MQ Message Encryption Overview
The MQ Message Encryption v3.3.0 (MQME) is a solution that provides encryption for MQ message data while it resides in a queue and in the MQ logs (i.e. all data at rest). In cryptography, encryption is the process of transforming information into an unreadable form (encrypted data). Decryption is the reverse process. It makes the encrypted information readable again. Only those with the key (PassPhrase) can successfully decrypt the encrypted data. MQME uses Advanced Encryption Standard (AES) to encrypt the data. AES is a data encryption scheme, adopted by the US government, that uses three different key sizes (128-bit, 192-bit, and 256-bit).
One of the features that MQME offers is the ability to control who accesses protected queues. This control is obtained through the use of UserID grouping. MQME can query the local OS group or a group file. Group files are implemented in a similar manner to the way they are implemented in Unix and Linux (i.e. /etc/group file). Normally, the 'mqm', 'QMQM' or 'MUSR_MQADMIN' MQ UserIDs or any UserID in the 'mqm' group get full access to all messages in all queues. For queues protected by MQME, those privileged UserIds do not get access to the messages in the protected queues unless they are explicitly added to the authorized list of users or groups.
Another feature of MQME is its ability to generate and validate the message via a digital signature. MQME uses the SHA-2 to create a cryptographic hash function (digital signature) for the message data. The digital signature provides verification that the message data has not been altered.
MQME is an MQ API Exit that operates with IBM MQ v7.0, v7.1, v7.5, v8.0 and v9.0 in Windows, Unix, IBM i (OS/400) and Linux platforms.
- MQME is available in 3 forms:
- Windows DLL
- Shared library for AIX, HP-UX, Linux and Solaris
- IBM i (OS/400) exit module
- MQME major features are:
- All message data written to a selected queue will be encrypted (nothing missed or forgotten)
- Secure encryption/decryption methodology using AES with 128, 192 or 256-bit keys
- Easy to set up and configure (unlike SSL)
- No application changes required
- Group authority checking against the local OS groups or a group file
- Standard MQ feature, GET-with-Convert, is supported
- Provides high-level logging capability for encryption / decryption processing
- The server-side API Exits are provided in the format of a native DLL / shared library and are currently available for AIX, HP-UX, iSeries (OS/400), Linux, Solaris and Windows. The pricing of Capitalware's MQ Message Encryption solution is on a 'per queue manager' basis.
|Operating System||MQ v7.0, v7.1, v7.5, v8.0, & v9.0|
|AIX v6.1, v7.1 or higher||64-bit|
|HP-UX IA64 v11.23 or higher||64-bit|
|IBM i v6.1, v7.1 or higher||64-bit|
|Linux on POWER||64-bit|
|Linux on System z (zSeries)||64-bit|
|Solaris SPARC v8, v9, v10 & v11||64-bit|
|Solaris x86_64 v10 & v11||64-bit|
|Windows 2003, 2008, 2012, Vista, 7, 8, 8.1 & 10||32-bit & 64-bit|
|Product||Price (USD) *||Ordering|
|MQ Message Encryption (per license**)||$299.00|
|Yearly maintenance and support fee||15%|
* Volume discounts available for as low as $199.00 USD per license plus 15% yearly maintenance and support fee.
** MQ Message Encryption is licensed on a per queue manager basis.
- Each licensed user will receive:
- Full version of MQ Message Encryption
- Free updates / upgrades to any version 3.x release.
- Email/ Help Desk support
|Enterprise License for MQ Message Encryption:|
|Enterprise License for MQ Message Encryption sells for $55,000 USD plus 15% yearly maintenance and support fee. An enterprise license will allow a company to have unlimited number of queue managers use MQ Message Encryption at an unlimited number of locations.|