Mail encryption

Mail encryption protects messages from unauthorized access. Only the body of a mail message is encrypted; the header information such as text in the To, From, and Subject fields is not.

Notes® users can encrypt mail sent to other Notes® users or to users of mail applications that support S/MIME -- for example, Microsoft Outlook Express®.

Users can use Notes® mail encryption to encrypt mail sent to other Notes® users, encrypt mail received from other Notes® users, or encrypt all documents saved in a mail database. Notes® uses the recipient's public key, which is stored in the sender's Contacts or in the Domino® Directory, to encrypt outgoing and saved mail.

In general, mail sent to users in a foreign domain cannot be encrypted. However, if the recipient of the mail uses Notes® and the sender has access to the recipient's public key, the sender can encrypt the mail message. The recipient's public key can be stored in the Domino® Directory, in an LDAP directory to which the sender has access, or in the sender's Contacts.

Notes® users can also use S/MIME to encrypt mail sent to recipients who use mail applications that support S/MIME. Senders must have the recipient's public key in order to encrypt the message for S/MIME. The recipient's public key is stored in an Internet certificate in either a Domino® Directory or LDAP directory to which the sender has access or in the sender's Contacts. The sender must also have a cross-certificate that indicates to Notes® that the recipient's public key can be trusted.

Encrypting a message -- with either Notes® mail encryption or S/MIME encryption -- does not affect the speed at which the message is routed from sender to recipient. However, encryption does increase the time required to send and to open a message. The extra time is required because the message must be encrypted at the beginning of the transmission and decrypted each time the recipient opens it. The time required to send and open a message is based on the size of the message and the number of bitmaps and other graphics, objects, and attachments in the message. In most cases, the delay is not noticeable.

How outgoing Notes® mail encryption works

  1. The sender sends an outgoing message and selects the Encrypt option.
  2. Notes® generates a random encryption key and encrypts the message with it.
  3. Notes® encrypts the random encryption key with the recipient's public key and appends the new key to the message. The recipient's public key must be stored in either a Domino® Directory or LDAP directory that a user can access or in the sender's Contacts.
  4. If the encrypted message is addressed to multiple recipients, the message is encrypted only once with one random key, and the random key is encrypted using the public key of each recipient.
  5. When the recipient attempts to open the encrypted message, the user's mail application attempts to decrypt the random key, using the recipient's private key. If this is successful, the random key decrypts the message.
  6. If decryption is successful, the recipient can read the message. If decryption is unsuccessful, the user receives a message indicating that the decryption failed and the mail application does not allow the user to access the message.

How outgoing S/MIME mail encryption works

  1. The sender sends an outgoing message and selects to encrypt it. (The exact option to do this depends on the mail application used.)
  2. The sender's mail application ( Notes® or another S/MIME-compliant mail program) generates a random encryption key and encrypts the message with it.
  3. The sender's mail application looks for the recipient's public key. For S/MIME mail sent from Notes®, the recipient's Internet certificate must be stored in the sender's Contacts or a Domino® Directory or LDAP directory to which the sender has access.
    1. If a certificate is found, Notes® looks for a cross-certificate in the sender's Contacts to validate the Internet certificate. If a cross-certificate does not exist, Notes® asks whether the client wants to create a cross-certificate on demand.
    2. If no certificate for the recipient is found or if a cross-certificate is not created for the certificate, the sender receives a warning that encryption is not possible for this recipient. The sender is then given a choice of not sending the message or sending it unencrypted.
  4. The sender's mail application encrypts the random encryption key with the recipient's public key and appends the encrypted key to the message. Notes® uses the recipient's public key, found in the certificate, to encrypt the message.

    Some recipients may have dual Internet certificates -- one certificate used for encryption and the other used for signatures and SSL. If so, Notes® extracts the Internet encryption certificate, and uses it to encrypt the message.

  5. If the encrypted message is addressed to multiple recipients, the message is encrypted only once with one random key, and the random key is encrypted using the public key of each recipient.
  6. When the recipient attempts to open the encrypted message, the user's mail application attempts to decrypt the random key, using the recipient's private key. If this is successful, the random key decrypts the message.
  7. If decryption is successful, the recipient gains access to the message. If decryption is unsuccessful, the user receives a message indicating that the decryption failed, and the mail application does not allow the user to access the message.