A detailed look at document encryption and decryption process for XPages in Domino®

Domino® lets documents be encrypted on the web using XPages. Let's look at the details of how this can be done

Domino® is the default data store for XPages so there are built-in data sources which enable an XPage to create, read, update and delete (C-R-U-D) Domino® documents in a highly automated and integrated manner - these are commonly known as CRUD operations.

To work with documents in XPages, the XPage or Custom Control must have one or more Document Data Source instances defined. For more information on the process of creating a Document Data Source for XPages, refer to the Defining data sources topic in the Binding and submitting data section of this guide.

Encrypting your document data

To encrypt document data you need to work with a form with one or more encryptable fields defined. Such forms may already exist in your application or you can enable encryption for a field of any data type in a form using this process:

  1. Open the form in Domino® Designer.
  2. Create a field or click an existing field. Then choose Design > Field Properties.
  3. Click the Advanced tab.
  4. Select "Security options: Enable encryption for this field."
Note: Encryptable fields are highlighted with a red border in the Domino® Designer Form editor.

Back in your XPage, once you have created a Domino® Document data source that includes an encrypted field, you then need to allows the end-user to select whatever secret keys are needed to encrypt a document. This can be done either programmatically via Server Side JavaScript (SSJS) in the XPages business logic or by using the Secret Key Picker control via the user interface. This picker control is designed to present the secret keys contained in a user’s ID file as a list in the UI and lets a user enable one or more keys to be selected for the encryption process.

Using the Secret Key Picker control

The Secret Key Picker control is located in the Extension Library drawer of the XPages control palette. Dragging and dropping this control on to an XPage causes a helper dialog to be displayed in order to assist you in setting up the encryption process.

You are prompted to provide the following information:

  • Data source - Specifies the Domino® document data source to use. Among other things the data source identifies the form that is being used to create the document. This form should have at least one encryptable field.
    Note: It is important to have created the data source on the XPage before creating the Secret Picker control
  • Form compute option - The document data source must have the computeWithForm option turned on in order to identify the encryptable fields on the form. If computeWithForm is not enabled then you may encounter an error when attempting to encrypt a document, namely “Document does not specify any fields to be encrypted".
  • Add label - This option by default displays a label of “Encrypt Document" alongside the Secret Key Picker control in the browser at runtime. You may change the text or choose not to display any label.
  • Display encryption keys - By default the secret keys selected by the user will be displayed on the page. If this is not selected, the selected keys will be hidden in the user interface.
  • Add messages control - By default a messages control will be added to the XPage to catch and report any error messages that may arise as a result of the encryption process.
  • Format for Bootstrap - If selected, the generated markup will include extra tags to help format the control layout in a way that is friendly to the Bootstrap library. Bootstrap is a popular framework that builds responsive user interfaces capable of adapting to different rendering devices (for example, desktop browser, tablet, smart phone, etc.)