Public key and secret key encryption

IBM® Lotus® Notes® uses public key encryption for electronic mail, and IBM® Lotus® Domino(TM) Designer also lets you use public key encryption for encrypting fields in documents. Every user has a unique public key associated with their user name and stored in their user ID. Applications reference the keys by the users’ names in a special field called PublicEncryptionKeys. When a document is saved, all the user names in this field are located in the IBM® Lotus® Domino(TM) Directory or the user’s personal address book, the corresponding keys are retrieved, and all fields marked with a special property are encrypted with those keys.

Domino Designer also supports secret key encryption that you can use for encrypting fields in documents. You can create and name secret keys and then distribute the secret keys to users so that they can decrypt the protected data. Secret keys, like public keys, are stored in a user's ID. Applications reference the keys by their names in a special field called SecretEncryptionKeys. When a document is saved, the keys named in this field are retrieved from the user’s ID file, and all fields marked with a special property are encrypted with those keys.

Caution Both public and secret keys are stored in your user ID file. Remember to securely back up your ID file each time you add a key.

Note Web users cannot see encrypted fields with a browser. To see the data, Web users must reopen a document with a Notes Client or ask the sender for a copy that is not encrypted.

Document encryption

If you are planning to use secret encryption keys rather than encrypting with a public key, create the secret key before you encrypt a document.

You can encrypt documents with keys in several ways:

• Using public keys. You can encrypt documents with public keys on IDs so that only users with those IDs can read the documents. To do this, you enter one or more names in the Public Encryption keys field on the Security tab in the Document Properties box.
• Using a form property. Database designers can use a form property to add one or more keys to a form. Every document created with the form will be encrypted using the encryption keys.
• Using the Database/Document Properties box. Users can use the Database/Document Properties box to encrypt one or more documents with their own encryption keys stored in their ID files. To use the properties box to encrypt documents, the form must contain a field that can be encrypted.
• Using the SecretEncryptionKeys field. The SecretEncryptionKeys field can contain either the name of a key, which is automatically used to encrypt documents, or the field can be blank, allowing users to assign the encryption key. To encrypt a field with a secret key using either method, users must have it stored in their ID file.

  You can set up forms with text or keyword fields that allow the user to choose whether to encrypt a document. Designers can also hide the SecretEncryptionKeys field so that users cannot see the names of the encryption keys.

A database designer can encrypt fields with secret encryption keys. To decrypt these fields, users must merge the secret encryption keys into their ID files. If the user does not have the required encryption key, the encrypted fields appear blank.

See Also

Notes and Domino encryption
Procedural overview: encrypting documents
Enabling encryption for a field
Creating secret encryption keys
Distributing secret encryption keys

Glossary