Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista

(Introduced in MSMQ 2.0.) The DestinationSymmetricKey property of the MSMQMessage object specifies the symmetric key used to encrypt the message.

Data type: Variant (array of bytes)
Run-time access: Read/write
Property DestinationSymmetricKey As Variant  

Property Value

A Variant (array of bytes) containing an encrypted version of the symmetric key used to encrypt the message.


DestinationSymmetricKey is required when you send application-encrypted messages, or when you send encrypted messages to a foreign queue. In both cases, this property contains an encrypted version of the symmetric key that the sending application used to encrypt the body of the message.

When sending an application-encrypted message, the sending application must encrypt the symmetric key that it used to encrypt the message body using the public key of the destination queue manager. The destination queue manager uses the decrypted symmetric key to decrypt the message before placing it in its destination queue.

Typically this property is used by connector applications to process encrypted message sent to foreign queues. However, it is also needed by any receiving application that must decrypt an application-encrypted message.

When this property is set, the sending application must also set MSMQMessage.ConnectorTypeGuid so that Message Queuing knows that the property was set by the sending application. DestinationSymmetricKey is ignored if both properties are not set when the message is sent.

Connector applications

Messages sent to a foreign queue are processed by the appropriate connector application and then passed on to the foreign queue. When the connector application receives an application-encrypted message, it can decrypt the message body itself or send the encrypted message body and the symmetric key on to the foreign queue. If the connector application does not decrypt the message, it is the responsibility of the receiving application to decrypt the symmetric key and the body of the message. For more information on sending messages to foreign queues, see Connector Services.

When you send application-encrypted messages, the receiving application must decrypt the symmetric key using the private key of the destination queue manager and then use the symmetric key to decrypt the message body.

When dimensioning arrays for the symmetric key, always set the lower boundary of the array to 0. When filling in the correlation identifier, Message Queuing sets the lower boundary of the returned byte-array to 0 regardless of what boundary was set by the application.

The following Visual Basic® call will always return 0.


In C++ COM applications, you must use a smart pointer to the IMSMQMessage2 or IMSMQMessage3 interface to expose the DestinationSymmetricKey property.

Equivalent API Function Property

With API function calls, the equivalent property is PROPID_M_DEST_SYMM_KEY.


Windows NT/2000/XP: Included in Windows 2000 and later.

Windows 95/98/Me: Unsupported.

Header: Declared in Mqoai.h.

Library: Use Mqoa.lib

See Also