Encrypting documents using secret keys

Using a secret encryption key that is stored in your User ID, you can encrypt a document that you are posting in a public database, provided the document contains fields that are encryptable.

About this task

When you create or edit a document that has been enabled for encryption, the secret encryption key(s) used to encrypt the document may be specified in the form definition or you may choose the secret encryption key you want to use to encrypt the data. Only the people with the same secret encryption key can decrypt the data that you encrypted. If someone who does not have the secret encryption key opens the document, the encrypted data is not visible.

You can recognize an encryptable field by its red brackets. Only the contents within those red brackets can be encrypted. All other data is open for viewing by anyone who accesses the document.

Note: Mail documents can be encrypted, but not with this mechanism. If mail documents are encrypted, it is always with the public keys of the recipients.

To encrypt a document field, you need to:

Procedure

  1. Create a secret encryption key.
  2. Attach the secret encryption key to your document.
  3. Mail your secret encryption key to people who need to read the encrypted fields.

Results

Note: If you are not an IBM® Notes® mail user, you need to export your secret encryption key so the person who needs it can import it into his or her User ID.

To create a secret encryption key

Procedure

  1. Click File > Security > User Security (Macintosh OS X users: Notes > Security > User Security).
  2. Click Notes Data > Documents.
  3. Click the "New Secret Key" button.
  4. Enter a name for the secret encryption key in the "Secret key name" field in the "New Secret Encryption Key" dialog box.
  5. Optional: Enter a note about the secret encryption key and what it is being used for in the Comment field in the "New Secret Encryption Key" dialog box.
  6. Click OK.

Results

Note: For information about encryption, see Encryption strength, if you have installed IBM® Domino® Administrator Help. Or, go to Documentation on the Web to download or view the Domino® Administrator Help.

To specify a secret encryption key for a document

Procedure

  1. Open the document you are encrypting.
  2. Click File > Document Properties.
  3. Click the Security tab.
  4. Click one or more secret encryption keys that you created. If you want the document to be readable by people who do not have the secret encryption key, list those people in the "Public Encryption key" field under "Encryption Keys."
  5. Save the document.

To mail a secret encryption key

Procedure

  1. Click File > Security > User Security (Macintosh OS X users: Notes > Security > User Security).
  2. Click Notes Data > Documents.
  3. Select the secret encryption key to send under "Secret Key Name."
  4. Click "Mail Secret Key."
  5. Enter the names of the people you want to send the secret key to in the To field. (Click Address to choose from your Contacts.)
  6. In the CC: field, enter the names of the people who need to know you sent a key, but aren't getting one themselves.
  7. Click Send.
  8. If you would like your secret encryption key to be mailable by the recipient of the key, so the recipient can continue passing the key on to others, select "Allow all recipients to forward the key to others by mail or export" when prompted. Clicking Cancel cancels the sending of the key.