Encrypting documents and fields

A document is considered to be encrypted if it is created from a form that contains one or more encrypted fields. Each encrypted field is linked to a key that encrypts the contents of the field. An encryption key can be secret -- that is, a key that you must send to users in order for them to decrypt a field -- or public -- that is, a key that is already in a user's ID file and in the user's Person document where it is publicly available.

Public key and secret key encryption

Notes® uses public key encryption for electronic mail, and Domino® Designer also lets you use public key encryption for encrypting fields in documents. Every user has a unique public key associated with their user name and stored in their user ID. Applications reference the keys by the users' names in a special field called PublicEncryptionKeys. When a document is saved, all the user names in this field are located in the Domino® Directory or the user's personal address book, the corresponding keys are retrieved, and all fields marked with a special property are encrypted with those keys.

Domino® Designer also supports secret key encryption that you can use for encrypting fields in documents. You can create and name secret keys and then distribute the secret keys to users so that they can decrypt the protected data. Secret keys, like public keys, are stored in a user's ID. Applications reference the keys by their names in a special field called SecretEncryptionKeys. When a document is saved, the keys named in this field are retrieved from the user's ID file, and all fields marked with a special property are encrypted with those keys.

CAUTION: Both public and secret keys are stored in your user ID file. Remember to securely back up your ID file each time you add a key.
Note: Web users cannot see encrypted fields with a browser. To see the data, Web users must reopen a document with a Notes® Client or ask the sender for a copy that is not encrypted.

Document encryption

If you are planning to use secret encryption keys rather than encrypting with a public key, create the secret key before you encrypt a document.

You can encrypt documents with keys in several ways:

  • Using public keys. You can encrypt documents with public keys on IDs so that only users with those IDs can read the documents. To do this, you enter one or more names in the Public Encryption keys field on the Security tab in the Document Properties box.
  • Using a form property. Database designers can use a form property to add one or more keys to a form. Every document created with the form will be encrypted using the encryption keys.
  • Using the Database/Document Properties box. Users can use the Database/Document Properties box to encrypt one or more documents with their own encryption keys stored in their ID files. To use the properties box to encrypt documents, the form must contain a field that can be encrypted.
  • Using the SecretEncryptionKeys field. The SecretEncryptionKeys field can contain either the name of a key, which is automatically used to encrypt documents, or the field can be blank, allowing users to assign the encryption key. To encrypt a field with a secret key using either method, users must have it stored in their ID file.

    You can set up forms with text or keyword fields that allow the user to choose whether to encrypt a document. Designers can also hide the SecretEncryptionKeys field so that users cannot see the names of the encryption keys.

Field encryption

A database designer can encrypt fields with secret encryption keys. To decrypt these fields, users must merge the secret encryption keys into their ID files. If the user does not have the required encryption key, the encrypted fields appear blank.