Lotus Domino Administrator 8 Help

SECURITY

Mail encryption
Mail encryption protects messages from unauthorized access. Only the body of a mail message is encrypted; the header information -- for example, the To, From, and Subject fields -- is not.

IBM® Lotus® Notes® users can encrypt mail sent to other Lotus Notes users or to users of mail applications that support S/MIME -- for example, Microsoft Outlook Express.

Users can use Lotus Notes mail encryption to encrypt mail sent to other Lotus Notes users, encrypt mail received from other Lotus Notes users, or encrypt all documents saved in a mail database. Lotus Notes uses the recipient's public key, which is stored in the sender's Contacts or in the IBM® Lotus® Domino™ Directory, to encrypt outgoing and saved mail.

In general, mail sent to users in a foreign domain cannot be encrypted. However, if the recipient of the mail uses Lotus Notes and the sender has access to the recipient's public key, the sender can encrypt the mail message. The recipient's public key can be stored in the Lotus Domino Directory, in an LDAP directory to which the sender has access, or in the sender's Contacts.

Lotus Notes users can also use S/MIME to encrypt mail sent to recipients who use mail applications that support S/MIME. Senders must have the recipient's public key in order to encrypt the message for S/MIME. The recipient's public key is stored in an Internet certificate in either a Lotus Domino Directory or LDAP directory to which the sender has access or in the sender's Contacts. The sender must also have a cross-certificate that indicates to Lotus Notes that the recipient's public key can be trusted.

For information on setting up a Lotus Notes client for S/MIME encryption, see the topic Adding a recipient's Internet certificate and cross-certificate for encrypted S/MIME messages.

Encrypting a message -- with either Lotus Notes mail encryption or S/MIME encryption -- does not affect the speed at which the message is routed from sender to recipient. However, encryption does increase the time required to send and to open a message. The extra time is required because the message must be encrypted at the beginning of the transmission and decrypted each time the recipient opens it. The time required to send and open a message is based on the size of the message and the number of bitmaps and other graphics, objects, and attachments in the message. In most cases, the delay is not noticeable.

How outgoing Notes mail encryption works

1. The sender sends an outgoing message and selects the Encrypt option.

2. Lotus Notes generates a random encryption key and encrypts the message with it.

3. Lotus Notes encrypts the random encryption key with the recipient's public key and appends the new key to the message. The recipient's public key must be stored in either a Lotus Domino Directory or LDAP directory that a user can access or in the sender's Contacts.

4. If the encrypted message is addressed to multiple recipients, the message is encrypted only once with one random key, and the random key is encrypted using the public key of each recipient.

5. When the recipient attempts to open the encrypted message, the user's mail application attempts to decrypt the random key, using the recipient's private key. If this is successful, the random key decrypts the message.

6. If decryption is successful, the recipient can read the message. If decryption is unsuccessful, the user receives a message indicating that the decryption failed and the mail application does not allow the user to access the message.

How outgoing S/MIME mail encryption works

1. The sender sends an outgoing message and selects to encrypt it. (The exact option to do this depends on the mail application used.)

2. The sender's mail application (IBM® Lotus® Notes® or another S/MIME-compliant mail program) generates a random encryption key and encrypts the message with it.

3. The sender's mail application looks for the recipient's public key. For S/MIME mail sent from Lotus Notes, the recipient's Internet certificate must be stored in the sender's Contacts or a Lotus Domino Directory or LDAP directory to which the sender has access.

If a certificate is found, Lotus Notes looks for a cross-certificate in the sender's Contacts to validate the Internet certificate. If a cross-certificate does not exist, Lotus Notes asks whether the client wants to create a cross-certificate on demand.
If no certificate for the recipient is found or if a cross-certificate is not created for the certificate, the sender receives a warning that encryption is not possible for this recipient. The sender is then given a choice of not sending the message or sending it unencrypted.

4. The sender's mail application encrypts the random encryption key with the recipient's public key and appends the encrypted key to the message. Lotus Notes uses the recipient's public key, found in the certificate, to encrypt the message.

Some recipients may have dual Internet certificates -- one certificate used for encryption and the other used for signatures and SSL. If so, Lotus Notes extracts the Internet encryption certificate, and uses it to encrypt the message.

5. If the encrypted message is addressed to multiple recipients, the message is encrypted only once with one random key, and the random key is encrypted using the public key of each recipient.

6. When the recipient attempts to open the encrypted message, the user's mail application attempts to decrypt the random key, using the recipient's private key. If this is successful, the random key decrypts the message.

7. If decryption is successful, the recipient gains access to the message. If decryption is unsuccessful, the user receives a message indicating that the decryption failed, and the mail application does not allow the user to access the message.

See also

Encrypting mail

Encryption

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary