APPLICATION MANAGEMENT


Encrypting documents and fields
A document is considered to be encrypted if it is created from a form that contains one or more encrypted fields. Each encrypted field is linked to a key that encrypts the contents of the field. An encryption key can be secret -- that is, a key that you must send to users in order for them to decrypt a field -- or public -- that is, a key that is already in a user's ID file and in the user's Person document where it is publicly available.

Public key and secret key encryption

IBM® Lotus® Notes® uses public key encryption for electronic mail, and IBM® Lotus® Domino(TM) Designer also lets you use public key encryption for encrypting fields in documents. Every user has a unique public key associated with their user name and stored in their user ID. Applications reference the keys by the users’ names in a special field called PublicEncryptionKeys. When a document is saved, all the user names in this field are located in the IBM® Lotus® Domino(TM) Directory or the user’s personal address book, the corresponding keys are retrieved, and all fields marked with a special property are encrypted with those keys.

Domino Designer also supports secret key encryption that you can use for encrypting fields in documents. You can create and name secret keys and then distribute the secret keys to users so that they can decrypt the protected data. Secret keys, like public keys, are stored in a user's ID. Applications reference the keys by their names in a special field called SecretEncryptionKeys. When a document is saved, the keys named in this field are retrieved from the user’s ID file, and all fields marked with a special property are encrypted with those keys.

Caution Both public and secret keys are stored in your user ID file. Remember to securely back up your ID file each time you add a key.

Note Web users cannot see encrypted fields with a browser. To see the data, Web users must reopen a document with a Notes Client or ask the sender for a copy that is not encrypted.

Document encryption

If you are planning to use secret encryption keys rather than encrypting with a public key, create the secret key before you encrypt a document.

You can encrypt documents with keys in several ways:


Field encryption

A database designer can encrypt fields with secret encryption keys. To decrypt these fields, users must merge the secret encryption keys into their ID files. If the user does not have the required encryption key, the encrypted fields appear blank.

See Also