Restricting access to local databases

When you enable encryption for a local database, HCL Notes® encrypts the database using your public key from your User ID. You are the only one who can then decrypt the database because you have the corresponding private key in your User ID. Nobody else's User ID can open the database.

About this task

There are three levels of encryption available: 128-bit AES, 256-bit AES, and Strong. Use AES encryption when security or compliance are primary concerns. AES-128 is more secure than Strong encryption but requires Notes version 11.0.1 or later. AES-256 is more secure than AES-128 encryption but requires Notes version 12.0.2 or later.
Note: AES-128 is the default instead of "Strong" starting in 12.0.2.
Note: Disk compression utilities do not affect databases that use database encryption.

To specify default local database encryption settings

About this task

Perform the following steps to specify the default encryption setting for new local databases. You can change the setting for a specific database.

Procedure

  1. Click File > Security > User Security (Macintosh OS X users: Notes > Security > User Security).
  2. Click Notes Data > Databases.
  3. Select one of the following options:
    • To turn off encryption for new local databases, select Do not locally encrypt this database.
    • To enable encryption for new local databases, select an encryption level.

To encrypt existing local databases

About this task

Procedure

  1. Open the local database.
  2. Click File > Application > Properties> Encryption Settings.
  3. Select Locally encrypt this database using and select an encryption level.
  4. Optional: By default, your User ID is listed as the only User ID that can open the database when encrypted. If you would rather give a different person access to the database, click "For," then choose an address book and person from the "Select name" dialog box.
    CAUTION: If you choose a different user to have access to the database, you will lose your access to the database.

Results

Note: You may need to compact the database in order to change the encryption settings.

To change the local database encryption level

Procedure

  1. Open the local database.
  2. Click File > Application > Properties> Encryption Settings.
  3. Select Do not locally encrypt this database.
  4. On the second tab of the Database Properties dialog, click Compact:

  5. Exit the Database Properties dialog.
  6. Re-open File > Application > Properties> Encryption Settings.

  7. Select Locally encrypt this database using and select a different encryption level.