Distributing secret encryption keys

About this task

You have two options for distributing secret encryption keys: you can electronically mail them to users, or you can save the key to a file and give the users the file. The easier distribution method is mail. The Notes® client automatically uses public key encryption to protect your secret key when it is mailed, and it gives the recipient the ability to add the key to his ID file with a single click. Exporting the key creates a KEY file, which you can put on a disk and hand to coworkers, who then have to use the Import Key button in the User ID dialog box on their own computer to add the key to his user ID.

Consider exporting secret keys to files if you are distributing keys to application users who do not use Notes® mail, because only Notes® mail users can receive and merge a key via e-mail. Second, if you don't have complete confidence that the recipient's ID file and password are secure, then you shouldn't trust that the mail system is secure enough for something as potentially sensitive as a secret key.

To mail a secret encryption key

About this task

When you mail an encryption key, the mail message is, by default, signed and encrypted.

Procedure

  1. Create one or more secret keys and be sure to merge the encryption key with your user ID before distributing it.
  2. From your Bookmark page, select File - Security - User Security.
  3. Enter your Notes® password.
  4. Click Notes® Data - Documents.
  5. Select the secret encryption key to send under "Secret Key Name."
  6. Click "Mail Secret Key."
  7. Enter the names of the people you want to send the secret key to in the To field (click Address to choose from your Personal Address Book).
  8. In the CC field, enter the names of the people who need to know you sent a key, but aren't getting one themselves.
  9. Click Send.
  10. Optional: Check "Allow all recipients to forward the key to others by mail or export" if you want users to have that capability.
  11. Click OK.

To export an encryption key to a file

About this task

To export an encryption key to a file that you can distribute on disk:

Procedure

  1. Create one or more secret keys and be sure to merge the encryption key with your user ID before distributing it.
  2. From your Bookmark page, select File - Security - User Security.
  3. Enter your Notes® password.
  4. Click Notes® Data - Documents.
  5. Select the key to export and click Other Actions - Export Secret Key.
  6. Optional: Do the following to restrict who can use the encryption key:
    1. Click "Restrict Use" to allow only one person to use this file.
    2. Type the hierarchical name of the user.
    3. Select "Allow that person to export the key or forward it to others" to let the recipient export the key or mail the key to other users, and then click OK
  7. In the Password box, do one of the following:
    • Type a password to protect the file. In the confirmation box, retype the password and click OK.
    • Click "No Password."
  8. Type a file name, select a directory in which to store the file, click OK or Save, and then click Done.