Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista

The PROPID_M_PRIV_LEVEL property specifies the privacy level of the message.

Property ID


Type Indicator




Property Value

This property can be set to one or more of the following values:


(Not supported for applications compiled with the header and library files for MSMQ 3.0.) Privacy is enforced, and 40-bit end-to-end encryption of the message body is used.


(Introduced in MSMQ 2.0.) Privacy is enforced, and 40-bit end-to-end encryption of the message body is used.


(Introduced in MSMQ 2.0.) Privacy is enforced, and 128-bit end-to-end encryption of the message body is used.


The default. No privacy. The message body is sent as clear text.


To have Message Queuing encrypt a private message, include PROPID_M_PRIV_LEVEL in the MQMSGPROPS structure and call MQSendMessage. If PROPID_M_PRIV_LEVEL is set to MQMSG_PRIV_LEVEL_BODY, MQMSG_PRIV_LEVEL_BODY_BASE, or MQMSG_PRIV_LEVEL_BODY_ENHANCED, Message Queuing encrypts the body of the message using the algorithm specified by PROPID_M_ENCRYPTION_ALG.


MSMQ 2.0 applications can use MQMSG_PRIV_LEVEL_BODY or MQMSG_PRIV_LEVEL_BODY_BASE to request 40-bit encryption, or they can use MQMSG_PRIV_LEVEL_BODY_ENHANCED to request 128-bit encryption. When requesting encryption, MSMQ 3.0 applications can use only MQMSG_PRIV_LEVEL_BODY_BASE (40-bit encryption) or MQMSG_PRIV_LEVEL_BODY_ENHANCED (128-bit encryption).

It is recommended that you use 128-bit encryption, which provides strong encoding. Attackers can decrypt data encoded with 40-bit encryption relatively easily.

To find out if a message was sent encrypted, include PROPID_M_PRIV_LEVEL in the MQMSGPROPS structure. Then call MQReceiveMessage or MQReceiveMessageByLookupId and examine the returned value. When retrieving this property, the type indicator can be set to VT_UI4 or VT_NULL. If you set the type indicator to VT_NULL, Message Queuing automatically changes the type indicator to VT_UI4 during the function call.

Messages can also be encrypted by applications. If your application is encrypting the message body with a 40-bit key, ignore the PROPID_M_PRIV_LEVEL property when sending messages. If your application is using a 128-bit key, set PROPID_M_PRIV_LEVEL to MQMSG_PRIV_LEVEL_BODY_ENHANCED and include it with the message.

The destination queue can also have its own privacy level (PROPID_M_PRIV_LEVEL), indicating that it will only receive private (encrypted) messages. If the target queue forces privacy, non-encrypted messages will be rejected.

Equivalent COM Property

With COM components, the equivalent property for setting and retrieving the privacy level is MSMQMessage.PrivLevel.

For information on See
Letting Message Queuing encrypt messages Message Queuing-Encrypted Messages
Having your application encrypt messages Application-Encrypted Messages

Example Code

The following code fragments show how PROPID_M_PRIV_LEVEL is specified in arrays that can be used to initialize an MQMSGPROPS structure to request encryption of the message body and to ascertain whether the message was encrypted.

To Set the Privacy Level

aMsgPropID[i] = PROPID_M_PRIV_LEVEL;                // Property ID  
aMsgPropVar[i].vt = VT_UI4;                         // Type indicator  
aMsgPropVar[i].ulVal = MQMSG_PRIV_LEVEL_BODY_BASE;  // Value  

To Retrieve the Privacy Level

aMsgPropID[i] = PROPID_M_PRIV_LEVEL;                // Property ID  
aMsgPropVar[i].vt = VT_NULL;                        // Type indicator  

The following example is included in Using Message Queuing.

For an example of See
Sending private messages C/C++ Code Example: Requesting Encryption

See Also

Message Properties