q" maxlength="255" autofocus="autofocus" tabindex="1"/>
           <button type="submit">Search</button>
           <a href="/search.html">More ways to search</a>
         </form>
       </div>

       <div id="-middle" class="panel">
         <ul id="-path-navigation"><li><a href="/index.html">Home</a></li><li><a href="/releases/index.html">Releases</a></li><li><a href="/releases/qpid-jms-amqp-0-x-6.3.1/index.html">Qpid JMS AMQP 0-x 6.3.1</a></li><li><a href="/releases/qpid-jms-amqp-0-x-6.3.1/jms-amqp-0-8-book/index.html">Apache Qpid JMS AMQP 0-8/0-9/0-9-1</a></li><li>9.2.&#160;Sending an Encrypted Message</li></ul>

         <div id="-middle-content">
           <div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">9.2.&#160;Sending an Encrypted Message</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="JMS-Client-Message-Encryption.html">Prev</a>&#160;</td><th align="center" width="60%">Chapter&#160;9.&#160;Message Encryption</th><td align="right" width="20%">&#160;<a accesskey="n" href="JMS-Client-Message-Encryption-Receiving.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="JMS-Client-Message-Encryption-Sending"></a>9.2.&#160;Sending an Encrypted Message</h2></div></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="JMS-Client-Message-Encryption-Sending-Setting-TrustStore"></a>9.2.1.&#160;Providing the Trust Store</h3></div></div></div><p>
                 In order for a connection to be capable of sending encrypted messages, it must be provided with a trust
                 store which contains the X509 certificates of the entities to which you wish to send. The details of the
                 trust store are supplied in the <a class="link" href="JMS-Client-0-8-Connection-URL.html" title="Chapter&#160;7.&#160;Connection URLs">connection URL</a>.
             </p><p>
                 There are two distinct mechanisms for providing the encryption trust store. Firstly you can supply a
                 standard password-protected trust store file on the file system.  The location and password for this must
                 be specified using the <a class="link" href="JMS-Client-0-8-Connection-URL.html#JMS-Client-0-8-Connection-URL-BrokerOptions-EncryptionTrustStore">
                 encryption_trust_store</a> and
                 <a class="link" href="JMS-Client-0-8-Connection-URL.html#JMS-Client-0-8-Connection-URL-BrokerOptions-EncryptionTrustStorePassword">encryption_trust_store_password
                 </a> options respectively. Such a connection URL might look somthing like:
             </p><pre class="programlisting">amqp://username:password@clientid/test?brokerlist='tcp://localhost:5672?encryption_trust_store='/home/qpid/certificates.jks'&amp;encryption_trust_store_password='password''</pre><p>
                 Alternatively, where available, you can configure the broker to distribute certificates from a trust
                 store (this is currently only available in the Apache Qpid Broker-J). In order to use this method, the broker
                 details in the connection url must contain the correctly configured
                 <a class="link" href="JMS-Client-0-8-Connection-URL.html#JMS-Client-0-8-Connection-URL-BrokerOptions-EncryptionRemoteTrustStore">encryption_remote_trust_store</a>
                 option. Such a connection URL might look somthing like:
             </p><pre class="programlisting">amqp://username:password@clientid/test?brokerlist='tcp://localhost:5672?encryption_remote_trust_store='$certificates%255c/certstore''</pre><p>
                 The <code class="literal">$certificates/</code> prefix is mandatory.
                 However, in order to prevent the client from interpreting this the wrong way several layers of escaping and encoding need to take place.
                 The slash character ('/') needs to be escaped by a backslash ('\') which needs to be doubly URL encoded resulting in <code class="literal">$certificates%255c/</code>.
             </p><p>
                 Note that to use the broker-distributed certificates the broker must be configured to expose the trust store as a message source.
                 See the broker documentation on TrustStores for more details.
             </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="JMS-Client-Message-Encryption-Sending-Enabling-Encryption"></a>9.2.2.&#160;Enabling Encryption</h3></div></div></div><p>
                 Message encryption can be enabled individually on each sent message, or - using configuration - all
                 messages sent to a Destination can be encrypted.
             </p><p>
                 In order to encrypt messages on a case by case basis, the appliation must set the boolean property
                 <code class="literal">x-qpid-encrypt</code> to true on the message before sending. The intended recipients of the
                 message must also be set (see
                 <a class="link" href="JMS-Client-Message-Encryption-Sending.html#JMS-Client-Message-Encryption-Sending-Choosing-Recipients" title="9.2.3.&#160;Choosing Recipients">Choosing Recipients</a>).
             </p><pre class="programlisting">message.setBooleanProperty("x-qpid-encrypt", true);</pre><p>
                 In order to encrypt all messages sent to a given Destination, the option
                 <a class="link" href="JMS-Client-0-8-Binding-URL.html#JMS-Client-0-8-Binding-URL-Options-SendEncrypted">sendencrypted</a> can be used.  Note
                 that enabling encryption on the address can be overridden by explicitly setting the property
                 <code class="literal">x-qpid-encrypt</code> to false on an individual message. An example address would look like:
             </p><pre class="programlisting">direct:///queue/queue?sendencrypted='true'</pre></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="JMS-Client-Message-Encryption-Sending-Choosing-Recipients"></a>9.2.3.&#160;Choosing Recipients</h3></div></div></div><p>
                 Any message which is to be sent encrypted must also have a list of recipients who the sender wishes to
                 be able to decrypt the message. The recipients must be encoded as a semi-colon separated list of the
                 names given in the respective certificates of the recipients, e.g.
                 <code class="literal">cn=first@example.org,ou=example,o=example,l=ny,st=ny,c=us;cn=second@example.org,ou=example,o=example,l=ny,st=ny,c=us</code>.
             </p><p>
                 As with enabling encryption, the recipients can be set either on a per-message basis or for all messages
                 sent to a given address. If both forms are used, the former overrides the latter. To set on an individual
                 message, set the String property <code class="literal">x-qpid-encrypt-recipients</code>.
             </p><pre class="programlisting">message.setStringProperty("x-qpid-encrypt-recipients", "cn=only@example.org,ou=example,o=example");</pre><p>
                 To set the recipients on an address, use the address option
                 <a class="link" href="JMS-Client-0-8-Binding-URL.html#JMS-Client-0-8-Binding-URL-Options-EncryptedRecipients">encryptedrecipients</a>.
             </p><pre class="programlisting">direct:///queue/queue?sendencrypted='true'&amp;encryptedrecipients='cn=another@example.org,ou=example,o=example'</pre></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="JMS-Client-Message-Encryption-Sending-Exposing-Properties"></a>9.2.4.&#160;Exposing Properties</h3></div></div></div><p>
                 Message Encryption encrypts the message content and the properties set by the application.  Sometimes
                 it is important to expose properties to allow (for example) message routing or message selectors within
                 the broker to work. To enable this it is possible to specify for each message all the properties which
                 the application wishes to make available to the broker.  Note that exposing properties in this way means
                 that they are now visibe to anyone who can inspect the broker memory or file system stores.
             </p><p>
                 To make message properties visible to the broker, set the String property
                 <code class="literal">x-qpid-unencrypted-properties</code> with a semi-colon separated list of the names of the
                 properties to be exposed.
             </p><pre class="programlisting">message.setStringProperty("x-qpid-unencrypted-properties", "foo;bar;baz");</pre></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="JMS-Client-Message-Encryption.html">Prev</a>&#160;</td><td align="center" width="20%"><a accesskey="u" href="JMS-Client-Message-Encryption.html">Up</a></td><td align="right" width="40%">&#160;<a accesskey="n" href="JMS-Client-Message-Encryption-Receiving.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">Chapter&#160;9.&#160;Message Encryption&#160;</td><td align="center" width="20%"><a accesskey="h" href="JMS-Client-Book.html">Home</a></td><td align="right" valign="top" width="40%">&#160;9.3.&#160;Receiving an Encrypted Message</td></tr></table></div></div>

           <hr/>

           <ul id="-apache-navigation">
             <li><a href="http://www.apache.org/">Apache</a></li>
             <li><a href="http://www.apache.org/licenses/">License</a></li>
             <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
             <li><a href="http://www.apache.org/foundation/thanks.html">Thanks!</a></li>
             <li><a href="/security.html">Security</a></li>
             <li><a href="http://www.apache.org/"><img id="-apache-feather" width="48" height="14" src="" alt="Apache"/></a></li>
           </ul>

           <p id="-legal">
             Apache Qpid, Messaging built on AMQP; Copyright &#169; 2015
             The Apache Software Foundation; Licensed under
             the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache
             License, Version 2.0</a>; Apache Qpid, Qpid, Qpid Proton,
             Proton, Apache, the Apache feather logo, and the Apache Qpid
             project logo are trademarks of The Apache Software
             Foundation; All other marks mentioned may be trademarks or
             registered trademarks of their respective owners
           </p>
         </div>
       </div>
     </div>
   </body>
 </html>
	<!DOCTYPE html>
	<!--
	-
	- Licensed to the Apache Software Foundation (ASF) under one
	- or more contributor license agreements. See the NOTICE file
	- distributed with this work for additional information
	- regarding copyright ownership. The ASF licenses this file
	- to you under the Apache License, Version 2.0 (the
	- "License"); you may not use this file except in compliance
	- with the License. You may obtain a copy of the License at
	-
	- http://www.apache.org/licenses/LICENSE-2.0
	-
	- Unless required by applicable law or agreed to in writing,
	- software distributed under the License is distributed on an
	- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	- KIND, either express or implied. See the License for the
	- specific language governing permissions and limitations
	- under the License.
	-
	-->
	<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
	<head>
	<title>9.2. Sending an Encrypted Message - Apache Qpid™</title>
	<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
	<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
	<link rel="stylesheet" href="/site.css" type="text/css" async="async"/>
	<link rel="stylesheet" href="/deferred.css" type="text/css" defer="defer"/>
	<script type="text/javascript">var _deferredFunctions = [];</script>
	<script type="text/javascript" src="/deferred.js" defer="defer"></script>
	<!--[if lte IE 8]>
	<link rel="stylesheet" href="/ie.css" type="text/css"/>
	<script type="text/javascript" src="/html5shiv.js"></script>
	<![endif]-->

	<!-- Redirects for `go get` and godoc.org -->
	<meta name="go-import"
	content="qpid.apache.org git https://git-wip-us.apache.org/repos/asf/qpid-proton.git"/>
	<meta name="go-source"
	content="qpid.apache.org
	https://github.com/apache/qpid-proton/blob/go1/README.md
	https://github.com/apache/qpid-proton/tree/go1{/dir}
	https://github.com/apache/qpid-proton/blob/go1{/dir}/{file}#L{line}"/>
	</head>
	<body>
	<div id="-content">
	<div id="-top" class="panel">
	<a id="-menu-link"><img width="16" height="16" src="" alt="Menu"/></a>

	<a id="-search-link"><img width="22" height="16" src="" alt="Search"/></a>

	<ul id="-global-navigation">
	<li><a id="-logotype" href="/index.html">Apache Qpid<sup>™</sup></a></li>
	<li><a href="/documentation.html">Documentation</a></li>
	<li><a href="/download.html">Download</a></li>
	<li><a href="/discussion.html">Discussion</a></li>
	</ul>
	</div>

	<div id="-menu" class="panel" style="display: none;">
	<div class="flex">
	<section>
	<h3>Project</h3>

	<ul>
	<li><a href="/overview.html">Overview</a></li>
	<li><a href="/components/index.html">Components</a></li>
	<li><a href="/releases/index.html">Releases</a></li>
	</ul>
	</section>

	<section>
	<h3>Messaging APIs</h3>

	<ul>
	<li><a href="/proton/index.html">Qpid Proton</a></li>
	<li><a href="/components/jms/index.html">Qpid JMS</a></li>
	<li><a href="/components/messaging-api/index.html">Qpid Messaging API</a></li>
	</ul>
	</section>

	<section>
	<h3>Servers and tools</h3>

	<ul>
	<li><a href="/components/broker-j/index.html">Broker-J</a></li>
	<li><a href="/components/cpp-broker/index.html">C++ broker</a></li>
	<li><a href="/components/dispatch-router/index.html">Dispatch router</a></li>
	</ul>
	</section>

	<section>
	<h3>Resources</h3>

	<ul>
	<li><a href="/dashboard.html">Dashboard</a></li>
	<li><a href="https://cwiki.apache.org/confluence/display/qpid/Index">Wiki</a></li>
	<li><a href="/resources.html">More resources</a></li>
	</ul>
	</section>
	</div>
	</div>

	<div id="-search" class="panel" style="display: none;">
	<form action="http://www.google.com/search" method="get">
	<input type="hidden" name="sitesearch" value="qpid.apache.org"/>
	<input type="text" name="q" maxlength="255" autofocus="autofocus" tabindex="1"/>
	<button type="submit">Search</button>
	<a href="/search.html">More ways to search</a>
	</form>
	</div>

	<div id="-middle" class="panel">
	<ul id="-path-navigation"><li><a href="/index.html">Home</a></li><li><a href="/releases/index.html">Releases</a></li><li><a href="/releases/qpid-jms-amqp-0-x-6.3.1/index.html">Qpid JMS AMQP 0-x 6.3.1</a></li><li><a href="/releases/qpid-jms-amqp-0-x-6.3.1/jms-amqp-0-8-book/index.html">Apache Qpid JMS AMQP 0-8/0-9/0-9-1</a></li><li>9.2. Sending an Encrypted Message</li></ul>

	<div id="-middle-content">
	<div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">9.2. Sending an Encrypted Message</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="JMS-Client-Message-Encryption.html">Prev</a> </td><th align="center" width="60%">Chapter 9. Message Encryption</th><td align="right" width="20%"> <a accesskey="n" href="JMS-Client-Message-Encryption-Receiving.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="JMS-Client-Message-Encryption-Sending"></a>9.2. Sending an Encrypted Message</h2></div></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="JMS-Client-Message-Encryption-Sending-Setting-TrustStore"></a>9.2.1. Providing the Trust Store</h3></div></div></div><p>
	In order for a connection to be capable of sending encrypted messages, it must be provided with a trust
	store which contains the X509 certificates of the entities to which you wish to send. The details of the
	trust store are supplied in the <a class="link" href="JMS-Client-0-8-Connection-URL.html" title="Chapter 7. Connection URLs">connection URL</a>.
	</p><p>
	There are two distinct mechanisms for providing the encryption trust store. Firstly you can supply a
	standard password-protected trust store file on the file system. The location and password for this must
	be specified using the <a class="link" href="JMS-Client-0-8-Connection-URL.html#JMS-Client-0-8-Connection-URL-BrokerOptions-EncryptionTrustStore">
	encryption_trust_store</a> and
	<a class="link" href="JMS-Client-0-8-Connection-URL.html#JMS-Client-0-8-Connection-URL-BrokerOptions-EncryptionTrustStorePassword">encryption_trust_store_password
	</a> options respectively. Such a connection URL might look somthing like:
	</p><pre class="programlisting">amqp://username:password@clientid/test?brokerlist='tcp://localhost:5672?encryption_trust_store='/home/qpid/certificates.jks'&encryption_trust_store_password='password''</pre><p>
	Alternatively, where available, you can configure the broker to distribute certificates from a trust
	store (this is currently only available in the Apache Qpid Broker-J). In order to use this method, the broker
	details in the connection url must contain the correctly configured
	<a class="link" href="JMS-Client-0-8-Connection-URL.html#JMS-Client-0-8-Connection-URL-BrokerOptions-EncryptionRemoteTrustStore">encryption_remote_trust_store</a>
	option. Such a connection URL might look somthing like:
	</p><pre class="programlisting">amqp://username:password@clientid/test?brokerlist='tcp://localhost:5672?encryption_remote_trust_store='$certificates%255c/certstore''</pre><p>
	The <code class="literal">$certificates/</code> prefix is mandatory.
	However, in order to prevent the client from interpreting this the wrong way several layers of escaping and encoding need to take place.
	The slash character ('/') needs to be escaped by a backslash ('\') which needs to be doubly URL encoded resulting in <code class="literal">$certificates%255c/</code>.
	</p><p>
	Note that to use the broker-distributed certificates the broker must be configured to expose the trust store as a message source.
	See the broker documentation on TrustStores for more details.
	</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="JMS-Client-Message-Encryption-Sending-Enabling-Encryption"></a>9.2.2. Enabling Encryption</h3></div></div></div><p>
	Message encryption can be enabled individually on each sent message, or - using configuration - all
	messages sent to a Destination can be encrypted.
	</p><p>
	In order to encrypt messages on a case by case basis, the appliation must set the boolean property
	<code class="literal">x-qpid-encrypt</code> to true on the message before sending. The intended recipients of the
	message must also be set (see
	<a class="link" href="JMS-Client-Message-Encryption-Sending.html#JMS-Client-Message-Encryption-Sending-Choosing-Recipients" title="9.2.3. Choosing Recipients">Choosing Recipients</a>).
	</p><pre class="programlisting">message.setBooleanProperty("x-qpid-encrypt", true);</pre><p>
	In order to encrypt all messages sent to a given Destination, the option
	<a class="link" href="JMS-Client-0-8-Binding-URL.html#JMS-Client-0-8-Binding-URL-Options-SendEncrypted">sendencrypted</a> can be used. Note
	that enabling encryption on the address can be overridden by explicitly setting the property
	<code class="literal">x-qpid-encrypt</code> to false on an individual message. An example address would look like:
	</p><pre class="programlisting">direct:///queue/queue?sendencrypted='true'</pre></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="JMS-Client-Message-Encryption-Sending-Choosing-Recipients"></a>9.2.3. Choosing Recipients</h3></div></div></div><p>
	Any message which is to be sent encrypted must also have a list of recipients who the sender wishes to
	be able to decrypt the message. The recipients must be encoded as a semi-colon separated list of the
	names given in the respective certificates of the recipients, e.g.
	<code class="literal">cn=first@example.org,ou=example,o=example,l=ny,st=ny,c=us;cn=second@example.org,ou=example,o=example,l=ny,st=ny,c=us</code>.
	</p><p>
	As with enabling encryption, the recipients can be set either on a per-message basis or for all messages
	sent to a given address. If both forms are used, the former overrides the latter. To set on an individual
	message, set the String property <code class="literal">x-qpid-encrypt-recipients</code>.
	</p><pre class="programlisting">message.setStringProperty("x-qpid-encrypt-recipients", "cn=only@example.org,ou=example,o=example");</pre><p>
	To set the recipients on an address, use the address option
	<a class="link" href="JMS-Client-0-8-Binding-URL.html#JMS-Client-0-8-Binding-URL-Options-EncryptedRecipients">encryptedrecipients</a>.
	</p><pre class="programlisting">direct:///queue/queue?sendencrypted='true'&encryptedrecipients='cn=another@example.org,ou=example,o=example'</pre></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="JMS-Client-Message-Encryption-Sending-Exposing-Properties"></a>9.2.4. Exposing Properties</h3></div></div></div><p>
	Message Encryption encrypts the message content and the properties set by the application. Sometimes
	it is important to expose properties to allow (for example) message routing or message selectors within
	the broker to work. To enable this it is possible to specify for each message all the properties which
	the application wishes to make available to the broker. Note that exposing properties in this way means
	that they are now visibe to anyone who can inspect the broker memory or file system stores.
	</p><p>
	To make message properties visible to the broker, set the String property
	<code class="literal">x-qpid-unencrypted-properties</code> with a semi-colon separated list of the names of the
	properties to be exposed.
	</p><pre class="programlisting">message.setStringProperty("x-qpid-unencrypted-properties", "foo;bar;baz");</pre></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="JMS-Client-Message-Encryption.html">Prev</a> </td><td align="center" width="20%"><a accesskey="u" href="JMS-Client-Message-Encryption.html">Up</a></td><td align="right" width="40%"> <a accesskey="n" href="JMS-Client-Message-Encryption-Receiving.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">Chapter 9. Message Encryption </td><td align="center" width="20%"><a accesskey="h" href="JMS-Client-Book.html">Home</a></td><td align="right" valign="top" width="40%"> 9.3. Receiving an Encrypted Message</td></tr></table></div></div>

	<hr/>

	<ul id="-apache-navigation">
	<li><a href="http://www.apache.org/">Apache</a></li>
	<li><a href="http://www.apache.org/licenses/">License</a></li>
	<li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
	<li><a href="http://www.apache.org/foundation/thanks.html">Thanks!</a></li>
	<li><a href="/security.html">Security</a></li>
	<li><a href="http://www.apache.org/"><img id="-apache-feather" width="48" height="14" src="" alt="Apache"/></a></li>
	</ul>

	<p id="-legal">
	Apache Qpid, Messaging built on AMQP; Copyright © 2015
	The Apache Software Foundation; Licensed under
	the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache
	License, Version 2.0</a>; Apache Qpid, Qpid, Qpid Proton,
	Proton, Apache, the Apache feather logo, and the Apache Qpid
	project logo are trademarks of The Apache Software
	Foundation; All other marks mentioned may be trademarks or
	registered trademarks of their respective owners
	</p>
	</div>
	</div>
	</div>
	</body>
	</html>