Key rollover

Key rollover is the process used to update the set of Notes® public and private keys that is stored in your ID file. This set of keys may need to be replaced - for instance, to increase security by updating to larger keys, or to recover if your private key has been compromised in some way.

About this task

Automatic key rollover is set up by your administrator. You will know when key rollover has occurred because you will be prompted to accept the new keys in your ID. The new keys will be activated in your ID file. The old keys are archived so that they are available to decrypt documents encrypted with the old keys.

To accept new keys

Once the key rollover process has been initiated on your behalf, the next time you authenticate with the server you are prompted with the Accept New ID Information dialog box. Click OK to accept the new public keys. The new keys will be activated in your ID file the next time you authenticate after this.

Note: If you have installed copies of your ID on multiple machines, be sure to update each machine with a new copy of the ID.

To monitor key rollover progress

The key rollover process is complex and it takes time for new keys to be certified by the server and then added to your ID file. If you know that key rollover has been initiated on your behalf, you can monitor its progress in your ID in the Key Rollover Information dialog box. This dialog box is for informational purposes only.


  1. Click File > Security > User Security (Macintosh OS X users: Notes > Security > User Security).
  2. Click Your Identity > Your Certificates.
  3. Click Other Actions > Show New Public Key Status.
  4. The Key Rollover Information dialog box appears, and provides the following information:
    • information about the current Notes® keys, including key size and creation date
    • the name of the server that issued the new certificates
    • the date on which the new key was copied to the ID file
    • the reason the keys are being updated
    • information about the new keys, including key size and creation date
  5. Click OK to close the dialog box.