Lotus Domino Administrator 8 Help - Electronic signatures

SECURITY

Electronic signatures
Electronic signatures are closely associated with encryption. An electronic signature verifies that the person who originated the data is the author and that no one has tampered with the data. Users can add an electronic signature to mail messages and to fields and sections of documents. A database designer controls whether or not users can sign fields and sections of a database can be signed; individual users can choose to sign mail messages.

Users can sign mail messages sent to other IBM® Lotus® Notes® users or to users of other mail applications that support the S/MIME protocol -- for example, Microsoft® Outlook Express. Lotus Domino uses the same keys used for encryption -- the Lotus Notes and Internet public and private keys -- for electronic signatures.

You can also set up Lotus Notes to use separate keys for S/MIME signatures and encryption, by adding two Internet certificates to your Lotus Notes ID file and using one certificate for S/MIME encryption and the other for S/MIME signatures and SSL client authentication. Having dual Internet certificates lets you maintain separate public and private key pairs for encryption and electronic signatures and SSL client authentication.

For information on creating signed fields and sections, see the topic "Enabling encryption in a field" if you have installed IBM® Lotus® Domino™ Designer 8 Help. Or go to www.lotus.com/ldd/doc to download or view IBM® Lotus® Domino™ Designer 8 Help.

For information on dual Internet certificates, see the topic Dual Internet certificates for S/MIME encryption and signatures.

How electronic signatures work

Notes signatures

When the sender signs a message with a Lotus Notes signature, all fields of the message are signed.

1. Lotus Notes generates a "hash" of the data -- that is, a number that represents the data -- and then encrypts the hash with the private key of the author of the data, forming a signature. The hash is also sometimes called a message digest, and has some necessary special properties:

It is not possible to guess the original message from looking at the digest.
Even a small change in the message changes the digest in an unpredictable way, and produces a completely different value.

2. Lotus Notes attaches the signature, the signer's public key, and the signer's certificates to the data.

3. When the reader accesses the signed data, Lotus Notes verifies that the signer has a common certificate or common certificate ancestor from a certifier that the reader trusts. If so, Lotus Notes attempts to decrypt the signature using the public key that corresponds to the private key with which the data was signed.

4. If decryption is successful, Lotus Notes indicates who signed the message. If decryption is unsuccessful, Lotus Notes indicates that it cannot verify the signature. Unsuccessful decryption and comparison may indicate that the data has been tampered with.

Note

Certificate trust checking occurs independently of hash decryption and comparison. Decryption and comparison may succeed even if the certificate is not trusted. This might happen, for example, when a user receives mail from a user in another company and that user doesn't have a cross-certificate.

S/MIME signatures

When the sender signs a message with an S/MIME signature, only the body of the message and accompanying attachments are signed.

1. Lotus Notes generates a hash of the data being signed and then encrypts the hash with the private key of the author of the data, forming a signature.

2. Lotus Notes attaches a certificate chain -- that is, all certificates in the hierarchy for the certificate -- and the signature to the data.

3. When the reader accesses the signed data, Lotus Notes or the mail application attempts to decrypt the signature using the public key that corresponds to the private key with which the data was signed. If successful, Lotus Notes or the application verifies that the signer has a common certificate or common certificate ancestor from a certifier that the reader trusts.

Note

Typically, the Lotus Notes user's organizational certifier issues a cross-certificate to the signer's certificate authority (CA). Trust can also be established if the Lotus Notes user issues a cross-certificate directly to the signer's certificate or to the signer's Certificate Authority. Or, the Lotus Notes user's organizational certifier can issue a cross-certificate directly to the signer's certificate.

4. Lotus Notes or the mail application compares the decrypted hash with a hash of the message generated by the reader. A match means that the signature is valid.

5. If the digest comparison is successful, Lotus Notes or the S/MIME mail application indicates who signed the message. If decryption is unsuccessful, the application indicates that it could not verify the signature. Unsuccessful decryption and comparison may indicate that the data has been tampered with.

Note

For more information on cross-certificates, see the topic Using cross-certificates to access servers and send secure S/MIME messages.

Signing sent mail

Lotus Notes client users control whether the mail they send is signed. Users can sign individual mail messages or sign all mail messages that they send.

When sending signed messages to users of S/MIME mail applications, Lotus Notes users must have an additional set of Internet public and private keys.

For information on obtaining Internet public and private keys, see the topic SSL and S/MIME for clients.

For information about signing mail, see the topic "Encrypting and digitally signing email messages" if you have installed Lotus Notes 8 Help. Or go to www.lotus.com/ldd/doc to download or view Lotus Notes 8 Help.

See also

Setting up Notes clients for S/MIME

Dual Internet certificates for S/MIME encryption and signatures

Adding cross-certificates to the Domino Directory or Personal Address Book

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary