History of supported key sizes in Notes and Domino

Understand the RSA key sizes supported by Notes® and Domino® from past releases to the current release.

Matrix of RSA key sizes supported by Notes and Domino

Hierarchical IDs Hierarchical IDs Flat IDs Flat IDs
Version Action Domestic International Domestic International
R8 - R14 accept 8192/4096(*) 512 630 512
R8 - R14 generate 4096/2048(*) 512 0 0
R7 accept 2048 512 630 512
R7 generate 1024 512 0 0
R6 accept 1024 512 630 512
R6, R5 generate 630 512 0 0
R5, V4 accept 760(*) 512 630 512
V4 generate 630 512 630 512
V3 accept 760/630(*) 512 630 512
V3 generate 512 512 512 380
V2.1 accept 0 0 512 512
V2.1 generate 0 0 512 380
V2, V1 accept 0 0 512 380
V2, V1 generate 0 0 512 380

* RSA Keys over 630 bits must be BER-formatted.

  • R8 - R14 can accept 8192 bit certifiers and 4096 bit users and servers.
  • R8 - R14 can generate 4096 bit certifiers and 2048 bit users and servers.
  • V3 could accept 760 bit public keys and 630 bit private keys
  • No version of Notes has ever generated keys between 631 and 760 bits, making that support strictly theoretical.

Key sizes supported by feature

Bulk data key sizes:
  • 128 and 256 bit AES key support was added in 8.0.1
  • 128 bit RC2 key support was added in 6.0.4/6.5.1
  • 64 bit RC2 key support was added in V3
  • 64/40 in international V4 through 5.0.3
  • 32 bit RC2 in international V1, V2, and V3
Document Encryption Key (NEK) sizes:
  • 128 bit AES key support was added in 8.0.1
  • 128 bit RC2 key support was added in 6.0.4/6.5.1
  • 64 bit RC2 key support has existed in all domestic versions of Notes
  • 64/40 RC2 in international V4 and R5 pre-5.0.3
  • 40 bit RC2 in French Notes
  • 32 bit RC2 in international V2 and V3
Ticket (network authentication) sizes:
  • 128 bit AES key support was added in 9.0.1 FP7
  • 128 bit RC2 key support was added in R6
  • Domestic V3, V4, R5 used 64 bit RC2
  • V2 used 64 bit RC2 domestic, 40 bits international
  • 64/40 in international Notes pre-5.0.3
Session key (network encryption) sizes:
  • Forward Secrecy for session keys via X25519 was added in 12.0
  • Forward Secrecy for session keys via DHE-2048 was added in 9.0.1 FP7
  • 128 and 256 bit AES key support was added in 9.0.1 FP7
  • 128 bit RC4 key support was added in R6
  • 64 bit RC4 in domestic V4 and R5
  • 64/40 RC4 in international V4 and R5 pre-5.0.3
  • French versions of V4 and R5 pretended to be V3 to use 40 bit RC2
  • V3 used 64 bit RC2 domestic, 40 bit RC2 international
  • V1 and V2 used 64 bit RC2 domestic, 26 bit RC2 international
Password-derived keys (ID file encryption keys):
  • Support for 128 bit AES and 256 bit AES with iterated HMAC-SHA256 and iterated HMAC-SHA512 was added and enabled in 9.0.
  • Support for 128 bit AES and 256 bit AES with iterated HMAC-SHA1 was added and enabled in 8.0.1.
  • Security policy settings were added to control or restrict ID file encryption strengths in 8.0.1.
  • Support for 128 bit RC2 was added in R6, and enabled in R7.
  • 64 bit RC2 has been supported since day one for all versions of Notes.

Local database encryption:

This feature was added in V4.1. Five variations of local database encryption exist:
  • 256 bit AES encryption was added in 12.0.2
  • 128 bit AES encryption was added in 11.0.1
  • Medium and strong:
    • 128 bits in R6
    • 64 bit bulk key in domestic Notes from 4.1 to R6
    • 64/40 bulk key in international Notes from 4.1 to 5.03
    • 40 bit bulk key in French Notes from 4.1 to 5.03
  • Weak "encryption": RC4-based substitution
Weak and medium database encryption have been deprecated and are not available for use with new databases. The default database encryption strength was upgraded to 128 bit AES starting in 12.0.2.
S/MIME
  • SHA-256, SHA-384, and SHA-512 signature support added in 9.0
  • AES-128, AES-192, and AES-256 encryption support added in 9.0
  • 3DES
  • 128 bit RC2
  • 64 bit RC2
  • 40 bit RC2
  • DES
TLS

Support for SSLv3 has been removed. Only TLS 1.2 is enabled out of the box.
Forward Secrecy using NIST P-256, NIST P-384, and NIST P-521 was added in 9.0.1 FP4 IF2. Forward Secrecy using X25519 and X448 was added in 12.0.

  • ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (added in 12.0)
  • ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (added in 12.0)
  • ECDHE_RSA_WITH_AES_256_GCM_SHA384 (added in 9.0.1 FP4 IF2)
  • ECDHE_RSA_WITH_AES_128_GCM_SHA256 (added in 9.0.1 FP4 IF2)
  • ECDHE_RSA_WITH_AES_256_CBC_SHA384 (added in 9.0.1 FP4 IF2)
  • ECDHE_RSA_WITH_AES_256_CBC_SHA (added in 9.0.1 FP4 IF2)
  • ECDHE_RSA_WITH_AES_128_CBC_SHA256 (added in 9.0.1 FP4 IF2)
  • ECDHE_RSA_WITH_AES_128_CBC_SHA (added in 9.0.1 FP4 IF2)
  • DHE_RSA_WITH_AES_256_GCM_SHA384 (added in 9.0.1 FP3 IF2)
  • DHE_RSA_WITH_AES_128_GCM_SHA256 (added in 9.0.1 FP3 IF2)
  • DHE_RSA_WITH_AES_256_CBC_SHA256 (added in 9.0.1 FP3 IF2)
  • DHE_RSA_WITH_AES_256_CBC_SHA (added in 9.0.1 FP3 IF2)
  • DHE_RSA_WITH_AES_128_CBC_SHA256 (added in 9.0.1 FP3 IF2)
  • DHE_RSA_WITH_AES_128_CBC_SHA (added in 9.0.1 FP3 IF2)
  • RSA_WITH_AES_256_GCM_SHA384 (added in 9.0.1 FP3 IF2)
  • RSA_WITH_AES_128_GCM_SHA256 (added in 9.0.1 FP3 IF2)
  • RSA_WITH_AES_256_CBC_SHA256 (added in 9.0.1 FP3 IF2)
  • RSA_WITH_AES_128_CBC_SHA256 (added in 9.0.1 FP3 IF2)
  • RSA_WITH_AES_128_CBC_SHA (added in 8.0)
  • RSA_WITH_AES_256_CBC_SHA (added in 8.0)
  • RSA_WITH_RC4_128_MD5
  • RSA_WITH_RC4_128_SHA
  • RSA_WITH_3DES_EDE_CBC_SHA
  • RSA_WITH_DES_CBC_SHA
  • RSA_EXPORT1024_WITH_DES_CBC_SHA
  • RSA_EXPORT_WITH_RC4_40_MD5
Credentials for TLS
  • TLS credentials using NIST P-256, NIST P-384, and NIST P-521 can be used on any Domino 12.0 or above server.
  • Keyring files using SHA-256, SHA-384, and SHA-512 can be created using certreq and the CA process on 9.0 IF6 and 9.0.1 FP2 IF1 or above.
  • Keyring files using SHA-256, SHA-384, and SHA-512 can be created using OpenSSL, a third party CA, and kyrtool.
  • Keyring files using SHA-256, SHA-384, and SHA-512 can be used on any Domino 9.0 or above server.

Transport Layer Security (TLS) v1.2 via IBM HTTP Server

This feature was added in 9.0 and was never subject to export restrictions. Requires selecting "IBM HTTP Server" install-time option Supports ciphers that use AES and SHA-2.

The "IBM HTTP Server" install option was removed in Domino 10.0.

ID file recovery

This feature was added in R5 and was never subject to export restrictions. ID file recovery uses 1024 bit RSA asymmetric keys.
  • R5 generated and supported 64 bit RC2 bulk encryption.
  • R6 supported 64 and 128 bit RC2 bulk encryption, and would use 128 bit RC2 if the ID file could only be used with R6+ for other reasons.

Notes ID vault

This feature was added in 8.5 and was never subject to export restrictions.
  • 2048 bit RSA vault ID file
  • 2048 bit RSA vault operations (VO) key
  • 256 bit AES transport encryption keys
  • 256 bit AES storage encryption keys

Security Assertion Markup Language (SAML) service provider

This feature was added in 9.0 and was never subject to export restrictions.

Exclusive canonicalization (xml-exc-c14n) should be used; #WithComments or inclusive canonicalization (REC-xml-c14n) may not parse successfully.

Open ID Connect 1.0 (OIDC)

This feature was added in 12.0.2 and was never subject to export restrictions.

  • Supported key types (kty): RSA, EC, and OKP
  • Supported signing algorithms (alg): ES256, ES384, ES512, RS256, RS384, RS512, EdDSA
  • Supported elliptic curves (crv): P-256 (with ES256), P-384 (with ES384), P-521 (with ES512), Ed25519 (with EdDSA), and Ed448 (with EdDSA)
  • RSA keys must be at least 2048 bits long

Internet password stored in the directory

For users configured to use the more secure Internet password format that was introduced in 8.0.1:

  • In Domino 8.0.1, new or changed passwords are hashed using PKCS #5's PBKDF2 algorithm with HMAC-SHA1 and 5,000 HMAC iterations. This algorithm always includes a salt.

  • In Domino 14.0, new or changed passwords are hashed using PKCS #5's PBKDF2 algorithm with HMAC-SHA256 and 30,000 HMAC iterations. This algorithm always includes a salt.