Public key security

Every Notes® user ID and Domino® server ID has a unique public key for the Notes® certificate. The public key is stored in an ID file and in the Person or Server document for that ID in the Domino® Directory. Notes® and Domino® use the public key to authenticate users and servers, verify digital signatures, and encrypt messages and databases. A Notes® user ID can also have a unique public key for an Internet certificate.

Issuing new public keys for a Notes® certificate

If you suspect that an ID has been compromised because it was lost, stolen, or copied without permission, you can create a new public key for the ID. Creating a new public key allows you to maintain other parts of the ID -- for example, the encryption keys -- rather than create an entirely new ID, so that users can still use their old keys to decrypt encrypted email.

Notes® users can create a new public key for the Notes® certificate. The new public key must be certified before it can be used by Notes®.

After certifying a new public key, you should set up servers to verify public keys. Public key verification involves matching the public key stored in the Domino® Directory with the public key on the ID. Verifying public keys prevents an unauthorized user from using the ID with the original public key to access the server.

Note: This is done in addition to the key verification done by validating the certificate presented by the user during authentication.

Adding an existing Notes® public key

When you register a user or server, Domino® automatically adds the Notes® public keys to the corresponding Person or Server document. However, you may need to manually add a user or server ID's public key in these situations:

  • A user wants to send encrypted mail to a Notes® user in another domain. To send Notes® encrypted mail, Domino® must be able to access the recipient's Notes® public key in the Contacts, Domino® Directory, or LDAP directory. If the recipient is in another domain and the Domino® Directory or LDAP directory for that domain is not accessible by directory assistance, then Domino® can't access the recipient's public key for encryption. The sender must obtain the recipient's public key and add it to the Contacts or a Domino® Directory that is set up with directory assistance. An administrator might also want to set up directory assistance for the Domino® Directory or LDAP directory so users can encrypt messages to all users in the directories.
  • A user or server ID's public key in the Domino® Directory becomes corrupted or is accidentally deleted, and the administrator needs to replace it.