Document and email encryption capabilities

HCL Domino 14.0 provides the following person document/email encryption capabilities.

We added support for Notes document/email encryption with 128 and 256-bit AES (instead of RC2) in 8.0.1, but due to backwards compatibility concerns (users on clients older than 8.0.1 wouldn't be able to read those documents), it was blocked behind a setting that could only be enabled through an Admin client wizard. Also, because the Admin client wizard and our documentation called the functionality "FIPS 140-2 support" instead of "AES support" the uptake of this functionality, outside of our more security-conscious customers, has been very low.

In order to improve the update of the legacy AES document and email encryption support, we have addressed the following points:
  • 14.0 no longer requires the presence of that person document setting to use AES encryption for a given recipient, as nobody sending encrypted mail from 14.0 is likely to be sending email to someone on a Notes client older than 8.0.1.
  • The wording used in that Admin client wizard has changed from "FIPS 140-2" to "AES", which should encourage more adminstrators to enable that setting.
  • Newly registered user IDs in 14.0 will have that setting enabled by default, so end users running on an older client will see those recipients as AES capable.
  • The default algorithm used for document encryption (including Notes-formatted email) in 14.0 is 256-bit AES
  • Use of the OpenSSL library's FIPS provider is now being accurately displayed in the Document Encryption and Signing Properties dialog.
You can tell what encryption and signing algorithms were used on a document with the "Document Encryption and Signing" button on the bottom of the Notes client to the right of the status bar:
HCL Notes Document Encryption and Signing button with encryption icon

Document Encryption and Signing Properties dialog box